Popup intempestif

startouff56 -  
Powax Messages postés 570 Statut Membre -
Bonjour,
J'ai un petit probleme plutot banale quand je navigue sur internet des popups s'ouvrent toutes les deux minutes ce qui est assez penible !
voici un hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 23:14:20, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {616475A4-49A2-4ED1-92B9-FD81FD9C77A2} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9E610318-62CD-4CA5-B50C-F41849C73598} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: req - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SolidNetWork License Manager - GLOBEtrotter Software Inc. - C:\Program Files\SolidNetWork License Manager\lmgrd.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Configuration: Windows XP
Firefox 2.0.0.12

22 réponses

  • 1
  • 2
  1. Powax Messages postés 570 Statut Membre 92
     
    Bonjour,

    1) Télécharge sur ton bureau Navilog: http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    * Double-clique sur navilog1.exe
    * Dans le menu principal, choisis l'option 1 et valide
    * Poste le rapport sauvegardé à la racine du disque (fixnavi.txt)

    2) Télécharge VundoFix: http://www.atribune.org/ccount/click.php?id=4

    * Double-clique sur VundoFix.exe
    * Clique sur le bouton Scan for Vundo
    * Si le programme te demande de supprimer des fichiers, dis oui
    * Lorsque le programme a fini de scanner ton pc, il doit être éteint, redémarre le.
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt
    0
  2. startouff56
     
    merci d'avoir repondus a mon post ! Mais j'ai laissé navilog plus d'une demie heur sur l'option 1 et il ne finit pas son rapport donc j'ai arrêté le scan dois-je quand même faire le petit 2 de votre réponse (vundofix) ?
    0
    1. Powax Messages postés 570 Statut Membre 92
       
      vui envoie vundofix.

      Puis réessaye navilog ^^
      0
  3. startouff56
     
    voici le rapport vundofix:

    VundoFix V6.3.15

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Scan started at 19:05:14 13/03/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awtqo.dll
    C:\WINDOWS\system32\awtqp.dll
    C:\WINDOWS\system32\awtst.dll
    C:\WINDOWS\system32\awvtt.dll
    C:\WINDOWS\system32\byxxwwv.dll
    C:\WINDOWS\system32\ckhfxpvj.exe
    C:\WINDOWS\system32\ddcbcbx.dll
    C:\WINDOWS\system32\ddcyy.dll
    C:\WINDOWS\system32\gebyy.dll
    C:\WINDOWS\system32\hggdeby.dll
    C:\WINDOWS\system32\hhrkfhdc.exe
    C:\WINDOWS\system32\hjkmp.ini2
    C:\WINDOWS\system32\hjkmp.tmp
    C:\WINDOWS\system32\jkhhe.dll
    C:\WINDOWS\system32\mljgg.dll
    C:\WINDOWS\system32\pdyuweee.dll
    C:\WINDOWS\system32\pmkhi.dll
    C:\WINDOWS\system32\pmkjh.dll
    C:\WINDOWS\system32\pmnli.dll
    C:\WINDOWS\system32\pmnnk.dll
    C:\WINDOWS\system32\pmnno.dll
    C:\WINDOWS\system32\qrpgmoeq.dll
    C:\WINDOWS\system32\qrutv.ini
    C:\WINDOWS\system32\qrutv.tmp
    C:\WINDOWS\system32\sstqn.dll
    C:\WINDOWS\system32\sstts.dll
    C:\WINDOWS\system32\sttss.bak1
    C:\WINDOWS\system32\sttss.bak2
    C:\WINDOWS\system32\sttss.ini
    C:\WINDOWS\system32\vturq.dll
    C:\WINDOWS\system32\yiitholc.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awtqo.dll
    C:\WINDOWS\system32\awtqo.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\awtqp.dll
    C:\WINDOWS\system32\awtqp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\awtst.dll
    C:\WINDOWS\system32\awtst.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\awvtt.dll
    C:\WINDOWS\system32\awvtt.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\byxxwwv.dll
    C:\WINDOWS\system32\byxxwwv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ckhfxpvj.exe
    C:\WINDOWS\system32\ckhfxpvj.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ddcbcbx.dll
    C:\WINDOWS\system32\ddcbcbx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ddcyy.dll
    C:\WINDOWS\system32\ddcyy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebyy.dll
    C:\WINDOWS\system32\gebyy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hggdeby.dll
    C:\WINDOWS\system32\hggdeby.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hhrkfhdc.exe
    C:\WINDOWS\system32\hhrkfhdc.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hjkmp.ini2
    C:\WINDOWS\system32\hjkmp.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hjkmp.tmp
    C:\WINDOWS\system32\hjkmp.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkhhe.dll
    C:\WINDOWS\system32\jkhhe.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljgg.dll
    C:\WINDOWS\system32\mljgg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pdyuweee.dll
    C:\WINDOWS\system32\pdyuweee.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmkhi.dll
    C:\WINDOWS\system32\pmkhi.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmkjh.dll
    C:\WINDOWS\system32\pmkjh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnli.dll
    C:\WINDOWS\system32\pmnli.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnnk.dll
    C:\WINDOWS\system32\pmnnk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnno.dll
    C:\WINDOWS\system32\pmnno.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qrpgmoeq.dll
    C:\WINDOWS\system32\qrpgmoeq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qrutv.ini
    C:\WINDOWS\system32\qrutv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qrutv.tmp
    C:\WINDOWS\system32\qrutv.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\sstqn.dll
    C:\WINDOWS\system32\sstqn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\sstts.dll
    C:\WINDOWS\system32\sstts.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\sttss.bak1
    C:\WINDOWS\system32\sttss.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\sttss.bak2
    C:\WINDOWS\system32\sttss.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\sttss.ini
    C:\WINDOWS\system32\sttss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vturq.dll
    C:\WINDOWS\system32\vturq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yiitholc.exe
    C:\WINDOWS\system32\yiitholc.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Beginning removal...

    VundoFix V6.7.8

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 18:51:33 18/02/2008

    Listing files found while scanning....

    No infected files were found.
    0
  4. Powax Messages postés 570 Statut Membre 92
     
    Hello !

    Wahou, il a bien bossé !! ^^

    * Ouvre Hijackthis, choisis "do a scan only"

    Coche la case devant les lignes:
    O2 - BHO: (no name) - {616475A4-49A2-4ED1-92B9-FD81FD9C77A2} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {9E610318-62CD-4CA5-B50C-F41849C73598} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    Ferme toutes les autres fenêtres actives et clique sur "Fix checked"

    * Tu as réessayé Navilog ? Eventuellement, désinstalle-le via Ajout/Suppression de programmes puis réinstalle ;o)

    * Puis poste un dernier rapport HiJack pour vérification stp.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. startouff56
     
    Navilog ne marche toujours pas bizarre ! apres avoir téléchargé linstaler je l'ai laissé sur mon bureau dois je le mettre sur le lecteur C ou autre ?? Voici le rapport hijack après la manip que tu m'as demandé:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:34:18, on 19/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
    C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: req - C:\WINDOWS\
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SolidNetWork License Manager - GLOBEtrotter Software Inc. - C:\Program Files\SolidNetWork License Manager\lmgrd.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    0
  7. startouff56
     
    rapport AVG :

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 18:26:33 19/02/2008

    + Résultat de l'analyse:

    C:\QooBox\Quarantine\C\WINDOWS\mrofinu1148.exe.vir -> Downloader.Agent.hql : Aucune action entreprise.
    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP678\A0217977.exe -> Downloader.Agent.hql : Aucune action entreprise.
    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP678\A0218016.exe -> Downloader.Agent.hql : Aucune action entreprise.
    C:\WINDOWS\17PHolmes1148.exe -> Downloader.Agent.hql : Aucune action entreprise.
    C:\WINDOWS\mrofinu1148.exe.tmp -> Downloader.Agent.hql : Aucune action entreprise.
    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP680\A0218285.EXE -> Not-A-Virus.Downloader.Win32.Url2File.a : Aucune action entreprise.
    :mozilla.387:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
    :mozilla.388:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
    :mozilla.389:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
    :mozilla.169:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
    :mozilla.170:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
    :mozilla.229:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
    :mozilla.284:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
    :mozilla.396:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
    C:\Documents and Settings\thomas\Cookies\thomas@2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
    :mozilla.279:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
    :mozilla.280:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
    :mozilla.182:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
    :mozilla.20:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
    :mozilla.21:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
    :mozilla.22:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
    :mozilla.23:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
    :mozilla.24:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
    C:\Documents and Settings\thomas\Cookies\thomas@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise.
    :mozilla.110:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
    C:\Documents and Settings\thomas\Cookies\thomas@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
    :mozilla.94:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
    C:\Documents and Settings\thomas\Cookies\thomas@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
    :mozilla.421:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
    C:\Documents and Settings\thomas\Cookies\thomas@casinotropez[1].txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
    C:\Documents and Settings\thomas\Cookies\thomas@www.casinotropez[1].txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
    :mozilla.184:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
    :mozilla.185:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
    :mozilla.186:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
    :mozilla.11:C:\Documents and Settings\chloe\Application Data\Mozilla\Firefox\Profiles\sxcmgt2u.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
    :mozilla.53:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
    C:\Documents and Settings\thomas\Cookies\thomas@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
    :mozilla.73:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
    :mozilla.285:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
    :mozilla.286:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
    :mozilla.287:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
    :mozilla.288:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
    :mozilla.289:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
    :mozilla.205:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
    :mozilla.206:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
    :mozilla.207:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
    C:\Documents and Settings\thomas\Cookies\thomas@fastclick[1].txt -> TrackingCookie.Fastclick : Aucune action entreprise.
    :mozilla.314:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
    :mozilla.399:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
    :mozilla.417:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
    :mozilla.122:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
    :mozilla.123:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
    :mozilla.124:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
    :mozilla.164:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
    :mozilla.341:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
    :mozilla.59:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
    :mozilla.61:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
    :mozilla.10:C:\Documents and Settings\chloe\Application Data\Mozilla\Firefox\Profiles\sxcmgt2u.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
    :mozilla.168:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
    :mozilla.36:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
    :mozilla.242:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Realmedia : Aucune action entreprise.
    :mozilla.243:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Realmedia : Aucune action entreprise.
    :mozilla.343:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
    :mozilla.272:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    :mozilla.273:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    :mozilla.274:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    :mozilla.275:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    :mozilla.276:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    :mozilla.277:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    :mozilla.278:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    :mozilla.79:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
    :mozilla.80:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
    :mozilla.81:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
    :mozilla.82:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
    C:\Documents and Settings\thomas\Cookies\thomas@smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
    :mozilla.139:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
    :mozilla.62:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tacoda : Aucune action entreprise.
    :mozilla.63:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tacoda : Aucune action entreprise.
    :mozilla.64:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tacoda : Aucune action entreprise.
    :mozilla.65:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tacoda : Aucune action entreprise.
    :mozilla.66:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tacoda : Aucune action entreprise.
    :mozilla.67:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tacoda : Aucune action entreprise.
    :mozilla.31:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
    :mozilla.32:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
    :mozilla.33:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
    :mozilla.34:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
    :mozilla.35:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
    C:\Documents and Settings\thomas\Cookies\thomas@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
    :mozilla.84:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
    :mozilla.85:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
    :mozilla.86:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
    :mozilla.107:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
    C:\Documents and Settings\thomas\Cookies\thomas@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
    :mozilla.245:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
    :mozilla.246:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
    :mozilla.247:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
    :mozilla.248:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
    :mozilla.249:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
    :mozilla.344:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
    :mozilla.345:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
    :mozilla.346:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
    :mozilla.347:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
    C:\QooBox\Quarantine\C\Program Files\Temporary\kernInst.exe.vir -> Trojan.Agent.dwb : Aucune action entreprise.
    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP678\A0218017.exe -> Trojan.Agent.dwb : Aucune action entreprise.
    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP678\A0217968.com -> Trojan.Agent.dwd : Aucune action entreprise.

    Fin du rapport
    0
  8. Powax Messages postés 570 Statut Membre 92
     
    Bonjour,

    désolé, j'avais oublié qq instructions:

    * lance AVG Anti-Spyware et clique sur le bouton "Mise à jour". Patiente...

    Si les mises a jours ne se font pas, elles sont telechargeables ici :

    http://downloads.ewido.net/avgas-signatures-full-current.exe

    -> Sur la page "analyse":

    choisis d'abord l'onglet "paramètres"

    Sous « Comment réagir » clique sur « Actions recommandées » et dans le menu déroulant, choisis « Supprimer »

    -> Lance le scan (c´est long...)

    -> A la fin du scan, copie-colle le rapport ici.
    0
  9. startouff56
     
    A la suite du scan d'hier j'ai supprimé toutes les petites choses que avg venait de trouver ! est ce que je dois quand meme faire ce que tu me demande ?
    0
    1. Powax Messages postés 570 Statut Membre 92
       
      ? ben ça se voit pas dans le rapport !

      D'où je te demandais de modifier l'action à prendre.

      1) Télécharge Combofix.exe sur ton Bureau: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

      * Déconnecte-toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
      * Double clique sur Combofix.exe
      * Mets le en langue française F
      * Tape sur la touche 1 (Yes) pour démarrer le scan
      * Lorsque le scan sera terminé, un rapport apparaîtra
      * Poste le rapport sauvegardé: C:\Combofix.txt

      2) Poste un nouveau rapport HiJack
      0
  10. startouff56
     
    voici le rapport combofix puis je vais posté le hijack:

    ComboFix 08-02-20.2 - thomas 2008-02-20 10:34:55.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.121 [GMT 1:00]
    Endroit: C:\Documents and Settings\thomas\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\Documents and Settings\thomas\Local Settings\Application Data\wxiiyz.dat
    C:\Documents and Settings\thomas\Local Settings\Application Data\wxiiyz.exe
    c:\Documents and Settings\thomas\Local Settings\Application Data\wxiiyz_nav.dat
    C:\Documents and Settings\thomas\Local Settings\Application Data\wxiiyz_navps.dat
    C:\WINDOWS\system32\nvs2.inf

    ----- BITS: Possible sites infectés -----

    hxxp://au.download.windowsupdate
    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-19 22:09 . 2008-02-19 22:17 <REP> d-------- C:\Documents and Settings\thomas\dwhelper
    2008-02-19 12:37 . 2008-02-19 12:37 <REP> d-------- C:\Program Files\Navilog1
    2008-02-19 12:31 . 2008-02-19 12:31 <REP> d-------- C:\backups
    2008-02-13 18:17 . 2008-02-13 18:18 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-02-06 18:24 . 2008-02-06 18:24 <REP> d-------- C:\Program Files\LucasArts
    2008-01-24 23:23 . 2008-01-24 23:23 <REP> d-------- C:\Documents and Settings\thomas\Application Data\EDrawings
    2008-01-24 23:22 . 2008-01-24 23:22 <REP> d-------- C:\Program Files\Fichiers communs\SolidWorks Shared
    2008-01-24 23:22 . 2008-01-24 23:22 0 --a------ C:\WINDOWS\eDrawingOfficeAutomator.INI
    2008-01-24 23:21 . 2008-01-24 23:21 <REP> d-------- C:\Program Files\Fichiers communs\eDrawings2008

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-20 09:32 108,611 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
    2008-02-20 08:28 --------- d-----w C:\Program Files\SolidNetWork License Manager
    2008-02-19 13:42 --------- d-----w C:\Program Files\Apple Software Update
    2008-02-16 20:15 --------- d-----w C:\Program Files\DivX
    2008-02-16 18:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-16 18:57 --------- d-----w C:\Program Files\MSN Messenger
    2008-02-10 18:53 --------- d-----w C:\Documents and Settings\thomas\Application Data\Canon
    2008-02-10 17:27 11,176 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
    2008-02-03 16:13 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\DivX
    2008-01-30 17:04 154 ----a-w C:\Documents and Settings\chloe\Application Data\wklnhst.dat
    2008-01-25 18:02 --------- d-----w C:\Documents and Settings\catherine\Application Data\Canon
    2008-01-17 20:38 --------- d-----w C:\Program Files\Dot1XCfg
    2008-01-13 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-04 12:02 --------- d-----w C:\Program Files\LimeWire
    2007-12-25 16:38 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Canon
    2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-03-01 19:56 384 ----a-w C:\Documents and Settings\thomas\Application Data\internaldb6334.dat
    2007-03-01 17:57 194 ----a-w C:\Documents and Settings\thomas\Application Data\internaldb8467.dat
    2007-03-01 17:57 18,432 ----a-w C:\Documents and Settings\thomas\Application Data\internaldb41.dat
    2007-01-14 19:31 7,922 ----a-w C:\Documents and Settings\thomas\Application Data\wklnhst.dat
    2006-08-04 19:10 1 ----a-w C:\Documents and Settings\thomas\SI.bin
    2006-01-09 15:17 62,752 ----a-w C:\Documents and Settings\thomas\Application Data\GDIPFONTCACHEV1.DAT
    2005-06-28 19:17 1,898 ----a-w C:\Documents and Settings\catherine\Application Data\wklnhst.dat
    2005-01-22 12:07 62,368 ----a-w C:\Documents and Settings\catherine\Application Data\GDIPFONTCACHEV1.DAT
    2004-12-27 07:33 0 ----a-w C:\Documents and Settings\hugo\Application Data\wklnhst.dat
    2007-03-13 16:26 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [2006-09-16 10:24 155896]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 18:00 15360]
    "Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe" [2004-01-02 00:55 159744]
    "Orange Desktop Search"="C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" [2006-11-02 15:08 4937512]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 12:00 204800]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 23:04 52736]
    "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 01:53 49152]
    "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-08 01:43 659456]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 03:02 61440]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-15 03:43 233472]
    "SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-05-20 16:47 249856]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-07-02 01:58 73728 C:\WINDOWS\SOUNDMAN.EXE]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-25 03:10 339968]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 23:57 81920]
    "AlcWzrd"="ALCWZRD.EXE" [2004-07-06 08:05 2550272 C:\WINDOWS\ALCWZRD.EXE]
    "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 17:49 50688]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52 221184]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-07-06 10:56 180269]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 17:44 271672]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-05 22:11 866584]
    "ORAHSSStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" [2007-01-04 10:40 462848]
    "SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2007-01-04 10:45 90112]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 12:16 185896]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45 75304]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 12:31:38 241664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\req]

    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21]
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21]
    R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    S2 SolidNetWork License Manager;SolidNetWork License Manager;C:\Program Files\SolidNetWork License Manager\lmgrd.exe [2001-10-05 08:20]
    S3 PWIPENUM;PWIPENUM;C:\Program Files\Panicware\Pop-Up Stopper Anti-Spyware\PWIPENUM.SYS []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-19 13:42:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-02-01 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    "2008-02-20 08:31:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-20 10:41:12
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-20 10:44:32
    ComboFix-quarantined-files.txt 2008-02-20 09:44:26
    ComboFix2.txt 2008-01-19 21:02:10
    .
    2008-02-20 08:37:32 --- E O F ---
    0
  11. startouff56
     
    voici le hijack :

    Logfile of HijackThis v1.99.1
    Scan saved at 10:48, on 2008-02-20
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
    C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: req - C:\WINDOWS\
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SolidNetWork License Manager - GLOBEtrotter Software Inc. - C:\Program Files\SolidNetWork License Manager\lmgrd.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    0
  12. Powax Messages postés 570 Statut Membre 92
     
    Télécharge: http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    * Exécute-le, double-clic sur Smitfraudfix.cmd, choisis l’option 1

    * Il va générer un rapport : copie/colle son contenu
    0
  13. startouff56
     
    rapport smitfraudfix :

    SmitFraudFix v2.292

    Rapport fait à 11:03:22.67, 2008-02-20
    Executé à partir de C:\Documents and Settings\thomas\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
    C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\thomas

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\thomas\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\thomas\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CS2\Services\Tcpip\..\{B043D92F-55D6-4093-9BE3-A6615FE1F4E7}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  14. Powax Messages postés 570 Statut Membre 92
     
    Fais une analyse BitDefender à partir d'IE: https://www.bitdefender.fr/

    (bouton "BitDefender scan online dans la colonne de gauche)

    Poste le rapport
    0
  15. startouff56
     
    Rapport bitdefender:

    BitDefender Online Scanner

    Scan report generated at: Wed, Feb 20, 2008 - 13:31:13

    Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;

    Statistics

    Time

    01:48:32

    Files

    520564

    Folders

    11746

    Boot Sectors

    3

    Archives

    18596

    Packed Files

    30465

    Results

    Identified Viruses

    3

    Infected Files

    70

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    70

    Engines Info

    Virus Definitions

    982364

    Engine build

    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins

    16

    Archive plugins

    41

    Unpack plugins

    7

    E-mail plugins

    6

    System plugins

    5

    Scan Settings

    First Action

    Désinfecté

    Second Action

    Supprimé

    Heuristics

    Oui

    Enable Warnings

    Oui

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Oui

    Scan Archives

    Oui

    Scan Packed

    Oui

    Scan Files

    Oui

    Scan Boot

    Oui

    Scanned File

    Status

    C:\Documents and Settings\thomas\Incomplete\install.exe

    Infecté par: Trojan.Vundo.AE

    C:\Documents and Settings\thomas\Incomplete\install.exe

    Echec de la désinfection

    C:\Documents and Settings\thomas\Incomplete\install.exe

    Supprimé

    C:\Documents and Settings\thomas\Mes documents\Mes archives de conversations\Ma musique\01 Track 1.wma

    Infecté par: Trojan.Downloader.Wma.Wimad.K

    C:\Documents and Settings\thomas\Mes documents\Mes archives de conversations\Ma musique\01 Track 1.wma

    Supprimé

    C:\Documents and Settings\thomas\Mes documents\Mes archives de conversations\Ma musique\03 Track 3.wma

    Infecté par: Trojan.Downloader.Wma.Wimad.K

    C:\Documents and Settings\thomas\Mes documents\Mes archives de conversations\Ma musique\03 Track 3.wma

    Supprimé

    C:\Program Files\Mozilla Firefox\absqxw.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\absqxw.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\absqxw.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\adbodz.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\adbodz.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\adbodz.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\aovypr.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\aovypr.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\aovypr.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\bchcpu.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\bchcpu.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\bchcpu.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\ckxiqr.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\ckxiqr.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\ckxiqr.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\cmsouq.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\cmsouq.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\cmsouq.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\dysmsh.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\dysmsh.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\dysmsh.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\fqulpn.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\fqulpn.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\fqulpn.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\gjgzea.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\gjgzea.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\gjgzea.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\ijxulx.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\ijxulx.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\ijxulx.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\ikjroz.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\ikjroz.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\ikjroz.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\kycbpb.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\kycbpb.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\kycbpb.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\opamjw.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\opamjw.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\opamjw.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\palwhy.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\palwhy.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\palwhy.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\plwucd.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\plwucd.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\plwucd.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\rjejmi.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\rjejmi.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\rjejmi.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\rqwikj.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\rqwikj.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\rqwikj.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\rvruis.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\rvruis.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\rvruis.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\sufymd.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\sufymd.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\sufymd.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\swptuc.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\swptuc.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\swptuc.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\tghrpn.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\tghrpn.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\tghrpn.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\uckkxc.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\uckkxc.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\uckkxc.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\ueubhh.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\ueubhh.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\ueubhh.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\vleinl.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\vleinl.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\vleinl.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\wnptvi.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\wnptvi.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\wnptvi.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\wqyxpm.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\wqyxpm.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\wqyxpm.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\xgxaus.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\xgxaus.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\xgxaus.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\xsntcy.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\xsntcy.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\xsntcy.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\xuvhqr.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\xuvhqr.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\xuvhqr.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\xwjqve.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\xwjqve.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\xwjqve.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\yandzm.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\yandzm.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\yandzm.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\zikgin.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\zikgin.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\zikgin.exe

    Supprimé

    C:\Program Files\Mozilla Firefox\zuoame.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\Program Files\Mozilla Firefox\zuoame.exe

    Echec de la désinfection

    C:\Program Files\Mozilla Firefox\zuoame.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224755.exe

    Infecté par: Trojan.Vundo.AE

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224755.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224755.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224757.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224757.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224757.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224758.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224758.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224758.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224759.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224759.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224759.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224760.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224760.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224760.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224761.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224761.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224761.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224762.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224762.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224762.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224763.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224763.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224763.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224764.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224764.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224764.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224765.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224765.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224765.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224766.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224766.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224766.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224767.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224767.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224767.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224768.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224768.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224768.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224769.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224769.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224769.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224770.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224770.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224770.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224771.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224771.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224771.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224772.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224772.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224772.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224773.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224773.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224773.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224774.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224774.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224774.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224775.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224775.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224775.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224776.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224776.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224776.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224777.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224777.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224777.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224778.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224778.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224778.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224779.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224779.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224779.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224780.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224780.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224780.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224781.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224781.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224781.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224782.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224782.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224782.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224783.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224783.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224783.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224784.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224784.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224784.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224785.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224785.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224785.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224786.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224786.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224786.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224787.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224787.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224787.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224788.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224788.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224788.exe

    Supprimé

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224789.exe

    Infecté par: Backdoor.Sdbot.DFEO

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224789.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224789.exe

    Supprimé

    C:\WINDOWS\Installer\296f22.msp=>(Embedded CAB)

    Nettoyé

    C:\WINDOWS\Installer\296f22.msp=>(Embedded CAB)=>WINWORD.EXE

    Nettoyé
    0
  16. Powax Messages postés 570 Statut Membre 92
     
    ok, poste un dernier rapport HiJack stp
    0
  17. startouff56
     
    voila :

    Logfile of HijackThis v1.99.1
    Scan saved at 15:03, on 2008-02-20
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
    C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\OrangeHSS\systray\systrayapp.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: req - C:\WINDOWS\
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SolidNetWork License Manager - GLOBEtrotter Software Inc. - C:\Program Files\SolidNetWork License Manager\lmgrd.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    0
  18. Powax Messages postés 570 Statut Membre 92
     
    Ouvre Hijackthis, choisis "do a scan only"

    Coche la case devant les lignes:
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O20 - Winlogon Notify: req - C:\WINDOWS\
    Ferme toutes les autres fenêtres actives et clique sur "Fix checked"
    0
  19. startouff56
     
    OK c'est fait je te poste un nouveau rapport hijackthis ??
    0
  20. Powax Messages postés 570 Statut Membre 92
     
    oui stp :o)
    0
  • 1
  • 2