[VIRUS] your privacy is in danger

Résolu
Nouss93 Messages postés 16 Statut Membre -  
^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour à tous,

Mon ordinateur est affreusement lent depuis quelques heures et "your privacy is in danger" apparait en fond d'écran. Des pubs pour des antivirus apparraisse aussi toutes les 2 minutes et etc.. J'ai lu sur ce forum et donc je sais que c'est un virus^^. Ce qu'il me manque c'est la marche à suivre!
Merci d"avance ;)
Configuration: Windows XP
Firefox 2.0.0.4

31 réponses

  • 1
  • 2
  1. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Salut

    Ton PC est vérolé encore

    J'étais absente

    Télécharge SmitfraudFix
    Utilitaire de S!Ri: Moe et balltrap34
    http://siri.urz.free.fr/Fix/SmitfraudFix.php
    et télécharge SmitfraudFix.exe.

    Regarde le tuto

    Exécute le en choisissant l’option 5
    il va générer un rapport
    Copie/colle le sur le poste stp.

    Bon courage
    A++
    2
  2. Laurent2709 Messages postés 917 Statut Contributeur 100
     
    Bon, tu as téléchargé les logiciels? Si oui, tu vas me faire le plaisir de faire un scan avec AVG anti-rootkit, ensuite avec spybot et Windows Defender. Tu m'enverras le log Hijackthis en premier, puis télécharge également CCleaner
    1
  3. Laurent2709 Messages postés 917 Statut Contributeur 100
     
    C'est un fond d'écran rouge avec un signe virus qui coule comme si on le saignait, c'est ça?
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. Nouss93 Messages postés 16 Statut Membre
     
    oui oui exactement.. merci pr ton aide, qu'est-ce que je dois faire ?
    0
  6. Laurent2709 Messages postés 917 Statut Contributeur 100
     
    Alors?
    0
  7. Nouss93 Messages postés 16 Statut Membre
     
    Re,
    voila pour hijackthis :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:10:12, on 18/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Menara\dslmon.exe
    C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
    C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\panda software\panda antivirus 2007\WebProxy.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: GNX Rolex - {864C6115-9FB8-46F9-9E8C-157F4F6FCCA3} - C:\WINDOWS\drnpfdxrqv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: etlrlws - {FD858878-29E2-4129-831C-06A61C344E15} - C:\WINDOWS\etlrlws.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{B21ED40A-2259-48BC-941E-68D2DA720260}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x040c"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Okayprocbirdbuild] C:\Documents and Settings\All Users\Application Data\drive hope okay proc\Knobshim.exe
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [Readme download] C:\DOCUME~1\ADMINI~1\APPLIC~1\SHOWPR~1\HopeTick.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?d82a11dabd1e4ba99ce7a5ca3de90f1f
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?d82a11dabd1e4ba99ce7a5ca3de90f1f
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader2.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2DC359AF-C5B7-4F06-A413-F3CD6C2029DC}: NameServer = 85.255.116.135,85.255.112.65
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D41810FB-EDC4-4EA0-B755-7CA70A848F27}: NameServer = 85.255.116.135,85.255.112.65
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.135 85.255.112.65
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2DC359AF-C5B7-4F06-A413-F3CD6C2029DC}: NameServer = 85.255.116.135,85.255.112.65
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.135 85.255.112.65
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2DC359AF-C5B7-4F06-A413-F3CD6C2029DC}: NameServer = 85.255.116.135,85.255.112.65
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.135 85.255.112.65
    O21 - SSODL: altvxvm - {91D6A63B-3FAF-457F-8FEB-CE8DF73B1E67} - C:\WINDOWS\altvxvm.dll
    O21 - SSODL: bokpkov - {57A712EA-2C1B-49D0-AF6C-C7AF5B700E35} - C:\WINDOWS\bokpkov.dll
    O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
    0
  8. Laurent2709 Messages postés 917 Statut Contributeur 100
     
    Fais "do a system scan" puis coche cette ligne O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
    pour pouvoir changer le fond d'écran

    Fais tout ça avec ces lignes là aussi

    O17 - HKLM\System\CCS\Services\Tcpip\..\{2DC359AF-C5B7-4F06-A413-F3CD6C2029DC}: NameServer = 85.255.116.135,85.255.112.65

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D41810FB-EDC4-4EA0-B755-7CA70A848F27}: NameServer = 85.255.116.135,85.255.112.65

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.135 85.255.112.65

    O17 - HKLM\System\CS1\Services\Tcpip\..\{2DC359AF-C5B7-4F06-A413-F3CD6C2029DC}: NameServer = 85.255.116.135,85.255.112.65

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.135 85.255.112.65

    O17 - HKLM\System\CS2\Services\Tcpip\..\{2DC359AF-C5B7-4F06-A413-F3CD6C2029DC}: NameServer = 85.255.116.135,85.255.112.65

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.135 85.255.112.65

    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    0
  9. Laurent2709 Messages postés 917 Statut Contributeur 100
     
    Après avoir coché les fichiers, clique sur fix checked
    0
  10. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    SLt

    La suppression de lignes NE supprimera PAS l'infection

    L'internaute navigue SANS protections

    1°/ Infection Wareout
    # Télécharger FixWareout sur le bureau : http://downloads.subratam.org/Fixwareout.exe
    # Lancer le fix : cliquer sur Next, puis Install, s’assurer que l’option Run fixit est activée puis cliquer sur Finish.
    # Il sera demandé ensuite de redémarrer l’ordinateur : redémarrer le.
    # Si le système met un peu plus de temps au démarrage, c'est normal.
    # Le contenu du rapport qui s'affichera à l'écran sera enregistrai dans un fichier nommé report.txt., poste la

    2°/ Spyware HotBar/ShopperReports
    Télécharge BTFix 1.017 (de bibi26)
    http://cluster1.easy-hebergement.net/
    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/40698.html

    * Décompresse l'archive sur ton Bureau (Clique-Droit/Extraire tout).
    * Ouvre le dossier BTFix
    * Double clique sur BTFix.exe
    * Clique sur Rechercher
    * Un rapport va apparaître, copie/colle-le dans ta prochaine réponse

    Tuto
    https://leblogdeclaude.blogspot.com/2007/10/procdure-btfix.html

    0
  11. Laurent2709 Messages postés 917 Statut Contributeur 100
     
    Heu, il a un peu Panda Antivirus
    0
    1. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
       
      Il n'est pas actif
      0
  12. Nouss93 Messages postés 16 Statut Membre
     
    Salut Marie, et merci !
    1/Username "Administrateur" - 19/03/2008 20:45:38 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check
    HKLM\SOFTWARE\~\Winlogon\ "System"="kdqxl.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    "nameserver"="85.255.116.135 85.255.112.65" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2DC359AF-C5B7-4F06-A413-F3CD6C2029DC}
    "nameserver"="85.255.116.135,85.255.112.65" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D41810FB-EDC4-4EA0-B755-7CA70A848F27}
    "nameserver"="85.255.116.135,85.255.112.65" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{37B23F7B-B40F-49BF-8635-8A18EB135066}
    "DhcpNameServer"="85.255.116.135,85.255.112.65" <Value cleared.

    Cache de résolution DNS vidé.

    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "system"="kdqxl.exe"
    ....
    ....
    ~~~~~ Misc files.
    ....
    ~~~~~ Checking for older varients.
    ....

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "DrvLsnr"="C:\\Program Files\\Analog Devices\\SoundMAX\\DrvLsnr.exe"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
    "LanzarL2007"="\"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\{B21ED40A-2259-48BC-941E-68D2DA720260}\\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\\..\\..\\L2007tmp\\Setup.exe\" /SETUP:\"/l0x040c\""
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "Okayprocbirdbuild"="C:\\Documents and Settings\\All Users\\Application Data\\drive hope okay proc\\Knobshim.exe"
    "APVXDWIN"="\"C:\\Program Files\\Panda Software\\Panda Antivirus 2007\\APVXDWIN.EXE\" /s"
    "PSPVideo9"="C:\\Program Files\\pspvideo9\\pspVideo9.exe -t"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
    "BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
    "Readme download"="C:\\DOCUME~1\\ADMINI~1\\APPLIC~1\\SHOWPR~1\\HopeTick.exe"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Veoh"="\"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe\" /VeohHide"
    "DAEMON Tools Lite"="\"C:\\Program Files\\DAEMON Tools Lite\\daemon.exe\" -autorun"
    "amva"="C:\\WINDOWS\\system32\\amvo.exe"
    "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
    "eMuleAutoStart"="C:\\Program Files\\eMule\\emule.exe -AutoStart"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    ~~~~~ End report ~~~~~

    2/ BTFix 1.088 (par bibi26) - 19/03/2008 20:58:39 - Analyse
    Lancé depuis C:\Documents and Settings\Administrateur\Bureau\BTFix\BTFix\BTFix.exe

    ---> Fichiers/Dossiers trouvés

    - C:\Program Files\ShoppingReport\
    - C:\Program Files\AskPBar\
    - C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\

    ---> Analyse terminée

    Merci encore, j'ai limpression que c'est un peu cours, non ? bref, a toi de voir !
    0
  13. Nouss93 Messages postés 16 Statut Membre
     
    un petit UP.. :(
    0
  14. Nouss93 Messages postés 16 Statut Membre
     
    Re, il ne me sort que sa avec BTFix :
    BTFix 1.088 (par bibi26) - 20/03/2008 20:05:53 - Analyse
    Lancé depuis C:\Documents and Settings\Administrateur\Bureau\BTFix\BTFix\BTFix.exe

    ---> Fichiers/Dossiers trouvés

    - C:\Program Files\ShoppingReport\
    - C:\Program Files\AskPBar\
    - C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\

    ---> Analyse terminée

    LOG HICHTHIS :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:07:57, on 20/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
    C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Menara\dslmon.exe
    C:\WINDOWS\System32\alg.exe
    c:\program files\panda software\panda antivirus 2007\WebProxy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: GNX Rolex - {864C6115-9FB8-46F9-9E8C-157F4F6FCCA3} - C:\WINDOWS\drnpfdxrqv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: etlrlws - {FD858878-29E2-4129-831C-06A61C344E15} - C:\WINDOWS\etlrlws.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{B21ED40A-2259-48BC-941E-68D2DA720260}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x040c"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Okayprocbirdbuild] C:\Documents and Settings\All Users\Application Data\drive hope okay proc\Knobshim.exe
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [Readme download] C:\DOCUME~1\ADMINI~1\APPLIC~1\SHOWPR~1\HopeTick.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?d82a11dabd1e4ba99ce7a5ca3de90f1f
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?d82a11dabd1e4ba99ce7a5ca3de90f1f
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader2.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2DC359AF-C5B7-4F06-A413-F3CD6C2029DC}: NameServer = 85.255.116.135,85.255.112.65
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D41810FB-EDC4-4EA0-B755-7CA70A848F27}: NameServer = 85.255.116.135,85.255.112.65
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.135 85.255.112.65
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2DC359AF-C5B7-4F06-A413-F3CD6C2029DC}: NameServer = 85.255.116.135,85.255.112.65
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.135 85.255.112.65
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2DC359AF-C5B7-4F06-A413-F3CD6C2029DC}: NameServer = 85.255.116.135,85.255.112.65
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.135 85.255.112.65
    O21 - SSODL: altvxvm - {91D6A63B-3FAF-457F-8FEB-CE8DF73B1E67} - C:\WINDOWS\altvxvm.dll
    O21 - SSODL: bokpkov - {57A712EA-2C1B-49D0-AF6C-C7AF5B700E35} - C:\WINDOWS\bokpkov.dll
    O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
    0
  15. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Re

    [*]Ouvre BTFix.
    [*]Clique sur Nettoyer.
    [*]Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

    Relance le Fixwareout
    0
  16. Nouss93 Messages postés 16 Statut Membre
     
    salut !
    BTFIX :
    BTFix 1.088 (par bibi26) - 21/03/2008 18:23:57 - Nettoyage - Mode normal
    Lancé depuis C:\Documents and Settings\Administrateur\Bureau\BTFix\BTFix\BTFix.exe

    ---> Fichiers/dossiers supprimés (Première passe)

    - Fichiers temporaires effacés
    - C:\Program Files\ShoppingReport\Bin\2.5.0\
    - C:\Program Files\ShoppingReport\Bin\
    - C:\Program Files\ShoppingReport\
    - C:\Program Files\AskPBar\bar\1.bin\
    - C:\Program Files\AskPBar\bar\Cache\
    - C:\Program Files\AskPBar\bar\History\
    - C:\Program Files\AskPBar\bar\Settings\
    - C:\Program Files\AskPBar\bar\
    - C:\Program Files\AskPBar\SrchAstt\1.bin\
    - C:\Program Files\AskPBar\SrchAstt\
    - C:\Program Files\AskPBar\
    - C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\db\
    - C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\dwld\
    - C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\report\
    - C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\res1\
    - C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\
    - C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\

    ---> Nettoyage terminé

    Par contre pour fixewarout, ca reste avec sa :
    C:\fixwareout\FindT\nircmd.exe Files missing...

    je suis dsl si chwi aussi nul en informatique xS
    0
  17. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Salut

    BtFix a bien bossé

    Relance un log hijackthis
    stp
    0
  18. Nouss93 Messages postés 16 Statut Membre
     
    Re, le voila :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:17:48, on 22/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Menara\dslmon.exe
    c:\program files\panda software\panda antivirus 2007\WebProxy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: GNX Rolex - {864C6115-9FB8-46F9-9E8C-157F4F6FCCA3} - C:\WINDOWS\drnpfdxrqv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: etlrlws - {FD858878-29E2-4129-831C-06A61C344E15} - C:\WINDOWS\etlrlws.dll
    O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{B21ED40A-2259-48BC-941E-68D2DA720260}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x040c"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Okayprocbirdbuild] C:\Documents and Settings\All Users\Application Data\drive hope okay proc\Knobshim.exe
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [Readme download] C:\DOCUME~1\ADMINI~1\APPLIC~1\SHOWPR~1\HopeTick.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?d82a11dabd1e4ba99ce7a5ca3de90f1f
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?d82a11dabd1e4ba99ce7a5ca3de90f1f
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader2.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2DC359AF-C5B7-4F06-A413-F3CD6C2029DC}: NameServer = 85.255.116.135,85.255.112.65
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D41810FB-EDC4-4EA0-B755-7CA70A848F27}: NameServer = 85.255.116.135,85.255.112.65
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.135 85.255.112.65
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2DC359AF-C5B7-4F06-A413-F3CD6C2029DC}: NameServer = 85.255.116.135,85.255.112.65
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.135 85.255.112.65
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2DC359AF-C5B7-4F06-A413-F3CD6C2029DC}: NameServer = 85.255.116.135,85.255.112.65
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.135 85.255.112.65
    O21 - SSODL: altvxvm - {91D6A63B-3FAF-457F-8FEB-CE8DF73B1E67} - C:\WINDOWS\altvxvm.dll
    O21 - SSODL: bokpkov - {57A712EA-2C1B-49D0-AF6C-C7AF5B700E35} - C:\WINDOWS\bokpkov.dll
    O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
    0
  19. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Faut refaire Wareout -- pas normal qu'il ne fonctionne pas
    D'autre part tu navigues toujours sans protections

    Télécharge SmitfraudFix
    Utilitaire de S!Ri: Moe et balltrap34
    http://siri.urz.free.fr/Fix/SmitfraudFix.php
    et télécharge SmitfraudFix.exe.

    Regarde le tuto

    Exécute le en choisissant l’option 1,
    il va générer un rapport
    Copie/colle le sur le poste stp.

    Bon courage
    A++
    0
  • 1
  • 2