Bonjour, j'ai télécharger msnfix fait plusieurs scan et le dernier me dit qu'il ne détecte pas l'infection est ce que je suis vraiment débarrasser ou faut il faire autre chose merci a tous

Etre sur d'etre debasser de win32 small-jmh [Résolu]

Réponse 1 / 10

Bob the spaghetti
18 mars 2008 à 20:45

la meilleure maniere ne serait pas de se connecter sur msn, pour voir si tu l'envoies a tous le monde ?

(Au préalable, il faudrait avoir mis une phrase perso "n'ouvrez pas ce que j'envoie" en majuscules)

Réponse 2 / 10

jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
18 mars 2008 à 20:48

salut, pour vérifier fais ceci :

1) Clique ICI pour télécharger le fichier d'installation d'HijackThis :http://www.infos-du-net.com/telecharger/HijackThis,0301-454.html

Enregistre HJTInstall.exe sur ton bureau

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là || C:\Program Files\Trend Micro\HijackThis

Accepte la license en cliquant sur le bouton "I Accept"

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum

Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement

chechealex Messages postés 8 Date d'inscription mardi 18 mars 2008 Statut Membre Dernière intervention 1 mars 2009 2
18 mars 2008 à 21:57

voilà le rapport de hijackthis merci encore pour votre aide

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:49, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Alex\Bureau\gguehxc.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
O3 - Toolbar: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-1a9383f9666bb5bb.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - http://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Réponse 3 / 10

jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
18 mars 2008 à 22:47

-> Relance HijackThis cliques sur « scanner seulement » ou (« do a scan only »),
coche les cases devant ces lignes :

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing)

et ensuite ferme toutes les fenêtres actives autres que HijackThis!, navigateur inclus,
puis clique "Fix checked"( ou « fixer objet »). Ferme HijackThis!

chechealex
19 mars 2008 à 21:02

je viens de faire ce que tu m'as dit si dessus et maintenant qu'est ce qu'il faut que je face??? merci encore

Réponse 4 / 10

jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
19 mars 2008 à 21:06

pour finir fais ce scan:

E - Scan online avec BitDefender

Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X;

la barre anti-popup du SP2 (en haut) va se mettre à clignoter,
clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
Copie/Colle le rapport
http://www.malekal.com/tutorial_BitDefender_AntiSpyware.php
https://kerio.probb.fr/
http://pageperso.aol.fr/rginformatique/mapage/defender.htm

ca risque d'etre un peu long, sois patient .

chechealex
19 mars 2008 à 22:54

j'ai fait le scan avec bitdefender mais comme peux t'on voir le rapport??? je ne parle pas anglais merci

Réponse 5 / 10

jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
19 mars 2008 à 23:00

je t'ai mis les liens :http://www.malekal.com/tutorial_BitDefender_AntiSpyware.php

https://kerio.probb.fr/
http://pageperso.aol.fr/rginformatique/mapage/defender.htm

chechealex
20 mars 2008 à 08:18

ci joint rapport de mon anti virus je t'envoie le reste apres merci

AntiVir PersonalEdition Classic
Report file date: mercredi 19 mars 2008 23:03

Scanning for 1159073 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: FAMILLE-G4L3KU

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 20:17:30
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 20:17:30
ANTIVIR3.VDF : 7.0.3.55 314368 Bytes 19/03/2008 20:17:30
AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 19/03/2008 20:17:30
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 19/03/2008 20:17:31
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 19 mars 2008 23:03

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'msimn.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
Scan process 'Toaster.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
Scan process 'ImApp.exe' - '1' Module(s) have been scanned
Scan process 'ZDWlan.exe' - '1' Module(s) have been scanned
Scan process 'WinCinemaMgr.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Res.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'InCD.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'lxbkbmon.exe' - '1' Module(s) have been scanned
Scan process 'lxbkbmgr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'incdsrv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'G:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '40' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Alex\Bureau\gguehxc.exe.1
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '48568f50.qua'!
Begin scan in 'G:\' <LACIE>

End of the scan: jeudi 20 mars 2008 00:05
Used time: 1:02:01 min

The scan has been done completely.

5069 Scanning directories
128477 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
128476 Files not concerned
1569 Archives were scanned
1 Warnings
0 Notes

chechealex
20 mars 2008 à 12:04

trouve ci joint le rapport de bitdfender merci

BitDefender Log File !!!!!
Product : BitDefender Total Security 2008
Version : BitDefender UIScanner v.11
Log date : 11:58:11 20/03/2008
Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1206010691_1_02.xml

Scan Paths:Path0000: C:\
Path0001: G:\

Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes

Target selection options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :

Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None

Scan engines summaryNumber of virus signatures : 1018017
Archive plugins : 41
Email plugins : 6
Scan plugins : 12
Archive plugins : 41
System plugins : 4
Unpack plugins : 7

Overall scan summaryScanned items : 111925
Infected items : 2
Suspicious items : 0
Resolved items : 2
Individual viruses found : 1
Scanned directories : 5140
Scanned boot sectors : 4
Scanned archives : 2535
Input-output errors : 23
Scan time : 00:01:08:23
Files per second : 27

Scanned processes summaryScanned : 53
Infected : 0

Scanned registry keys summaryScanned : 339
Infected : 0

Scanned cookies summaryScanned : 2
Infected : 0

Remaining issues:Object Name Threat Name Final Status

Resolved issues:Object Name Threat Name Final Status
G:\Recycled\Dg3\hitmanpro2.exe Worm.Generic.9459 Deleted
G:\Recycled\Dg3\downloads\hitmanpro2.pak Worm.Generic.9459 Deleted

Objects that were not scanned:Object Name Reason Final Status
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FaSSt.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FaSSt.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]Ad-Aware SE Default.skn Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]arrow1.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]arrow2.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bck1.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt11.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt12.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt13.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt21.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt22.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt23.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt31.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt32.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt33.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt41.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt42.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt43.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt51.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt52.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt53.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt61.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt62.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]checkbox1.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]checkbox2.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]checkbox3.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]checkbox4.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]defbtn1.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]defbtn2.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]defbtn3.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]glyph1.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]glyph2.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]glyph3.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]glyph4.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]glyph5.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]glyph6.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]glyph7.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]main.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]preview.bmp Password-Protected No action was possible
C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]sprite1.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]Ad-Aware SE Default.skn Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]arrow1.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]arrow2.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bck1.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt11.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt12.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt13.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt21.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt22.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt23.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt31.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt32.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt33.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt41.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt42.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt43.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt51.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt52.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt53.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt61.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt62.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]checkbox1.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]checkbox2.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]checkbox3.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]checkbox4.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]defbtn1.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]defbtn2.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]defbtn3.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]glyph1.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]glyph2.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]glyph3.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]glyph4.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]glyph5.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]glyph6.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]glyph7.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]main.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]preview.bmp Password-Protected No action was possible
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]sprite1.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]Ad-Aware SE Default.skn Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]arrow1.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]arrow2.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bck1.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt11.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt12.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt13.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt21.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt22.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt23.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt31.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt32.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt33.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt41.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt42.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt43.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt51.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt52.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt53.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt61.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt62.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]checkbox1.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]checkbox2.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]checkbox3.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]checkbox4.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]defbtn1.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]defbtn2.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]defbtn3.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]glyph1.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]glyph2.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]glyph3.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]glyph4.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]glyph5.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]glyph6.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]glyph7.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]main.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]preview.bmp Password-Protected No action was possible
G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]sprite1.bmp Password-Protected No action was possible

Réponse 6 / 10

jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
20 mars 2008 à 12:50

antivir a mis le trojan:TR/Trash.Gen en quarantaine ,regarde si tu peux le supprimer .

tu n'as pas suivi mes consignes !! tu as téléchargé l'antivirus bit defender alors que je t'avais demandé de faire un scan en ligne !!

reposte moi un nouveau hijack .

chechealex
20 mars 2008 à 20:38

excuse mais j'ai un peu de mal avec l'anglais en informatique voici le nouveau scan hitjack merci d'etre aussi patient avec moi!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:07, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-1a9383f9666bb5bb.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - http://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Réponse 7 / 10

jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
20 mars 2008 à 20:47

je t'ai demandé post11# si le trojan avait été supprimé ??

ton log hijack a l'air propre mais il te manque un pare-feu et anti-spyware !

pare-feu KERIO:https://forums.cnetfrance.fr

antispyware,prend ces deux la:

*Spybot (gratuit) :
Téléchargement :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
voir demo d utilisation (merci Balltrap)
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm

*Ad-Aware (gratuit)
Téléchargement :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html
Le patch en Français pour Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
Tuto :
http://perso.orange.fr/rginformatique/section%20virus/adawrevid.asf

--Essaye le navigateur Firefox plus sur/sécurisé qu IE

-Téléchargement: http://www.mozilla-europe.org/fr/products/firefox/
-Tutorial pour le sécuriser: https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/

garde explorer pour les mise a jour et les scan en ligne.

Réponse 8 / 10

chechealex
20 mars 2008 à 21:48

oui j'ai suprimée les fichiers qui ete mis en quarantaine chez antivir pas de probleme ils ont ete suprimer
ci joint le scan online bitdefender merci encore pour ton aide

BitDefender Online Scanner

Scan report generated at: Thu, Mar 20, 2008 - 21:42:38

Scan path: C:\;D:\;E:\;

Statistics

Time
00:58:27

Files
112411

Folders
4791

Boot Sectors
2

Archives
2147

Packed Files
8036

Results

Identified Viruses
0

Infected Files
0

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
0

Engines Info

Virus Definitions
1019572

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
41

Unpack plugins
7

E-mail plugins
6

System plugins
5

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

No virus found.

Réponse 9 / 10

jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
20 mars 2008 à 21:54

Results

Identified Viruses==>c'est tout bon !!
0

Maintenant que ton PC n'est plus infecté, désactive ta "Restauration du système" puis réactive la afin de créer un point de restauration sain.

* Désactivation :
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok.

* Activation :
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur..

voila tout et @ jamais !

Réponse 10 / 10

chechealex
20 mars 2008 à 23:01

merci encore tout est nickel j'ai l'impression et oui comme tu me l'a dit j'espere a jamais

Etre sur d'etre debasser de win32 small-jmh

10 réponses

Discussions similaires