Etre sur d'etre debasser de win32 small-jmh

Résolu
chechealex -  
 chechealex -
Bonjour,
j'ai télécharger msnfix fait plusieurs scan et le dernier me dit qu'il ne détecte pas l'infection est ce que je suis vraiment débarrasser ou faut il faire autre chose merci a tous
Configuration: Windows XP
Internet Explorer 7.0

10 réponses

  1. Bob the spaghetti
     
    la meilleure maniere ne serait pas de se connecter sur msn, pour voir si tu l'envoies a tous le monde ?

    (Au préalable, il faudrait avoir mis une phrase perso "n'ouvrez pas ce que j'envoie" en majuscules)
    0
  2. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    salut, pour vérifier fais ceci :

    1) Clique ICI pour télécharger le fichier d'installation d'HijackThis :http://www.infos-du-net.com/telecharger/HijackThis,0301-454.html

    Enregistre HJTInstall.exe sur ton bureau

    Double-clique sur HJTInstall.exe pour lancer le programme

    Par défaut, il s'installera là || C:\Program Files\Trend Micro\HijackThis

    Accepte la license en cliquant sur le bouton "I Accept"

    Choisis l'option "Do a system scan and save a log file"

    Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

    Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

    Colle le rapport que tu viens de copier sur ce forum

    Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
    0
    1. chechealex Messages postés 8 Statut Membre 2
       
      voilà le rapport de hijackthis merci encore pour votre aide


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:50:49, on 18/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
      C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
      C:\ATI-CPanel\atiptaxx.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\USB Disk Win98 Driver\Res.EXE
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\slserv.exe
      C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
      C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
      C:\WINDOWS\System32\svchost.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\PROGRA~1\INCRED~1\bin\ImApp.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      C:\WINDOWS\System32\alg.exe
      C:\PROGRA~1\Wanadoo\Watch.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Alex\Bureau\gguehxc.exe
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
      O3 - Toolbar: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
      O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
      O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
      O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
      O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Gamma Loader.lnk = ?
      O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
      O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
      O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
      O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
      O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
      O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O9 - Extra button: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing)
      O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-1a9383f9666bb5bb.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - http://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
      0
  3. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    -> Relance HijackThis cliques sur « scanner seulement » ou (« do a scan only »),
    coche les cases devant ces lignes :

    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing)


    et ensuite ferme toutes les fenêtres actives autres que HijackThis!, navigateur inclus,
    puis clique "Fix checked"( ou « fixer objet »). Ferme HijackThis!
    0
    1. chechealex
       
      je viens de faire ce que tu m'as dit si dessus et maintenant qu'est ce qu'il faut que je face??? merci encore
      0
  4. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    pour finir fais ce scan:

    E - Scan online avec BitDefender

    Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X;

    la barre anti-popup du SP2 (en haut) va se mettre à clignoter,
    clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
    Une fois qu'il a terminé colle le rapport ici stp
    https://www.bitdefender.com/toolbox/
    Copie/Colle le rapport
    http://www.malekal.com/tutorial_BitDefender_AntiSpyware.php
    https://kerio.probb.fr/
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    ca risque d'etre un peu long, sois patient .
    0
    1. chechealex
       
      j'ai fait le scan avec bitdefender mais comme peux t'on voir le rapport??? je ne parle pas anglais merci
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    je t'ai mis les liens :http://www.malekal.com/tutorial_BitDefender_AntiSpyware.php

    https://kerio.probb.fr/
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm
    0
    1. chechealex
       
      ci joint rapport de mon anti virus je t'envoie le reste apres merci




      AntiVir PersonalEdition Classic
      Report file date: mercredi 19 mars 2008 23:03

      Scanning for 1159073 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Username: SYSTEM
      Computer name: FAMILLE-G4L3KU

      Version information:
      BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
      AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
      AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
      LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
      LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
      ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 20:17:30
      ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 20:17:30
      ANTIVIR3.VDF : 7.0.3.55 314368 Bytes 19/03/2008 20:17:30
      AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 19/03/2008 20:17:30
      AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
      AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
      AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
      AVPACK32.DLL : 7.6.0.3 360488 Bytes 19/03/2008 20:17:31
      AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
      AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
      AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
      NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
      RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
      RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: off
      Scan boot sector.................: on
      Boot sectors.....................: G:,
      Scan memory......................: on
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: mercredi 19 mars 2008 23:03

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'msimn.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'Watch.exe' - '1' Module(s) have been scanned
      Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
      Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
      Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
      Scan process 'Toaster.exe' - '1' Module(s) have been scanned
      Scan process 'ComComp.exe' - '1' Module(s) have been scanned
      Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
      Scan process 'ImApp.exe' - '1' Module(s) have been scanned
      Scan process 'ZDWlan.exe' - '1' Module(s) have been scanned
      Scan process 'WinCinemaMgr.exe' - '1' Module(s) have been scanned
      Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'Res.exe' - '1' Module(s) have been scanned
      Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
      Scan process 'qttask.exe' - '1' Module(s) have been scanned
      Scan process 'InCD.exe' - '1' Module(s) have been scanned
      Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
      Scan process 'lxbkbmon.exe' - '1' Module(s) have been scanned
      Scan process 'lxbkbmgr.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'slserv.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'incdsrv.exe' - '1' Module(s) have been scanned
      Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
      Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
      Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
      Scan process 'ashServ.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      48 processes with 48 modules were scanned

      Start scanning boot sectors:
      Boot sector 'C:\'
      [NOTE] No virus was found!
      Boot sector 'G:\'
      [NOTE] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '40' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\Documents and Settings\Alex\Bureau\gguehxc.exe.1
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [INFO] The file was moved to '48568f50.qua'!
      Begin scan in 'G:\' <LACIE>


      End of the scan: jeudi 20 mars 2008 00:05
      Used time: 1:02:01 min

      The scan has been done completely.

      5069 Scanning directories
      128477 Files were scanned
      1 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
      128476 Files not concerned
      1569 Archives were scanned
      1 Warnings
      0 Notes
      0
    2. chechealex
       
      trouve ci joint le rapport de bitdfender merci

      BitDefender Log File !!!!!
      Product : BitDefender Total Security 2008
      Version : BitDefender UIScanner v.11
      Log date : 11:58:11 20/03/2008
      Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1206010691_1_02.xml

      Scan Paths:Path0000: C:\
      Path0001: G:\


      Scan Options:Scan for viruses : Yes
      Scan for adware : Yes
      Scan for spyware : Yes
      Scan for applications : Yes
      Scan for dialers : Yes
      Scan for rootkits : Yes


      Target selection options:Scan registry keys : Yes
      Scan cookies : Yes
      Scan boot sectors : Yes
      Scan memory processes : Yes
      Scan archives : Yes
      Scan runtime packers : Yes
      Scan emails : Yes
      Scan all files : Yes
      Heuristic Scan : Yes
      Scanned extensions :
      Excluded extensions :


      Target ProcessingDefault action for infected objects : Disinfect
      Default action for suspicious objects : None
      Default action for hidden objects : None


      Scan engines summaryNumber of virus signatures : 1018017
      Archive plugins : 41
      Email plugins : 6
      Scan plugins : 12
      Archive plugins : 41
      System plugins : 4
      Unpack plugins : 7


      Overall scan summaryScanned items : 111925
      Infected items : 2
      Suspicious items : 0
      Resolved items : 2
      Individual viruses found : 1
      Scanned directories : 5140
      Scanned boot sectors : 4
      Scanned archives : 2535
      Input-output errors : 23
      Scan time : 00:01:08:23
      Files per second : 27


      Scanned processes summaryScanned : 53
      Infected : 0


      Scanned registry keys summaryScanned : 339
      Infected : 0


      Scanned cookies summaryScanned : 2
      Infected : 0


      Remaining issues:Object Name Threat Name Final Status


      Resolved issues:Object Name Threat Name Final Status
      G:\Recycled\Dg3\hitmanpro2.exe Worm.Generic.9459 Deleted
      G:\Recycled\Dg3\downloads\hitmanpro2.pak Worm.Generic.9459 Deleted


      Objects that were not scanned:Object Name Reason Final Status
      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FaSSt.zip=]sbRecovery.reg Password-Protected No action was possible
      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FaSSt.zip=]sbRecovery.ini Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]Ad-Aware SE Default.skn Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]arrow1.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]arrow2.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bck1.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt11.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt12.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt13.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt21.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt22.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt23.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt31.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt32.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt33.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt41.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt42.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt43.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt51.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt52.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt53.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt61.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]bt62.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]checkbox1.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]checkbox2.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]checkbox3.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]checkbox4.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]defbtn1.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]defbtn2.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]defbtn3.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]glyph1.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]glyph2.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]glyph3.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]glyph4.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]glyph5.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]glyph6.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]glyph7.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]main.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]preview.bmp Password-Protected No action was possible
      C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe=]wise0021=]sprite1.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]Ad-Aware SE Default.skn Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]arrow1.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]arrow2.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bck1.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt11.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt12.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt13.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt21.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt22.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt23.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt31.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt32.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt33.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt41.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt42.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt43.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt51.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt52.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt53.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt61.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]bt62.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]checkbox1.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]checkbox2.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]checkbox3.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]checkbox4.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]defbtn1.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]defbtn2.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]defbtn3.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]glyph1.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]glyph2.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]glyph3.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]glyph4.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]glyph5.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]glyph6.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]glyph7.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]main.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]preview.bmp Password-Protected No action was possible
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=]sprite1.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]Ad-Aware SE Default.skn Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]arrow1.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]arrow2.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bck1.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt11.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt12.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt13.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt21.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt22.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt23.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt31.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt32.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt33.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt41.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt42.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt43.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt51.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt52.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt53.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt61.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]bt62.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]checkbox1.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]checkbox2.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]checkbox3.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]checkbox4.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]defbtn1.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]defbtn2.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]defbtn3.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]glyph1.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]glyph2.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]glyph3.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]glyph4.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]glyph5.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]glyph6.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]glyph7.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]main.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]preview.bmp Password-Protected No action was possible
      G:\Recycled\Dg3\downloads\aawsepersonal.exe=]wise0021=]sprite1.bmp Password-Protected No action was possible
      0
  7. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    antivir a mis le trojan:TR/Trash.Gen en quarantaine ,regarde si tu peux le supprimer .

    tu n'as pas suivi mes consignes !! tu as téléchargé l'antivirus bit defender alors que je t'avais demandé de faire un scan en ligne !!

    reposte moi un nouveau hijack .
    0
    1. chechealex
       
      excuse mais j'ai un peu de mal avec l'anglais en informatique voici le nouveau scan hitjack merci d'etre aussi patient avec moi!!


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:35:07, on 20/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
      C:\ATI-CPanel\atiptaxx.exe
      C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\USB Disk Win98 Driver\Res.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
      C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\PROGRA~1\INCRED~1\bin\ImApp.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\PROGRA~1\Wanadoo\Watch.exe
      C:\WINDOWS\System32\msiexec.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
      O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
      O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
      O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
      O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Gamma Loader.lnk = ?
      O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
      O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
      O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
      O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
      O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
      O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-1a9383f9666bb5bb.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - http://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
      0
  8. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    je t'ai demandé post11# si le trojan avait été supprimé ??

    ton log hijack a l'air propre mais il te manque un pare-feu et anti-spyware !

    pare-feu KERIO:https://forums.cnetfrance.fr

    antispyware,prend ces deux la:

    *Spybot (gratuit) :
    Téléchargement :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
    voir demo d utilisation (merci Balltrap)
    http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm

    *Ad-Aware (gratuit)
    Téléchargement :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html
    Le patch en Français pour Ad-Aware (gratuit) :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
    Tuto :
    http://perso.orange.fr/rginformatique/section%20virus/adawrevid.asf

    --Essaye le navigateur Firefox plus sur/sécurisé qu IE

    -Téléchargement: http://www.mozilla-europe.org/fr/products/firefox/
    -Tutorial pour le sécuriser: https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/

    garde explorer pour les mise a jour et les scan en ligne.

    0
  9. chechealex
     
    oui j'ai suprimée les fichiers qui ete mis en quarantaine chez antivir pas de probleme ils ont ete suprimer
    ci joint le scan online bitdefender merci encore pour ton aide

    BitDefender Online Scanner

    Scan report generated at: Thu, Mar 20, 2008 - 21:42:38

    Scan path: C:\;D:\;E:\;

    Statistics

    Time
    00:58:27

    Files
    112411

    Folders
    4791

    Boot Sectors
    2

    Archives
    2147

    Packed Files
    8036

    Results

    Identified Viruses
    0

    Infected Files
    0

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    0

    Engines Info

    Virus Definitions
    1019572

    Engine build
    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins
    16

    Archive plugins
    41

    Unpack plugins
    7

    E-mail plugins
    6

    System plugins
    5

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    No virus found.
    0
  10. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Results

    Identified Viruses==>c'est tout bon !!
    0


    Maintenant que ton PC n'est plus infecté, désactive ta "Restauration du système" puis réactive la afin de créer un point de restauration sain.

    * Désactivation :
    Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
    > Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok.

    * Activation :
    Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
    > Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur..

    voila tout et @ jamais !
    0
  11. chechealex
     
    merci encore tout est nickel j'ai l'impression et oui comme tu me l'a dit j'espere a jamais
    0