Pop up PUB sous IE (infection)
flo1845
-
Zangetsu Messages postés 1031 Statut Membre -
Zangetsu Messages postés 1031 Statut Membre -
Bonjour,
j'ai des pop up de pub qui s'affiche en 1er plan
j'ai fait tout ce que je pouvais, Adaware, Spybot, msnfix, redseeker, The cleaner
et AVAST comme anti virus
voici le rapport Hi Jack This
J'ai besoin d'aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:03, on 09/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Portable\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.dell.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {62E50325-E2EB-4BCA-BA80-A86DC3170F46} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BFF78F6F-E7A8-4BF9-9F9C-A68C30CEE504} - (no file)
O2 - BHO: {320a35b3-9524-e708-c324-39507f47395d} - {d59374f7-0593-423c-807e-42593b53a023} - C:\WINDOWS\system32\vsigkt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rnwnw64j.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - AppInit_DLLs: vsigkt.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Utilitaires\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
j'ai des pop up de pub qui s'affiche en 1er plan
j'ai fait tout ce que je pouvais, Adaware, Spybot, msnfix, redseeker, The cleaner
et AVAST comme anti virus
voici le rapport Hi Jack This
J'ai besoin d'aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:03, on 09/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Portable\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.dell.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {62E50325-E2EB-4BCA-BA80-A86DC3170F46} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BFF78F6F-E7A8-4BF9-9F9C-A68C30CEE504} - (no file)
O2 - BHO: {320a35b3-9524-e708-c324-39507f47395d} - {d59374f7-0593-423c-807e-42593b53a023} - C:\WINDOWS\system32\vsigkt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rnwnw64j.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - AppInit_DLLs: vsigkt.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Utilitaires\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
A voir également:
- Pop up PUB sous IE (infection)
- Pop up mcafee - Accueil - Piratage
- Supprimer pub youtube - Accueil - Streaming
- Stop pub gratuit - Télécharger - Divers Utilitaires
- Pop corn time - Télécharger - TV & Vidéo
- Fichier .pub ✓ - Forum Logiciels
14 réponses
voici la suite....
1 desinstall d'avast
2 install d'antivir
3 scan
4 test de navigation et toujours le meme pb (pub intempestive) malgrés les fichiers en quarantaine.
voici le log d'antivir
Avira AntiVir Personal
Report file date: mercredi 10 septembre 2008 22:06
Scanning for 1608238 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Portable
Computer name: ELISE
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 19:36:26
ANTIVIR3.VDF : 7.0.6.142 314368 Bytes 10/09/2008 19:36:28
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 10/09/2008 19:36:36
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.1 397683 Bytes 10/09/2008 19:36:35
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 10/09/2008 19:36:34
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 10/09/2008 19:36:33
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 10/09/2008 19:36:31
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 10/09/2008 19:36:30
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 10/09/2008 19:36:29
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: mercredi 10 septembre 2008 22:06
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
14 processes with 14 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '67' files ).
Starting the file scan:
Begin scan in 'C:\' <System>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\0K4HPS5J\ctxad-580[1].0000
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.emn back-door program
[NOTE] The file was moved to '49402b2a.qua'!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\0K4HPS5J\PerformanceOptimizerPre_Installer[1].cab
[0] Archive type: CAB (Microsoft)
--> PerformanceOptimizerPre_Installer.exe
[DETECTION] Is the TR/Spy.45064 Trojan
[NOTE] The file was moved to '493a2b29.qua'!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\2AJIZ8LT\flash[1].swf
[0] Archive type: SWC
--> Object
[DETECTION] Contains recognition pattern of the EXP/Flash.Gen exploit
[NOTE] The file was moved to '49292b4e.qua'!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\4JNZQ8V3\8605fbac333a37d112b7d4b2e6de281f[1].zip
[0] Archive type: ZIP
--> b161.exe
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The file was moved to '48f82b57.qua'!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\4JNZQ8V3\dl[1].exe
[DETECTION] Is the TR/Agent.tzh Trojan
[NOTE] The file was moved to '49232b95.qua'!
C:\Program Files\MSNFix\09092008_20585609.zip
[0] Archive type: ZIP
--> backup/b161.exe
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The file was moved to '48f82eba.qua'!
C:\WINDOWS\b161.MSNFix
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48fe2f60.qua'!
C:\WINDOWS\system32\5J3yC4x2.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '48fb32e9.qua'!
C:\WINDOWS\system32\g00KV7bq.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '48f832f3.qua'!
C:\WINDOWS\system32\g96.exe
[DETECTION] Contains recognition pattern of the DR/Click.Agent.bsk.1 dropper
[NOTE] The file was moved to '48fe32fc.qua'!
C:\WINDOWS\system32\pac.txt
[DETECTION] Is the TR/Dldr.VB.VPG Trojan
[NOTE] The file was moved to '492b3355.qua'!
C:\WINDOWS\system32\m3\tvgrem041.exe
[DETECTION] Is the TR/Spy.Agent.MWB Trojan
[NOTE] The file was moved to '492f33c7.qua'!
C:\WINDOWS\system32\wTR19\wTR191065.exe
[DETECTION] Is the TR/Dldr.VB.hgt Trojan
[NOTE] The file was moved to '491a33c9.qua'!
Begin scan in 'D:\' <Data>
D:\Install Soft\WinZIP.v9.0.Final.Incl.Keygen.zip
[0] Archive type: ZIP
--> rp_winzipv90_kg_fix.exe
[DETECTION] Is the TR/Click.Befins.A Trojan
[NOTE] The file was moved to '4936393c.qua'!
End of the scan: mercredi 10 septembre 2008 23:14
Used time: 1:08:20 Hour(s)
The scan has been done completely.
3875 Scanning directories
168206 Files were scanned
11 viruses and/or unwanted programs were found
3 Files were classified as suspicious:
0 files were deleted
0 files were repaired
14 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
168191 Files not concerned
6132 Archives were scanned
1 Warnings
14 Notes
1 desinstall d'avast
2 install d'antivir
3 scan
4 test de navigation et toujours le meme pb (pub intempestive) malgrés les fichiers en quarantaine.
voici le log d'antivir
Avira AntiVir Personal
Report file date: mercredi 10 septembre 2008 22:06
Scanning for 1608238 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Portable
Computer name: ELISE
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 19:36:26
ANTIVIR3.VDF : 7.0.6.142 314368 Bytes 10/09/2008 19:36:28
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 10/09/2008 19:36:36
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.1 397683 Bytes 10/09/2008 19:36:35
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 10/09/2008 19:36:34
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 10/09/2008 19:36:33
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 10/09/2008 19:36:31
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 10/09/2008 19:36:30
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 10/09/2008 19:36:29
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: mercredi 10 septembre 2008 22:06
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
14 processes with 14 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '67' files ).
Starting the file scan:
Begin scan in 'C:\' <System>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\0K4HPS5J\ctxad-580[1].0000
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.emn back-door program
[NOTE] The file was moved to '49402b2a.qua'!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\0K4HPS5J\PerformanceOptimizerPre_Installer[1].cab
[0] Archive type: CAB (Microsoft)
--> PerformanceOptimizerPre_Installer.exe
[DETECTION] Is the TR/Spy.45064 Trojan
[NOTE] The file was moved to '493a2b29.qua'!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\2AJIZ8LT\flash[1].swf
[0] Archive type: SWC
--> Object
[DETECTION] Contains recognition pattern of the EXP/Flash.Gen exploit
[NOTE] The file was moved to '49292b4e.qua'!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\4JNZQ8V3\8605fbac333a37d112b7d4b2e6de281f[1].zip
[0] Archive type: ZIP
--> b161.exe
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The file was moved to '48f82b57.qua'!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\4JNZQ8V3\dl[1].exe
[DETECTION] Is the TR/Agent.tzh Trojan
[NOTE] The file was moved to '49232b95.qua'!
C:\Program Files\MSNFix\09092008_20585609.zip
[0] Archive type: ZIP
--> backup/b161.exe
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The file was moved to '48f82eba.qua'!
C:\WINDOWS\b161.MSNFix
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48fe2f60.qua'!
C:\WINDOWS\system32\5J3yC4x2.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '48fb32e9.qua'!
C:\WINDOWS\system32\g00KV7bq.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '48f832f3.qua'!
C:\WINDOWS\system32\g96.exe
[DETECTION] Contains recognition pattern of the DR/Click.Agent.bsk.1 dropper
[NOTE] The file was moved to '48fe32fc.qua'!
C:\WINDOWS\system32\pac.txt
[DETECTION] Is the TR/Dldr.VB.VPG Trojan
[NOTE] The file was moved to '492b3355.qua'!
C:\WINDOWS\system32\m3\tvgrem041.exe
[DETECTION] Is the TR/Spy.Agent.MWB Trojan
[NOTE] The file was moved to '492f33c7.qua'!
C:\WINDOWS\system32\wTR19\wTR191065.exe
[DETECTION] Is the TR/Dldr.VB.hgt Trojan
[NOTE] The file was moved to '491a33c9.qua'!
Begin scan in 'D:\' <Data>
D:\Install Soft\WinZIP.v9.0.Final.Incl.Keygen.zip
[0] Archive type: ZIP
--> rp_winzipv90_kg_fix.exe
[DETECTION] Is the TR/Click.Befins.A Trojan
[NOTE] The file was moved to '4936393c.qua'!
End of the scan: mercredi 10 septembre 2008 23:14
Used time: 1:08:20 Hour(s)
The scan has been done completely.
3875 Scanning directories
168206 Files were scanned
11 viruses and/or unwanted programs were found
3 Files were classified as suspicious:
0 files were deleted
0 files were repaired
14 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
168191 Files not concerned
6132 Archives were scanned
1 Warnings
14 Notes
après malware
voici le nouveau rapport hijackthis
je pense que le pb est resolu !!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:57, on 11/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Utilitaires\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\Portable\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.dell.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {62E50325-E2EB-4BCA-BA80-A86DC3170F46} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BFF78F6F-E7A8-4BF9-9F9C-A68C30CEE504} - (no file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rnwnw64j.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - AppInit_DLLs: vsigkt.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Utilitaires\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
voici le nouveau rapport hijackthis
je pense que le pb est resolu !!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:57, on 11/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Utilitaires\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\Portable\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.dell.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {62E50325-E2EB-4BCA-BA80-A86DC3170F46} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BFF78F6F-E7A8-4BF9-9F9C-A68C30CEE504} - (no file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rnwnw64j.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - AppInit_DLLs: vsigkt.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Utilitaires\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Télécharges Vundofix à l'adresse ci-dessous :
http://vundofix.atribune.org/
1) Double-clique sur VundoFix.exe.
2) Cliques sur le bouton Scan for Vundo.
3) Quand c'est fini, cliques sur fix Vundo.
4) Si le pc te demande de supprimer les fichiers, cliques sur YES.
5) Le Bureau disparaîtra pendant la suppression.
6) Le PC devra s'éteindre. Cliques sur OK, puis laisser le redémarrer.
7) Colles le rapport qui est dans C:\vundofix.txt et refais un log Hijackthis.
Ensuite
1) Désinstalles PROPREMENT Avast, c'est important, et installes soit Antivir ( si tu reste en gratuit), soit Nod32 (payant) ou encore Kaspersky (payant).
Tu peux le constater de toi-même :
http://forum.malekal.com/ftopic3528.php
Si tu décides d'installer Antivir, fais ceci :
2) Télécharges Avira antivir PersonalEdition Classic a partir de ce lien : https://www.avira.com/ sur ton Bureau.
3) Télécharges le désinstalleur d'Avast sur ton Bureau : https://www.avast.com/fr-fr/uninstall-utility
4) Mets toi hors connexion, puis désinstalle avast, avec le désinstalleur!
5) Redémarre ton PC comme demandé et supprime le dossier C:\Program Files\Alwils Software
6) Double-cliques sur l'installeur d'Antivir.
7) Une fois celui-ci installé, reconnectes-toi afin d’effectuer sa mise à jour, et le paramétrer.
8) Ferme le scan qui s'est lancé de manière automatique.
Paramètres-le comme :
ici : http://speedweb1.free.fr/frames2.php?page=tuto5
ou là : https://www.malekal.com/avira-free-security-antivirus-gratuit/
9) Redémarres en mode sans échec
- Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît, tapotes la touche F8 (ou F5 sur certains PC) jusqu'à l'affichage du menu des options avancées de Windows.
- Sélectionne "Mode sans échec" et appuyer sur la touche Enter.
- Choisis ta session habituelle, pas le compte "Administrateur".
Tutoriel ci-besoin :
https://forum.pcastuces.com/sujet.asp?f=25&s=3902
10) Lances Avira antivir.
11) Cliques sur Local protection (colonne à gauche), puis sur « Scanner », puis vérifies à RootKit search et Manuelle détection (en développant avec la petite croix devant chacun d'eux), que tous tes disques durs soient bien cochés, puis cliques sur la loupe (en dessous de statut).
12) Une fenêtre va s’ouvrir « Luke Filewalker » .. le scan va démarrer.
13) Mets tout ce qu il trouve en "Quarantine".
14) Une fois le scan achevé, fermes les deux fenêtres d'Antivir et sauvegardes le rapport.
15) Redémarres en mode normal puis postes le rapport d'Antivir.
Tuto http://www.malekal.com/tutorial_antivir.html et/ou http://www.libellules.ch/tuto_antivir.php
16) Télécharges Malwarebyte's à l'adresse ci-dessous :
https://www.generation-nt.com/malwarebytes-anti-malware-protection-agents-malveillants-securite-anti-malwares-telecharger-telechargement-47800.html
17) Redémarres en mode sans échec. Pour cela, tapotes F8 au démarrage, avant que le logo de windows n'apparaisse.
18) Choisi ton compte et pas l'Administrateur.
19) Fais un scan complet, et supprimes tout ce qu'il te trouve.
20) Sauvegardes le résultat (à la fin du scan, l'option "afficher le résultat", apparait).
21) Lorsque tu as fini ça, refais un log hijackthis et post-le à la suite du résultat de Malwarebyte's.
Les logs hijackthis ne doivent pas être fait en safe mode.
http://vundofix.atribune.org/
1) Double-clique sur VundoFix.exe.
2) Cliques sur le bouton Scan for Vundo.
3) Quand c'est fini, cliques sur fix Vundo.
4) Si le pc te demande de supprimer les fichiers, cliques sur YES.
5) Le Bureau disparaîtra pendant la suppression.
6) Le PC devra s'éteindre. Cliques sur OK, puis laisser le redémarrer.
7) Colles le rapport qui est dans C:\vundofix.txt et refais un log Hijackthis.
Ensuite
1) Désinstalles PROPREMENT Avast, c'est important, et installes soit Antivir ( si tu reste en gratuit), soit Nod32 (payant) ou encore Kaspersky (payant).
Tu peux le constater de toi-même :
http://forum.malekal.com/ftopic3528.php
Si tu décides d'installer Antivir, fais ceci :
2) Télécharges Avira antivir PersonalEdition Classic a partir de ce lien : https://www.avira.com/ sur ton Bureau.
3) Télécharges le désinstalleur d'Avast sur ton Bureau : https://www.avast.com/fr-fr/uninstall-utility
4) Mets toi hors connexion, puis désinstalle avast, avec le désinstalleur!
5) Redémarre ton PC comme demandé et supprime le dossier C:\Program Files\Alwils Software
6) Double-cliques sur l'installeur d'Antivir.
7) Une fois celui-ci installé, reconnectes-toi afin d’effectuer sa mise à jour, et le paramétrer.
8) Ferme le scan qui s'est lancé de manière automatique.
Paramètres-le comme :
ici : http://speedweb1.free.fr/frames2.php?page=tuto5
ou là : https://www.malekal.com/avira-free-security-antivirus-gratuit/
9) Redémarres en mode sans échec
- Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît, tapotes la touche F8 (ou F5 sur certains PC) jusqu'à l'affichage du menu des options avancées de Windows.
- Sélectionne "Mode sans échec" et appuyer sur la touche Enter.
- Choisis ta session habituelle, pas le compte "Administrateur".
Tutoriel ci-besoin :
https://forum.pcastuces.com/sujet.asp?f=25&s=3902
10) Lances Avira antivir.
11) Cliques sur Local protection (colonne à gauche), puis sur « Scanner », puis vérifies à RootKit search et Manuelle détection (en développant avec la petite croix devant chacun d'eux), que tous tes disques durs soient bien cochés, puis cliques sur la loupe (en dessous de statut).
12) Une fenêtre va s’ouvrir « Luke Filewalker » .. le scan va démarrer.
13) Mets tout ce qu il trouve en "Quarantine".
14) Une fois le scan achevé, fermes les deux fenêtres d'Antivir et sauvegardes le rapport.
15) Redémarres en mode normal puis postes le rapport d'Antivir.
Tuto http://www.malekal.com/tutorial_antivir.html et/ou http://www.libellules.ch/tuto_antivir.php
16) Télécharges Malwarebyte's à l'adresse ci-dessous :
https://www.generation-nt.com/malwarebytes-anti-malware-protection-agents-malveillants-securite-anti-malwares-telecharger-telechargement-47800.html
17) Redémarres en mode sans échec. Pour cela, tapotes F8 au démarrage, avant que le logo de windows n'apparaisse.
18) Choisi ton compte et pas l'Administrateur.
19) Fais un scan complet, et supprimes tout ce qu'il te trouve.
20) Sauvegardes le résultat (à la fin du scan, l'option "afficher le résultat", apparait).
21) Lorsque tu as fini ça, refais un log hijackthis et post-le à la suite du résultat de Malwarebyte's.
Les logs hijackthis ne doivent pas être fait en safe mode.
FIREFOX 3.0 ou encore essaie Google Chrome. Je te conseille vivement Firefox et Avast. Ça fait 1ans et demi que je navigue avec ça et je n'ai aucun problème de pop-up ou autres merdes du genre!
Avast. --> C'est justement ce qu'il faut PAS. Si tu lui donne des conseils donnes-en lui des bons.
flo1845 : Fais ce que je t'ai dit. Changer de navigateur, oui mais ne mais SURTOUT PAS Avast.
flo1845 : Fais ce que je t'ai dit. Changer de navigateur, oui mais ne mais SURTOUT PAS Avast.
Pour moi, c'est des bons conseilles car je roule sous avast et je n'ai jamais eut de problèmes... ÉVITEZ LES SITES XXX
et y'aura pas de problèmes!!!!
et y'aura pas de problèmes!!!!
Pour moi, c'est des bons conseilles --> Justement c'est ce que je dis. Pour TOI ce sont des bons conseils. Malheureusement pour toi, tout le monde passe à Antivir en gratuit. (moi je suis ni sur l'un ni sur l'autre)
A bon... à preuve du contraire, je continue de soutenir avast! Je suis rarement les mouvements de foule tête baissée!
J'attends juste que tu finisse le reste. Pas de souci.
voici la suite....
1 desinstall d'avast
2 install d'antivir
3 scan
4 test de navigation et toujours le meme pb (pub intempestive) malgrés les fichiers en quarantaine.
voici le log d'antivir
Avira AntiVir Personal
Report file date: mercredi 10 septembre 2008 22:06
Scanning for 1608238 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Portable
Computer name: ELISE
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 19:36:26
ANTIVIR3.VDF : 7.0.6.142 314368 Bytes 10/09/2008 19:36:28
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 10/09/2008 19:36:36
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.1 397683 Bytes 10/09/2008 19:36:35
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 10/09/2008 19:36:34
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 10/09/2008 19:36:33
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 10/09/2008 19:36:31
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 10/09/2008 19:36:30
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 10/09/2008 19:36:29
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: mercredi 10 septembre 2008 22:06
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
14 processes with 14 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '67' files ).
Starting the file scan:
Begin scan in 'C:\' <System>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\0K4HPS5J\ctxad-580[1].0000
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.emn back-door program
[NOTE] The file was moved to '49402b2a.qua'!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\0K4HPS5J\PerformanceOptimizerPre_Installer[1].cab
[0] Archive type: CAB (Microsoft)
--> PerformanceOptimizerPre_Installer.exe
[DETECTION] Is the TR/Spy.45064 Trojan
[NOTE] The file was moved to '493a2b29.qua'!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\2AJIZ8LT\flash[1].swf
[0] Archive type: SWC
--> Object
[DETECTION] Contains recognition pattern of the EXP/Flash.Gen exploit
[NOTE] The file was moved to '49292b4e.qua'!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\4JNZQ8V3\8605fbac333a37d112b7d4b2e6de281f[1].zip
[0] Archive type: ZIP
--> b161.exe
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The file was moved to '48f82b57.qua'!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\4JNZQ8V3\dl[1].exe
[DETECTION] Is the TR/Agent.tzh Trojan
[NOTE] The file was moved to '49232b95.qua'!
C:\Program Files\MSNFix\09092008_20585609.zip
[0] Archive type: ZIP
--> backup/b161.exe
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The file was moved to '48f82eba.qua'!
C:\WINDOWS\b161.MSNFix
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48fe2f60.qua'!
C:\WINDOWS\system32\5J3yC4x2.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '48fb32e9.qua'!
C:\WINDOWS\system32\g00KV7bq.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '48f832f3.qua'!
C:\WINDOWS\system32\g96.exe
[DETECTION] Contains recognition pattern of the DR/Click.Agent.bsk.1 dropper
[NOTE] The file was moved to '48fe32fc.qua'!
C:\WINDOWS\system32\pac.txt
[DETECTION] Is the TR/Dldr.VB.VPG Trojan
[NOTE] The file was moved to '492b3355.qua'!
C:\WINDOWS\system32\m3\tvgrem041.exe
[DETECTION] Is the TR/Spy.Agent.MWB Trojan
[NOTE] The file was moved to '492f33c7.qua'!
C:\WINDOWS\system32\wTR19\wTR191065.exe
[DETECTION] Is the TR/Dldr.VB.hgt Trojan
[NOTE] The file was moved to '491a33c9.qua'!
Begin scan in 'D:\' <Data>
D:\Install Soft\WinZIP.v9.0.Final.Incl.Keygen.zip
[0] Archive type: ZIP
--> rp_winzipv90_kg_fix.exe
[DETECTION] Is the TR/Click.Befins.A Trojan
[NOTE] The file was moved to '4936393c.qua'!
End of the scan: mercredi 10 septembre 2008 23:14
Used time: 1:08:20 Hour(s)
The scan has been done completely.
3875 Scanning directories
168206 Files were scanned
11 viruses and/or unwanted programs were found
3 Files were classified as suspicious:
0 files were deleted
0 files were repaired
14 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
168191 Files not concerned
6132 Archives were scanned
1 Warnings
14 Notes
1 desinstall d'avast
2 install d'antivir
3 scan
4 test de navigation et toujours le meme pb (pub intempestive) malgrés les fichiers en quarantaine.
voici le log d'antivir
Avira AntiVir Personal
Report file date: mercredi 10 septembre 2008 22:06
Scanning for 1608238 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Portable
Computer name: ELISE
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 19:36:26
ANTIVIR3.VDF : 7.0.6.142 314368 Bytes 10/09/2008 19:36:28
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 10/09/2008 19:36:36
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.1 397683 Bytes 10/09/2008 19:36:35
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 10/09/2008 19:36:34
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 10/09/2008 19:36:33
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 10/09/2008 19:36:31
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 10/09/2008 19:36:30
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 10/09/2008 19:36:29
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: mercredi 10 septembre 2008 22:06
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
14 processes with 14 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '67' files ).
Starting the file scan:
Begin scan in 'C:\' <System>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\0K4HPS5J\ctxad-580[1].0000
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.emn back-door program
[NOTE] The file was moved to '49402b2a.qua'!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\0K4HPS5J\PerformanceOptimizerPre_Installer[1].cab
[0] Archive type: CAB (Microsoft)
--> PerformanceOptimizerPre_Installer.exe
[DETECTION] Is the TR/Spy.45064 Trojan
[NOTE] The file was moved to '493a2b29.qua'!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\2AJIZ8LT\flash[1].swf
[0] Archive type: SWC
--> Object
[DETECTION] Contains recognition pattern of the EXP/Flash.Gen exploit
[NOTE] The file was moved to '49292b4e.qua'!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\4JNZQ8V3\8605fbac333a37d112b7d4b2e6de281f[1].zip
[0] Archive type: ZIP
--> b161.exe
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The file was moved to '48f82b57.qua'!
C:\Documents and Settings\Portable\Local Settings\Temporary Internet Files\Content.IE5\4JNZQ8V3\dl[1].exe
[DETECTION] Is the TR/Agent.tzh Trojan
[NOTE] The file was moved to '49232b95.qua'!
C:\Program Files\MSNFix\09092008_20585609.zip
[0] Archive type: ZIP
--> backup/b161.exe
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The file was moved to '48f82eba.qua'!
C:\WINDOWS\b161.MSNFix
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48fe2f60.qua'!
C:\WINDOWS\system32\5J3yC4x2.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '48fb32e9.qua'!
C:\WINDOWS\system32\g00KV7bq.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '48f832f3.qua'!
C:\WINDOWS\system32\g96.exe
[DETECTION] Contains recognition pattern of the DR/Click.Agent.bsk.1 dropper
[NOTE] The file was moved to '48fe32fc.qua'!
C:\WINDOWS\system32\pac.txt
[DETECTION] Is the TR/Dldr.VB.VPG Trojan
[NOTE] The file was moved to '492b3355.qua'!
C:\WINDOWS\system32\m3\tvgrem041.exe
[DETECTION] Is the TR/Spy.Agent.MWB Trojan
[NOTE] The file was moved to '492f33c7.qua'!
C:\WINDOWS\system32\wTR19\wTR191065.exe
[DETECTION] Is the TR/Dldr.VB.hgt Trojan
[NOTE] The file was moved to '491a33c9.qua'!
Begin scan in 'D:\' <Data>
D:\Install Soft\WinZIP.v9.0.Final.Incl.Keygen.zip
[0] Archive type: ZIP
--> rp_winzipv90_kg_fix.exe
[DETECTION] Is the TR/Click.Befins.A Trojan
[NOTE] The file was moved to '4936393c.qua'!
End of the scan: mercredi 10 septembre 2008 23:14
Used time: 1:08:20 Hour(s)
The scan has been done completely.
3875 Scanning directories
168206 Files were scanned
11 viruses and/or unwanted programs were found
3 Files were classified as suspicious:
0 files were deleted
0 files were repaired
14 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
168191 Files not concerned
6132 Archives were scanned
1 Warnings
14 Notes
Fixes les lignes (lance hijacthis, coches les lignes, fais "fix checked", en bas à gauche) :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.fr/myway
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: (no name) - {62E50325-E2EB-4BCA-BA80-A86DC3170F46} - (no file)
O2 - BHO: (no name) - {BFF78F6F-E7A8-4BF9-9F9C-A68C30CEE504} - (no file)
Télécharges SDFix à l'adresse ci-dessous :
https://www.malekal.com/slenfbot-still-an-other-irc-bot/
1) Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier sur le Bureau.
2) Redémarres ton ordinateur en mode sans échec :
- Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît, tapotes la touche F8 (ou F5 sur certains PC) jusqu'à l'affichage du menu des options avancées de Windows.
- Sélectionnes "Mode sans échec" et appuyes sur la touche Enter.
- Choisis ta session habituelle, pas le compte "Administrateur".
3) Ouvres le dossier SDFix et double cliques sur "RunThis.bat".
4) Appuies sur Y pour commencer le processus de nettoyage.
5) Il te demandera à un moment d'appuyer sur une touche pour redémarrer, fais-le.
(Ton pc chargera un peu plus longtemps cette fois-ci car l'outil travaille.)
6) Lorsque ton pc est chargé, il affichera Finished.
7) Appuies sur une touche pour finir l'exécution du script.
8) Les icônes du Bureau affichées, le rapport SDFix apparaitra et s'enregistrera aussi dans le dossier SDFix sous le nom "Report.txt".
9) Colles le fichier Report.txt et refais un log Hijackthis.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.fr/myway
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: (no name) - {62E50325-E2EB-4BCA-BA80-A86DC3170F46} - (no file)
O2 - BHO: (no name) - {BFF78F6F-E7A8-4BF9-9F9C-A68C30CEE504} - (no file)
Télécharges SDFix à l'adresse ci-dessous :
https://www.malekal.com/slenfbot-still-an-other-irc-bot/
1) Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier sur le Bureau.
2) Redémarres ton ordinateur en mode sans échec :
- Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît, tapotes la touche F8 (ou F5 sur certains PC) jusqu'à l'affichage du menu des options avancées de Windows.
- Sélectionnes "Mode sans échec" et appuyes sur la touche Enter.
- Choisis ta session habituelle, pas le compte "Administrateur".
3) Ouvres le dossier SDFix et double cliques sur "RunThis.bat".
4) Appuies sur Y pour commencer le processus de nettoyage.
5) Il te demandera à un moment d'appuyer sur une touche pour redémarrer, fais-le.
(Ton pc chargera un peu plus longtemps cette fois-ci car l'outil travaille.)
6) Lorsque ton pc est chargé, il affichera Finished.
7) Appuies sur une touche pour finir l'exécution du script.
8) Les icônes du Bureau affichées, le rapport SDFix apparaitra et s'enregistrera aussi dans le dossier SDFix sous le nom "Report.txt".
9) Colles le fichier Report.txt et refais un log Hijackthis.
