Votre question

PSW.x-Vir trojan

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Mars 2007 08:26:16

"Your compueter is infected with last version of PSW.x-Vir trojan. PSW trojans steal your private information such as : passwords, IP-address, credid card information, registration details, documents, etc.
Click this baloon to remove PSW.x-Vir spymare."

alors je fair quoi
merci

Autres pages sur : psw vir trojan

a b 8 Sécurité
22 Mars 2007 16:25:06

Un bonjour ?

Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.

**Si le lien ne fonctionne pas, clique ici**

&

Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.

Lance l'application.
Choisis l'option "Do a system scan and save a logfile"
Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
Colle le rapport ici.

AIDE : Tuto en vidéo sur Hijackthis
22 Mars 2007 21:32:57

SmitFraudFix v2.152

Rapport fait à 21:31:54,37, 22/03/2007
Executé à partir de C:\Documents and Settings\PC\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

104.210.98.148 download.microsoft.com
181.159.189.68 downloads.microsoft.com
111.138.97.30 go.microsoft.com
176.171.191.233 msdn.microsoft.com
174.46.37.27 office.microsoft.com
187.58.188.136 support.microsoft.com
180.17.225.124 windowsupdate.microsoft.com
113.105.150.225 pandasoftware.com
184.14.192.135 www.pandasoftware.com

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\fyxkaah.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PC


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PC\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PC\Favoris

C:\DOCUME~1\PC\Favoris\Online Security Test.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\SpyLocked\ PRESENT !
C:\Program Files\Video Access ActiveX Object\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b292ec9f-a074-4115-8342-1f459702d8d2}"="characterizing"

[HKEY_CLASSES_ROOT\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}\InProcServer32]
@="C:\WINDOWS\system32\fyxkaah.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}\InProcServer32]
@="C:\WINDOWS\system32\fyxkaah.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Contenus similaires
Pas de réponse à votre question ? Demandez !
22 Mars 2007 21:35:01

Logfile of HijackThis v1.99.1
Scan saved at 21:34:24, on 22/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Video Access ActiveX Object\isamntr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Video Access ActiveX Object\isamini.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\System32\drivers\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
D:\Program Files\MalwaresWipeds\MalwareWipeds.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\BitComet\BitComet.exe
C:\Program Files\Mustek 1200 UB PLUS\Driver\WATCH.exe
C:\Program Files\Video Access ActiveX Object\isamini.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
G:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Video Access ActiveX Object\isamini.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Documents and Settings\PC\Mes documents\Unzipped\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: 108.112.42.206 ad.doubleclick.net
O1 - Hosts: 184.169.44.29 upgrade.bitdefender.com
O1 - Hosts: 106.62.59.13 report.bitdefender.com
O1 - Hosts: 178.95.95.213 ad.fastclick.net
O1 - Hosts: 107.116.117.138 ads.fastclick.net
O1 - Hosts: 174.15.27.94 ar.atwola.com
O1 - Hosts: 115.27.183.221 atdmt.com
O1 - Hosts: 183.97.110.57 avp.ch
O1 - Hosts: 114.153.7.176 avp.com
O1 - Hosts: 179.51.181.210 avp.ru
O1 - Hosts: 108.15.197.227 awaps.net
O1 - Hosts: 180.66.164.240 banner.fastclick.net
O1 - Hosts: 112.56.109.230 banners.fastclick.net
O1 - Hosts: 177.137.61.67 ca.com
O1 - Hosts: 111.18.29.102 www.ca.com
O1 - Hosts: 180.140.140.115 click.atdmt.com
O1 - Hosts: 104.148.31.185 clicks.atdmt.com
O1 - Hosts: 186.213.124.100 customer.symantec.com
O1 - Hosts: 100.96.64.129 dispatch.mcafee.com
O1 - Hosts: 183.2.101.136 download.mcafee.com
O1 - Hosts: 104.210.98.148 download.microsoft.com
O1 - Hosts: 181.159.189.68 downloads.microsoft.com
O1 - Hosts: 112.218.150.78 downloads-eu1.kaspersky-labs.com
O1 - Hosts: 181.65.170.225 downloads-eu2.kaspersky-labs.com
O1 - Hosts: 115.202.138.212 downloads-eu3.kaspersky-labs.com
O1 - Hosts: 185.37.50.218 downloads-us1.kaspersky-labs.com
O1 - Hosts: 109.114.81.80 downloads-us2.kaspersky-labs.com
O1 - Hosts: 180.183.191.200 downloads-us3.kaspersky-labs.com
O1 - Hosts: 111.63.81.72 downloads1.kaspersky-labs.com
O1 - Hosts: 187.45.123.197 downloads2.kaspersky-labs.com
O1 - Hosts: 102.48.18.192 downloads3.kaspersky-labs.com
O1 - Hosts: 180.188.144.114 downloads4.kaspersky-labs.com
O1 - Hosts: 111.57.62.146 engine.awaps.net
O1 - Hosts: 179.113.96.3 f-secure.com
O1 - Hosts: 100.178.73.135 fastclick.net
O1 - Hosts: 182.38.71.88 ftp.avp.ch
O1 - Hosts: 107.152.141.111 ftp.downloads2.kaspersky-labs.com
O1 - Hosts: 186.39.46.12 ftp.f-secure.com
O1 - Hosts: 106.65.181.226 ftp.kasperskylab.ru
O1 - Hosts: 174.100.75.218 ftp.sophos.com
O1 - Hosts: 111.138.97.30 go.microsoft.com
O1 - Hosts: 174.194.28.31 ids.kaspersky-labs.com
O1 - Hosts: 110.101.147.64 kaspersky-labs.com
O1 - Hosts: 182.218.134.18 kaspersky.com
O1 - Hosts: 110.50.113.133 liveupdate.symantec.com
O1 - Hosts: 178.160.128.199 liveupdate.symantecliveupdate.com
O1 - Hosts: 115.84.151.31 mast.mcafee.com
O1 - Hosts: 185.0.220.131 mcafee.com
O1 - Hosts: 109.92.142.185 media.fastclick.net
O1 - Hosts: 176.171.191.233 msdn.microsoft.com
O1 - Hosts: 103.113.37.211 my-etrust.com
O1 - Hosts: 180.172.202.29 nai.com
O1 - Hosts: 115.89.143.98 networkassociates.com
O1 - Hosts: 174.46.37.27 office.microsoft.com
O1 - Hosts: 109.188.51.100 phx.corporate-ir.net
O1 - Hosts: 185.45.204.116 rads.mcafee.com
O1 - Hosts: 109.120.41.223 secure.nai.com
O1 - Hosts: 177.7.179.127 securityresponse.symantec.com
O1 - Hosts: 108.217.74.1 service1.symantec.com
O1 - Hosts: 183.50.26.181 sophos.com
O1 - Hosts: 109.170.21.186 spd.atdmt.com
O1 - Hosts: 187.58.188.136 support.microsoft.com
O1 - Hosts: 101.13.209.239 symantec.com
O1 - Hosts: 176.188.88.223 trendmicro.com
O1 - Hosts: 105.130.169.168 update.symantec.com
O1 - Hosts: 182.123.36.37 updates.symantec.com
O1 - Hosts: 108.110.33.59 updates1.kaspersky-labs.com
O1 - Hosts: 183.59.213.85 updates2.kaspersky-labs.com
O1 - Hosts: 100.8.14.248 updates3.kaspersky-labs.com
O1 - Hosts: 177.203.115.101 updates4.kaspersky-labs.com
O1 - Hosts: 115.99.75.57 updates5.kaspersky-labs.com
O1 - Hosts: 177.164.21.164 us.mcafee.com
O1 - Hosts: 104.191.68.232 vil.nai.com
O1 - Hosts: 178.104.12.229 viruslist.com
O1 - Hosts: 115.45.29.170 viruslist.ru
O1 - Hosts: 180.17.225.124 windowsupdate.microsoft.com
O1 - Hosts: 101.14.104.106 www.avp.ch
O1 - Hosts: 187.220.183.234 www.avp.com
O1 - Hosts: 106.32.32.175 www.avp.ru
O1 - Hosts: 186.54.74.45 www.awaps.net
O1 - Hosts: 101.143.19.123 www.ca.com
O1 - Hosts: 174.32.86.13 www.f-secure.com
O1 - Hosts: 105.116.161.207 www.fastclick.net
O1 - Hosts: 181.161.67.179 www.grisoft.com
O1 - Hosts: 112.172.26.189 www.kaspersky-labs.com
O1 - Hosts: 184.209.149.39 www.kaspersky.com
O1 - Hosts: 101.182.189.240 www.kaspersky.ru
O1 - Hosts: 173.37.26.35 www.mcafee.com
O1 - Hosts: 112.46.139.229 www.my-etrust.com
O1 - Hosts: 178.225.214.176 www.nai.com
O1 - Hosts: 108.150.114.26 www.networkassociates.com
O1 - Hosts: 178.182.181.42 www.sophos.com
O1 - Hosts: 109.208.204.78 www.symantec.com
O1 - Hosts: 185.128.102.236 www.trendmicro.com
O1 - Hosts: 106.65.196.108 www.viruslist.com
O1 - Hosts: 179.223.125.67 www.viruslist.ru
O1 - Hosts: 103.38.35.138 www3.ca.com
O1 - Hosts: 175.24.52.173 avp.ch
O1 - Hosts: 112.167.176.41 avp.com
O1 - Hosts: 181.132.72.29 avp.ru
O1 - Hosts: 108.51.94.92 awaps.net
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - G:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O4 - HKLM\..\Run: [0086791172768559mcinstcleanup] C:\DOCUME~1\PC\LOCALS~1\Temp\008679~1.EXE C:\PROGRA~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS10 Preload] h:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [MalwaresWipeds] d:\Program Files\MalwaresWipeds\MalwareWipeds.exe /h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB PLUS\Driver\WATCH.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - g:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b5a009b435d541909b64820101158eab
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b5a009b435d541909b64820101158eab
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - g:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - g:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.getrightarcade.com/online/online2/bejeweled2...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - d:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

22 Mars 2007 21:35:57

merci je fair qoui la
a b 8 Sécurité
22 Mars 2007 21:36:54

Et le hijackthis ?

Redémarre en mode sans échec

Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
Sauvegarde le rapport sur ton Bureau.

Redémarre normalement.

Poste les rapports Hijackthis et SmitfraudFix.
22 Mars 2007 22:01:18

j'ai un problme con je Redémarre en mode sans échec tous et noir
a b 8 Sécurité
22 Mars 2007 22:02:48

C'est normal.
Patiente un peu.
22 Mars 2007 22:05:14

combien de temp a peupré
a b 8 Sécurité
22 Mars 2007 22:07:07

Je sais pas. Attends au moins 10min.
22 Mars 2007 22:14:33

ok merci
22 Mars 2007 22:36:06

sa marche il ya pas le virus merci
22 Mars 2007 22:36:42

SmitFraudFix v2.152

Rapport fait à 22:27:28,15, 22/03/2007
Executé à partir de D:\Downloads\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b292ec9f-a074-4115-8342-1f459702d8d2}"="characterizing"

[HKEY_CLASSES_ROOT\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}\InProcServer32]
@="C:\WINDOWS\system32\fyxkaah.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}\InProcServer32]
@="C:\WINDOWS\system32\fyxkaah.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
108.112.42.206 ad.doubleclick.net
184.169.44.29 upgrade.bitdefender.com
106.62.59.13 report.bitdefender.com
178.95.95.213 ad.fastclick.net
107.116.117.138 ads.fastclick.net
174.15.27.94 ar.atwola.com
115.27.183.221 atdmt.com
183.97.110.57 avp.ch
114.153.7.176 avp.com
179.51.181.210 avp.ru
108.15.197.227 awaps.net
180.66.164.240 banner.fastclick.net
112.56.109.230 banners.fastclick.net
177.137.61.67 ca.com
111.18.29.102 www.ca.com
180.140.140.115 click.atdmt.com
104.148.31.185 clicks.atdmt.com
186.213.124.100 customer.symantec.com
100.96.64.129 dispatch.mcafee.com
183.2.101.136 download.mcafee.com
112.218.150.78 downloads-eu1.kaspersky-labs.com
181.65.170.225 downloads-eu2.kaspersky-labs.com
115.202.138.212 downloads-eu3.kaspersky-labs.com
185.37.50.218 downloads-us1.kaspersky-labs.com
109.114.81.80 downloads-us2.kaspersky-labs.com
180.183.191.200 downloads-us3.kaspersky-labs.com
111.63.81.72 downloads1.kaspersky-labs.com
187.45.123.197 downloads2.kaspersky-labs.com
102.48.18.192 downloads3.kaspersky-labs.com
180.188.144.114 downloads4.kaspersky-labs.com
111.57.62.146 engine.awaps.net
179.113.96.3 f-secure.com
100.178.73.135 fastclick.net
182.38.71.88 ftp.avp.ch
107.152.141.111 ftp.downloads2.kaspersky-labs.com
186.39.46.12 ftp.f-secure.com
106.65.181.226 ftp.kasperskylab.ru
174.100.75.218 ftp.sophos.com
174.194.28.31 ids.kaspersky-labs.com
110.101.147.64 kaspersky-labs.com
182.218.134.18 kaspersky.com
110.50.113.133 liveupdate.symantec.com
178.160.128.199 liveupdate.symantecliveupdate.com
115.84.151.31 mast.mcafee.com
185.0.220.131 mcafee.com
109.92.142.185 media.fastclick.net
103.113.37.211 my-etrust.com
180.172.202.29 nai.com
115.89.143.98 networkassociates.com
109.188.51.100 phx.corporate-ir.net
185.45.204.116 rads.mcafee.com
109.120.41.223 secure.nai.com
177.7.179.127 securityresponse.symantec.com
108.217.74.1 service1.symantec.com
183.50.26.181 sophos.com
109.170.21.186 spd.atdmt.com
101.13.209.239 symantec.com
176.188.88.223 trendmicro.com
105.130.169.168 update.symantec.com
182.123.36.37 updates.symantec.com
108.110.33.59 updates1.kaspersky-labs.com
183.59.213.85 updates2.kaspersky-labs.com
100.8.14.248 updates3.kaspersky-labs.com
177.203.115.101 updates4.kaspersky-labs.com
115.99.75.57 updates5.kaspersky-labs.com
177.164.21.164 us.mcafee.com
104.191.68.232 vil.nai.com
178.104.12.229 viruslist.com
115.45.29.170 viruslist.ru
101.14.104.106 www.avp.ch
187.220.183.234 www.avp.com
106.32.32.175 www.avp.ru
186.54.74.45 www.awaps.net
101.143.19.123 www.ca.com
174.32.86.13 www.f-secure.com
105.116.161.207 www.fastclick.net
181.161.67.179 www.grisoft.com
112.172.26.189 www.kaspersky-labs.com
184.209.149.39 www.kaspersky.com
101.182.189.240 www.kaspersky.ru
173.37.26.35 www.mcafee.com
112.46.139.229 www.my-etrust.com
178.225.214.176 www.nai.com
108.150.114.26 www.networkassociates.com
178.182.181.42 www.sophos.com
109.208.204.78 www.symantec.com
185.128.102.236 www.trendmicro.com
106.65.196.108 www.viruslist.com
179.223.125.67 www.viruslist.ru
103.38.35.138 www3.ca.com
175.24.52.173 avp.ch
112.167.176.41 avp.com
181.132.72.29 avp.ru
108.51.94.92 awaps.net
184.196.64.44 f-secure.com
102.35.134.158 fastclick.net
175.33.199.87 grisoft.com
105.9.199.125 kaspersky-labs.com
175.26.38.236 kaspersky.com
113.214.19.103 kaspersky.ru
181.92.116.12 mcafee.com
110.211.91.110 my-etrust.com
185.156.136.247 nai.com
113.44.133.254 networkassociates.com
178.106.76.170 sophos.com
108.49.35.169 symantec.com
178.73.132.50 trendmicro.com
104.152.134.206 viruslist.com
174.25.193.182 viruslist.ru
100.58.33.218 www3.ca.com
102.158.3.18 akamai.net
186.30.217.102 update.symantec.com
105.26.14.176 service1.symantec.com
179.147.199.183 www.antivir.de
105.108.119.104 antivir.de
181.87.27.164 drweb.com
110.60.112.152 www.drweb.com
173.72.89.247 drweb.ru
111.44.59.160 www.ravantivirus.com
177.51.6.174 ravantivirus.com
105.20.84.201 bitdefender.com
184.57.115.18 www.bitdefender.com
111.9.106.84 www.clamav.net
179.134.219.18 clamav.net
104.26.34.150 ftpav.ca.com
178.40.61.175 upgrade.bitdefender.com
104.145.107.4 www.bitdefender.ru
186.223.18.161 bitdefender.ru
100.125.216.116 open.by
175.210.118.4 vba32.de
106.43.202.48 www.open.by
114.221.90.151 lavasoft.de
187.158.9.42 lavasoft.com
176.168.161.132 rs01.avast.com
113.196.23.53 sm01.avast.com
173.85.201.82 rs02.avast.com
100.83.75.234 sm02.avast.com
178.94.124.98 rs03.avast.com
115.115.189.31 sm03.avast.com
179.82.30.213 rs04.avast.com
108.6.5.208 sm04.avast.com
184.166.75.163 rs05.avast.com
109.98.190.168 sm05.avast.com
185.166.221.212 rs06.avast.com
101.71.169.118 sm06.avast.com
183.68.192.179 rs07.avast.com
113.156.186.65 sm07.avast.com
173.216.20.157 rs08.avast.com
115.25.97.195 sm08.avast.com
185.172.91.117 rs09.avast.com
103.56.26.4 sm09.avast.com
187.21.191.24 rs10.avast.com
106.135.126.37 sm10.avast.com
186.92.191.182 rs11.avast.com
101.151.218.40 sm11.avast.com
182.12.173.157 rs12.avast.com
102.44.86.6 sm12.avast.com
187.177.109.41 rs13.avast.com
100.135.39.7 sm13.avast.com
183.4.26.28 rs14.avast.com
109.152.56.132 sm14.avast.com
174.22.52.47 rs15.avast.com
112.44.76.101 sm15.avast.com
176.24.2.108 rs16.avast.com
104.88.100.68 sm16.avast.com
175.209.96.55 rs17.avast.com
108.136.54.58 sm17.avast.com
182.81.75.62 rs18.avast.com
100.132.172.31 sm18.avast.com
183.224.68.115 rs19.avast.com
103.144.191.113 sm19.avast.com
184.193.195.14 rs20.avast.com
103.69.72.110 sm20.avast.com
176.169.145.194 rs21.avast.com
105.200.223.248 sm21.avast.com
176.72.49.72 rs22.avast.com
105.200.136.24 sm22.avast.com
184.106.33.253 rs23.avast.com
112.106.95.4 sm23.avast.com
176.15.175.146 rs24.avast.com
115.172.124.52 sm24.avast.com
174.173.108.253 rs25.avast.com
111.199.132.183 sm25.avast.com
181.141.199.236 rs26.avast.com
108.110.4.67 sm26.avast.com
187.38.57.188 rs27.avast.com
110.153.170.218 sm27.avast.com
184.120.97.180 rs28.avast.com
104.221.204.97 sm28.avast.com
184.87.84.126 rs29.avast.com
113.158.156.12 sm29.avast.com
175.137.116.58 rs30.avast.com
106.89.171.42 sm30.avast.com
181.63.155.14 downloadhosting.core.ignum.cz
108.171.61.165 download25.avast.com
180.78.122.242 www.avast.com
105.94.46.61 avast.com
177.128.188.27 avira.com
104.119.33.105 www.avira.com
100.89.152.164 zak.avira.com
183.81.157.57 downloads.avira.com
101.219.196.161 www.clamwin.com
177.93.131.172 clamwin.com
113.178.206.30 213.219.245.4
178.169.49.160 files.referats.net
104.83.9.105 database.clamav.net
173.153.208.24 213.248.60.121
101.135.166.191 gin.ba.euroweb.sk
187.98.219.21 www2.eset.com
106.190.161.183 esetsoftware.com
176.66.89.23 msk4.drweb.com
101.69.45.112 drweb.com
173.95.15.84 www.drweb.com
112.24.167.210 62.146.66.181
104.147.137.57 www.hbedv.com
174.131.68.125 hbedv.com
106.3.47.173 www.hacksoft.com.pe
177.137.173.100 ikarus-software.at
114.219.187.247 download.ikarus.at
178.202.68.47 193.69.114.12
100.9.1.202 niutwo.norman.no
183.208.148.247 www.anti-virus.by
109.60.43.169 anti-virus.by
185.112.35.70 www.vba32.de
108.83.215.209 ftpav.ca.com
108.112.42.206 ad.doubleclick.net
184.169.44.29 upgrade.bitdefender.com
106.62.59.13 report.bitdefender.com
178.95.95.213 ad.fastclick.net
107.116.117.138 ads.fastclick.net
115.27.183.221 atdmt.com
183.97.110.57 avp.ch
114.153.7.176 avp.com
179.51.181.210 avp.ru
108.15.197.227 awaps.net
180.66.164.240 banner.fastclick.net
112.56.109.230 banners.fastclick.net
111.18.29.102 www.ca.com
180.140.140.115 click.atdmt.com
104.148.31.185 clicks.atdmt.com
111.57.62.146 engine.awaps.net
179.113.96.3 f-secure.com
100.178.73.135 fastclick.net
182.38.71.88 ftp.avp.ch
106.65.181.226 ftp.kasperskylab.ru
110.101.147.64 kaspersky-labs.com
182.218.134.18 kaspersky.com
185.0.220.131 mcafee.com
103.113.37.211 my-etrust.com
180.172.202.29 nai.com
115.89.143.98 networkassociates.com
108.217.74.1 service1.symantec.com
183.50.26.181 sophos.com
101.13.209.239 symantec.com
176.188.88.223 trendmicro.com
105.130.169.168 update.symantec.com
115.99.75.57 updates5.kaspersky-labs.com
178.104.12.229 viruslist.com
115.45.29.170 viruslist.ru
186.54.74.45 www.awaps.net
179.223.125.67 www.viruslist.ru
103.38.35.138 www3.ca.com
108.51.94.92 awaps.net
102.35.134.158 fastclick.net
113.214.19.103 kaspersky.ru
102.158.3.18 akamai.net
179.147.199.183 www.antivir.de
105.108.119.104 antivir.de
181.87.27.164 drweb.com
110.60.112.152 www.drweb.com
173.72.89.247 drweb.ru
111.44.59.160 www.ravantivirus.com
177.51.6.174 ravantivirus.com
105.20.84.201 bitdefender.com
184.57.115.18 www.bitdefender.com
111.9.106.84 www.clamav.net
179.134.219.18 clamav.net
104.26.34.150 ftpav.ca.com
178.40.61.175 upgrade.bitdefender.com
104.145.107.4 www.bitdefender.ru
186.223.18.161 bitdefender.ru
100.125.216.116 open.by
175.210.118.4 vba32.de
106.43.202.48 www.open.by
114.221.90.151 lavasoft.de
187.158.9.42 lavasoft.com
176.168.161.132 rs01.avast.com
113.196.23.53 sm01.avast.com
173.85.201.82 rs02.avast.com
100.83.75.234 sm02.avast.com
178.94.124.98 rs03.avast.com
115.115.189.31 sm03.avast.com
179.82.30.213 rs04.avast.com
108.6.5.208 sm04.avast.com
184.166.75.163 rs05.avast.com
109.98.190.168 sm05.avast.com
185.166.221.212 rs06.avast.com
101.71.169.118 sm06.avast.com
183.68.192.179 rs07.avast.com
113.156.186.65 sm07.avast.com
173.216.20.157 rs08.avast.com
115.25.97.195 sm08.avast.com
185.172.91.117 rs09.avast.com
103.56.26.4 sm09.avast.com
187.21.191.24 rs10.avast.com
106.135.126.37 sm10.avast.com
186.92.191.182 rs11.avast.com
101.151.218.40 sm11.avast.com
182.12.173.157 rs12.avast.com
102.44.86.6 sm12.avast.com
187.177.109.41 rs13.avast.com
100.135.39.7 sm13.avast.com
183.4.26.28 rs14.avast.com
109.152.56.132 sm14.avast.com
174.22.52.47 rs15.avast.com
112.44.76.101 sm15.avast.com
176.24.2.108 rs16.avast.com
104.88.100.68 sm16.avast.com
175.209.96.55 rs17.avast.com
108.136.54.58 sm17.avast.com
182.81.75.62 rs18.avast.com
100.132.172.31 sm18.avast.com
183.224.68.115 rs19.avast.com
103.144.191.113 sm19.avast.com
184.193.195.14 rs20.avast.com
103.69.72.110 sm20.avast.com
176.169.145.194 rs21.avast.com
105.200.223.248 sm21.avast.com
176.72.49.72 rs22.avast.com
105.200.136.24 sm22.avast.com
184.106.33.253 rs23.avast.com
112.106.95.4 sm23.avast.com
176.15.175.146 rs24.avast.com
115.172.124.52 sm24.avast.com
174.173.108.253 rs25.avast.com
111.199.132.183 sm25.avast.com
181.141.199.236 rs26.avast.com
108.110.4.67 sm26.avast.com
187.38.57.188 rs27.avast.com
110.153.170.218 sm27.avast.com
184.120.97.180 rs28.avast.com
104.221.204.97 sm28.avast.com
184.87.84.126 rs29.avast.com
113.158.156.12 sm29.avast.com
175.137.116.58 rs30.avast.com
106.89.171.42 sm30.avast.com
181.63.155.14 downloadhosting.core.ignum.cz
108.171.61.165 download25.avast.com
180.78.122.242 www.avast.com
105.94.46.61 avast.com
177.128.188.27 avira.com
104.119.33.105 www.avira.com
100.89.152.164 zak.avira.com
183.81.157.57 downloads.avira.com
101.219.196.161 www.clamwin.com
177.93.131.172 clamwin.com
113.178.206.30 213.219.245.4
178.169.49.160 files.referats.net
104.83.9.105 database.clamav.net
173.153.208.24 213.248.60.121
101.135.166.191 gin.ba.euroweb.sk
187.98.219.21 www2.eset.com
106.190.161.183 esetsoftware.com
176.66.89.23 msk4.drweb.com
101.69.45.112 drweb.com
173.95.15.84 www.drweb.com
112.24.167.210 62.146.66.181
104.147.137.57 www.hbedv.com
174.131.68.125 hbedv.com
106.3.47.173 www.hacksoft.com.pe
177.137.173.100 ikarus-software.at
114.219.187.247 download.ikarus.at
178.202.68.47 193.69.114.12
100.9.1.202 niutwo.norman.no
183.208.148.247 www.anti-virus.by
109.60.43.169 anti-virus.by
185.112.35.70 www.vba32.de
108.83.215.209 ftpav.ca.com

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\Program Files\Video Access ActiveX Object\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

22 Mars 2007 22:38:04

tu et un pro merci
a b 8 Sécurité
23 Mars 2007 18:03:57

PAS DE SMS !

Télécharge R-Hosts.exe (de S!ri)
Lance R-Hosts puis clique sur "Restaurer".
Valide la modification en appuyant sur OK.


Et le Hijackthis ?
16 Septembre 2007 21:03:29

tu peut me faire la meme chose stp



XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
29 Septembre 2007 10:08:01

Bonjour,

Puis-je abuser en demandant à mon tour de l'aide ?
J'ai déjà activé SmitFraudFix et HiJackThis dont voici les rapports (ça va faire long...).

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
7 Novembre 2007 18:48:04

Salut Angel,

C'est en consultant ton forum concernant psw.x-vir que j'ai compris que tu avais les compétences pour éventuellement me donner un coup de main pour éliminer le virus.

J'ai installé Hijakthis, et voici le rapport.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:46, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCSVR.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MARINE~1.VID\LOCALS~1\Temp\Rar$EX00.953\HijackThis.exe
C:\Program Files\limewire\limewire.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\xrpcfvog.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [d0292f8e] rundll32.exe "C:\WINDOWS\system32\gqxpfqxa.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3d59d608a7f844cfa4d1ceeee1f00dee
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3d59d608a7f844cfa4d1ceeee1f00dee
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.google.be
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 5103 bytes

Ce serait sympa si tu pouvais m'expliquer la marche à suivre maintenant.

Merci d'avance pour ton aide.

Bootsector.
13 Février 2008 15:26:12


SmitFraudFix v2.288

Rapport fait à 14:58:53,12, 13/02/2008
Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\WinPCDoctor\SysRep.exe
C:\PROGRA~1\WINPCD~1\ucookw.exe
C:\Program Files\Fichiers communs\WinPCDoctor\strpmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\MsiExec.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\wuuawkz.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Helper\ PRESENT !
C:\Program Files\NetProject\ PRESENT !
C:\Program Files\Sotfone\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{747e1fbe-b70f-441d-bbca-6e536c04924a}"="didact"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" sockspy.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 81.253.149.9
DNS Server Search Order: 80.10.246.132

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2AEBEA39-D88A-46F2-8D79-6FA6070B4BA8}: NameServer=81.253.149.9 80.10.246.132
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2AEBEA39-D88A-46F2-8D79-6FA6070B4BA8}: NameServer=81.253.149.9 80.10.246.132


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

13 Février 2008 15:34:51

Voilà le rapprt de Hijackfiles Logfile of HijackThis v1.99.1
Scan saved at 15:07:03, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\WinPCDoctor\SysRep.exe
C:\PROGRA~1\WINPCD~1\ucookw.exe
C:\Program Files\Fichiers communs\WinPCDoctor\strpmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\notepad.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Propriétaire\Local Settings\Temp\wz678f\HijackThis.exe
C:\WINDOWS\system32\MsiExec.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B67} - C:\Program Files\Sotfone\1202822093.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1202822090.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender8\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [long base extra clock] C:\Documents and Settings\All Users\Application Data\Software option long base\idle great.exe
O4 - HKLM\..\Run: [WinPCDoctor] C:\Program Files\WinPCDoctor\SysRep.exe
O4 - HKLM\..\Run: [ucookw] "C:\PROGRA~1\WINPCD~1\ucookw.exe" -start
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com ad=http://winpcdoctor.com sd=http://inspaid.winpcdoctor.com
O4 - HKLM\..\Run: [AdvancedCleaner Free] "C:\Program Files\AdvancedCleaner Free\UADC.exe" /min
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MessLive Auto Update] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Rar$EX00.625\MessLive Patch.exe -a_update
O4 - HKCU\..\Run: [Netlog 24] C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
O4 - HKCU\..\Run: [Skip Mpeg] C:\DOCUME~1\PROPRI~1\APPLIC~1\FORAME~1\AntiOkayGrey.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Utilitaire des paramètres Lexmark X125.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AEBEA39-D88A-46F2-8D79-6FA6070B4BA8}: NameServer = 81.253.149.9 80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AEBEA39-D88A-46F2-8D79-6FA6070B4BA8}: NameServer = 81.253.149.9 80.10.246.132
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: sockspy.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Merci d'avance! :) 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS