Se connecter / S'enregistrer
Votre question

pc infecté par virus

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
21 Octobre 2007 17:11:29

Bonsoir,

Je suis infecté et depuis mon pc tourne au ralenti, j'ai des fenetres pour des antivirus ou autres qui souvrent à répétition...

Je vous joins un rapport de mon pc:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:35, on 21/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\System Control Manager\edd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Documents and Settings\Campet Thomas\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/de...*http://uk.docs.yahoo.com/info/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Video Add-on\isfmdl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: IE Custom Tools - {23ED2206-856D-461A-BBCF-1C2466AC5AE3} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinSpyControl\bm.exe" dm=http://winspycontrol.com; ad=http://winspycontrol.com
O4 - HKLM\..\Run: [NI.UGA6P_0001_N119M1510] "c:\documents and settings\campet thomas\application data\install_en[1].exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3167D3C-8B13-42A5-82F8-15326D1C9012}: NameServer = 80.10.246.1 81.253.149.10
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: celtiberi - {7999c5e2-b500-4ba5-8e9a-99639eca65fc} - C:\WINDOWS\system32\mxhfjy.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe

--
End of file - 9416 bytes

Autres pages sur : infecte virus

21 Octobre 2007 17:32:00

bonjour

~Télécharge SmitfraudFix

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

~Dezippe la totalité de l'archive SmitfraudFix.zip
Recherche:
~Double clique sur SmitfraudFix.cmd
~Sélectionne 1 et presse Entrée dans le menu pour créer un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque système C:\rapport.txt
~Poste ce rapport.
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
21 Octobre 2007 18:12:23



Rapport fait à 18:01:55,49, 21/10/2007
Executé à partir de C:\Documents and Settings\Campet Thomas\Mes documents\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\System Control Manager\edd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Campet Thomas


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Campet Thomas\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CAMPET~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7999c5e2-b500-4ba5-8e9a-99639eca65fc}"="celtiberi"

[HKEY_CLASSES_ROOT\CLSID\{7999c5e2-b500-4ba5-8e9a-99639eca65fc}\InProcServer32]
@="C:\WINDOWS\system32\mxhfjy.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7999c5e2-b500-4ba5-8e9a-99639eca65fc}\InProcServer32]
@="C:\WINDOWS\system32\mxhfjy.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 80.10.246.1
DNS Server Search Order: 81.253.149.10

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E3167D3C-8B13-42A5-82F8-15326D1C9012}: NameServer=80.10.246.1 81.253.149.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E3167D3C-8B13-42A5-82F8-15326D1C9012}: NameServer=80.10.246.1 81.253.149.10
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E3167D3C-8B13-42A5-82F8-15326D1C9012}: NameServer=81.253.149.9 80.10.246.132


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
Contenus similaires
21 Octobre 2007 19:53:06

re
il manque le haut du rapport, j'aurais voulu voir ta version
si c'est une ancienne version, tu cliques sur option 4 pour mettre à jour et tu recommences.
21 Octobre 2007 20:00:20

re

je vien de refaire ce que vous avez demandé auparavant
j'ai copié toute la rapport

moi c'est thomas

SmitFraudFix v2.240

Rapport fait à 19:58:33,81, 21/10/2007
Executé à partir de C:\Documents and Settings\Campet Thomas\Local Settings\Temporary Internet Files\Content.IE5\OWP353DK\SmitfraudFix[1]\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\System Control Manager\edd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Campet Thomas


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Campet Thomas\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CAMPET~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 80.10.246.1
DNS Server Search Order: 81.253.149.10

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E3167D3C-8B13-42A5-82F8-15326D1C9012}: NameServer=80.10.246.1 81.253.149.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E3167D3C-8B13-42A5-82F8-15326D1C9012}: NameServer=80.10.246.1 81.253.149.10
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E3167D3C-8B13-42A5-82F8-15326D1C9012}: NameServer=81.253.149.9 80.10.246.132


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

21 Octobre 2007 20:10:29

re

~Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.

~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Video Add-on\isfmdl.dll
O3 - Toolbar: IE Custom Tools - {23ED2206-856D-461A-BBCF-1C2466AC5AE3} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [NI.UGA6P_0001_N119M1510] "c:\documents and settings\campet thomas\application data\install_en[1].exe"
O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O22 - SharedTaskScheduler: celtiberi - {7999c5e2-b500-4ba5-8e9a-99639eca65fc} - C:\WINDOWS\system32\mxhfjy.dll


Clique sur Fix checked (en bas à gauche)

~Sélectionne TOUS les emplacements suivants :


C:\WINDOWS\system32\mxhfjy.dll
C:\Program Files\AntiSpywareShield
C:\Program Files\Video Add-on
c:\documents and settings\campet thomas\application data\install_en[1].exe


---> Clique-droit puis Copier (ou Ctrl+C)
~Double-clique sur OTMoveIt.exe afin de le lancer.
fais un Clique-droit sur le cadre de gauche puis choisis Coller. (ou Ctrl+V).
~Clique maintenant sur [#ff0000]MoveIt![/#f]

!! Si un fichier ou dossier ne peut être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES

~Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.

21 Octobre 2007 20:22:25

re

est ce normal ke lorsque je suis sur Hijackthis, et ke je coche les ligne ke vous mavez demandez, est il noral ke certaine ne figure pas. car certaines ni sont pas et vu kil fo ke je coche ke certiane je ne peut exécuté ce ki mest demandé
21 Octobre 2007 20:26:15

re

voici quelques éléments qui pouraient vous aider concernant le virus

type: virus/ net work worm
damage level: high
description:virus that infects executable files
advice: delete/quarentaine immediately
21 Octobre 2007 22:32:31

bonsoir

je t'ai dit de cocher les lignes "si présentes"

continue la procédure stp
a b 8 Sécurité
22 Octobre 2007 17:39:19

Le prochaine fois que je vois du SMS, je sanctionne !
22 Octobre 2007 19:10:42

File/Folder C:\WINDOWS\system32\mxhfjy.dll not found.
File/Folder C:\Program Files\AntiSpywareShield not found.
Folder cleanup failed. C:\Program Files\Video Add-on scheduled to be deleted on reboot.
File/Folder c:\documents and settings\campet thomas\application data\install_en[1].exe not found.

Created on 10/22/2007 19:10:23
22 Octobre 2007 23:01:01

bonsoir

reposte un log hijackthis stp
22 Octobre 2007 23:52:33

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:51:04, on 22/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\System Control Manager\edd.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Defenza\pcd-as.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Documents and Settings\Campet Thomas\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/de...*http://uk.docs.yahoo.com/info/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Video Add-on\isfmdl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinSpyControl\bm.exe" dm=http://winspycontrol.com; ad=http://winspycontrol.com
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3167D3C-8B13-42A5-82F8-15326D1C9012}: NameServer = 81.253.149.9 80.10.246.132
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 9432 bytes
23 Octobre 2007 00:04:35

re

1

Citation :
C:\Program Files\Video Add-on scheduled to be deleted on reboot.

veut dire que tu devais redémarrer quand le logiciel te l'as demandé.
tu l'as fait?

2

~ Télécharge Clean de Malekal
http://www.malekal.com/download/clean.zip

Enregistre-le sur ton bureau et dézippe-le
Cela va créer un dossier clean.
Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
Double-clic sur clean.cmd.
Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier.
Clean va travailler.
Poste le contenu du rapport généré.

23 Octobre 2007 08:22:44

re

oui lorsqu'ils me lont demandés je l'ai redémaré


23/10/2007 a 8:21:50,39

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Adverts\" FOUND
*** Fin du rapport !

23 Octobre 2007 12:28:36

bonjour

supprime ta version de Clean, et recommence, il y a une une mise à jour qui va nous interresser

++++++++++++++++++++

~ Télécharge Clean de Malekal
http://www.malekal.com/download/clean.zip

Enregistre-le sur ton bureau et dézippe-le
Cela va créer un dossier clean.
Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
Double-clic sur clean.cmd.
Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier.
Clean va travailler.
Poste le contenu du rapport généré.
23 Octobre 2007 13:19:46

re

lorsque je suis vos directives, il m'envoi sur upload page. est ce normal?car par la suite il me dise que upload a réussit mais pas de rapport généré. que dois-je faire?
23 Octobre 2007 17:36:38

L'upload a réussi !
23 Octobre 2007 19:09:33

re
et le rapport de l'option 1?
Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
Double-clic sur clean.cmd.
Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier.
Clean va travailler.
Poste le contenu du rapport généré.
23 Octobre 2007 19:57:53

re

j'ai fait toutes les étape qui m'ont été demandés. a partir du moment où j'arrive à la page où il demande de choisir l'option je tape 1 et je fais entrer ensuite il me met une autre page noir et là il me dit de taper sur n'importe quel touche et cela me ramène toujours sur une page web intitulé http://upload.malekal.com/. je ne comprends pas pourquoi..j'ai essayé plusieurs fois et cela me fais toujours la même chose.
23 Octobre 2007 23:02:49

re

je l'ai repassé chez moi,
il faut que tu postes le rapport comme suit:
Poste le rapport clean qui se trouve en C:\rapport_clean.txt
25 Octobre 2007 21:35:13

SmitFraudFix v2.240

Rapport fait à 19:58:33,81, 21/10/2007
Executé à partir de C:\Documents and Settings\Campet Thomas\Local Settings\Temporary Internet Files\Content.IE5\OWP353DK\SmitfraudFix[1]\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\System Control Manager\edd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Campet Thomas


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Campet Thomas\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CAMPET~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 80.10.246.1
DNS Server Search Order: 81.253.149.10

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E3167D3C-8B13-42A5-82F8-15326D1C9012}: NameServer=80.10.246.1 81.253.149.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E3167D3C-8B13-42A5-82F8-15326D1C9012}: NameServer=80.10.246.1 81.253.149.10
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E3167D3C-8B13-42A5-82F8-15326D1C9012}: NameServer=81.253.149.9 80.10.246.132


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

25 Octobre 2007 22:02:47

bonsoir

ce n'était pas ce que je t'avais demandé...

on va faire autrement, reposte un log Hjackthis stp
25 Octobre 2007 22:10:49

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:51:04, on 22/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\System Control Manager\edd.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Defenza\pcd-as.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Documents and Settings\Campet Thomas\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/de...*http://uk.docs.yahoo.com/info/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Video Add-on\isfmdl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinSpyControl\bm.exe" dm=http://winspycontrol.com; ad=http://winspycontrol.com
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3167D3C-8B13-42A5-82F8-15326D1C9012}: NameServer = 81.253.149.9 80.10.246.132
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 9432 bytes
25 Octobre 2007 22:31:42

l'infection est toujours là...

on va essayer en mode sans echec



ouvre le bloc note, copie colle ceci:

C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Video Add-on\isfmdl.dll
C:\Program Files\Video Add-on


enregistre le document sur ton bureau

++++++++++++++++++++++++

redémarre en mode sans echec (f8 au démarrage du pc)

~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.

O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Video Add-on\isfmdl.dll
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe



Clique sur Fix checked (en bas à gauche)


ouvre le fichier crée avec ton bloc note et copie le contenu


~Double-clique sur OTMoveIt.exe afin de le lancer.
fais un Clique-droit sur le cadre de gauche puis choisis Coller. (ou Ctrl+V).
~Clique maintenant sur [#ff0000]MoveIt![/#f]


~Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.
27 Octobre 2007 10:27:43

re
oui mon pc est encore contaminé, la bonne nouvelle c'est qu'il n'y a plus de publicité qui se mettent en route. le problème que mon pc rame beaucoup.

C:\Program Files\Video Add-on\isfmm.exe moved successfully.
C:\Program Files\Video Add-on\isfmntr.exe moved successfully.
File/Folder C:\Program Files\Video Add-on\isfmdl.dll not found.
C:\Program Files\Video Add-on moved successfully.

Created on 10/27/2007 10:24:45

27 Octobre 2007 12:27:44

bonjour

on va vérifier quelque chose:

Mets à jour SmitfraudFix avec la touche 4,



fais un scan option1 et poste le rapport

puis

~Télécharge AVG anti-spyware.
http://www.ewido.net/en/download/
~Mets le à jour.

~Télécharge CCleaner:

http://www.filehippo.com/download_ccleaner/

~Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"


1

Redémarre en mode sans échec. (f8 au démarrage)

2


~Lance CCleaner:

Clique sur le bouton chercher les erreurs, tu fais « réparer les erreurs »
Clique sur le bouton nettoyage, tu fais « lancer le nettoyage ».


3

~Lance AVG anti-spyware.

~Dans l’onglet analyse, dans Paramètre, clique sur Actions recommandées : choisis Quarantaine.

~Clique sur Analyse puis Analyse complète du système pour commencer le scan.

~Une fois que le scan est terminé, clique sur Appliquer toutes les actions, pour supprimer tous les fichiers infectés trouvés par AVG Anti-Spyware.

~Une fois que la suppression des fichiers infectés a été faite, clique sur enregistrer le rapport et sauvegarde-le sur le bureau.
~Redémarre normalement

4


~Copie/Colle le rapport AVG anti-spyware.

+++++++++++++++++++++++++++++++++
Tuto de CCleaner: (merci à Malekal) .
http://www.malekal.com/tutorial_CCleaner.html

TutoAVG antispyware : (merci à Malekal) .
http://www.malekal.com/tutorial_AVG_AntiSpyware.html


28 Octobre 2007 21:22:55

re

quel est le code pour télécharger ccleaner? car il me le demande
30 Octobre 2007 18:39:22

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 18:39:04 30/10/2007

+ Résultat de l'analyse:



C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP151\A0092079.dll -> Downloader.Bojo.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\_OTMoveIt\MovedFiles\documents and settings\campet thomas\application data\install_en[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.ao : Ignoré.
C:\Documents and Settings\Campet Thomas\Cookies\campet_thomas@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.


Fin du rapport
a b 8 Sécurité
30 Octobre 2007 19:01:23

Reposte un rapport Hijackthis :) 
30 Octobre 2007 19:07:10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06:39, on 30/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\System Control Manager\edd.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Documents and Settings\Campet Thomas\Bureau\HiJackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Campet Thomas\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/de...*http://uk.docs.yahoo.com/info/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinSpyControl\bm.exe" dm=http://winspycontrol.com; ad=http://winspycontrol.com
O4 - HKLM\..\Run: [SBRegRebootCleaner] C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3167D3C-8B13-42A5-82F8-15326D1C9012}: NameServer = 81.253.149.9 80.10.246.132
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 9798 bytes
30 Octobre 2007 20:59:00

re

comme vous me l'avais demandé, le rapport de Antivir

AntiVir PersonalEdition Classic
Report file date: mardi 30 octobre 2007 20:14

Scanning for 1036370 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: LARDICHON

Version information:
BUILD.DAT : 269 15604 Bytes 10/09/2007 14:31:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 12:32:40
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 12:32:46
ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 25/08/2007 17:21:02
ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 28/08/2007 07:22:36
AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 29/08/2007 17:09:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 30 octobre 2007 20:14

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'EspaceWanadoo.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'SDTrayApp.exe' - '1' Module(s) have been scanned
Scan process 'SBCSTray.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'CnxMon.exe' - '1' Module(s) have been scanned
Scan process 'swdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svcntaux.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SBCSSvc.exe' - '1' Module(s) have been scanned
Scan process 'o2flash.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'edd.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
44 processes with 44 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '24' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'


End of the scan: mardi 30 octobre 2007 20:55
Used time: 41:20 min

The scan has been done completely.

3872 Scanning directories
177144 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
177144 Files not concerned
6537 Archives were scanned
2 Warnings
0 Notes

a b 8 Sécurité
31 Octobre 2007 12:35:35

Ça semble ok. Reposte un rapport Hijackthis.
1 Novembre 2007 11:05:03

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:29, on 01/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\System Control Manager\edd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\DOCUME~1\CAMPET~1\LOCALS~1\Temp\war3_Install.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Campet Thomas\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/de...*http://uk.docs.yahoo.com/info/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinSpyControl\bm.exe" dm=http://winspycontrol.com; ad=http://winspycontrol.com
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3167D3C-8B13-42A5-82F8-15326D1C9012}: NameServer = 80.10.246.130 81.253.149.10
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 9411 bytes
a b 8 Sécurité
1 Novembre 2007 12:05:57

Encore des problèmes ?
2 Novembre 2007 19:35:09

non je n'es plus de problèmes. merci pour votre aide
si j'ai des virus je vous recontacterai.
a b 8 Sécurité
2 Novembre 2007 19:37:25

Ok :) 
5 Novembre 2007 13:18:24

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 05:46:22 05/11/2007

+ Résultat de l'analyse:



C:\_OTMoveIt\MovedFiles\documents and settings\campet thomas\application data\install_en[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.ao : Ignoré.
C:\Documents and Settings\Campet Thomas\Cookies\campet_thomas@adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Campet Thomas\Cookies\campet_thomas@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Campet Thomas\Cookies\campet_thomas@revsci[1].txt -> TrackingCookie.Revsci : Nettoyé.
C:\Documents and Settings\Campet Thomas\Cookies\campet_thomas@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.


Fin du rapport

a b 8 Sécurité
5 Novembre 2007 15:39:36

Euh... ?
5 Novembre 2007 15:47:47

re

j'ai fait un nettoyage de mes deux disques dur afin d'être sur qu'il n'y est pas d'anomalies. en effet lorsque que j'ai mis en route AVG ANTI SPYWARE pour qu'il analise mes deux disques dur il a révélé ce que j'ai mis dans le rapport!
a b 8 Sécurité
5 Novembre 2007 15:53:57

Rien de méchant dans le rapport.
6 Novembre 2007 10:28:50

re

comment mettre en route "antivir guard" sur antivir.a ctuellement il est "unknown et j'arrive pas à l'activer
a b 8 Sécurité
6 Novembre 2007 12:01:44

Tu as essayé la désinstallation/réinstallation ?
6 Novembre 2007 12:47:34



AntiVir PersonalEdition Classic
Report file date: mardi 6 novembre 2007 12:00

Scanning for 916534 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: LARDICHON

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 21:30:14
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 21:30:14
ANTIVIR2.VDF : 7.0.0.172 1092608 Bytes 05/11/2007 09:22:08
ANTIVIR3.VDF : 7.0.0.174 3584 Bytes 05/11/2007 09:22:08
AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 30/10/2007 21:30:18
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Use file extension list
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 6 novembre 2007 12:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'ssstars.scr' - '0' Module(s) have been scanned
Scan process 'livecall.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'Babylon.exe' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'EspaceWanadoo.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'SBCSTray.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'CnxMon.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'SDTrayApp.exe' - '1' Module(s) have been scanned
Scan process 'swdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svcntaux.exe' - '1' Module(s) have been scanned
Scan process 'SBCSSvc.exe' - '1' Module(s) have been scanned
Scan process 'o2flash.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'edd.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
44 processes with 44 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '24' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Campet Thomas\Bureau\backups\backup-20071021-201758-840.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] The file was moved to '479349d9.qua'!
C:\Documents and Settings\Campet Thomas\Bureau\backups\backup-20071022-185314-325.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] The file was deleted!
C:\Documents and Settings\Campet Thomas\Bureau\backups\backup-20071022-190218-750.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] The file was moved to '479349e9.qua'!
C:\Documents and Settings\Campet Thomas\Bureau\backups\backup-20071022-190951-900.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] The file was moved to '479349eb.qua'!
C:\Documents and Settings\Campet Thomas\Bureau\backups\backup-20071027-000552-776.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] The file was moved to '479349ec.qua'!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0091798.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] The file was moved to '47604ccb.qua'!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0091799.exe
[DETECTION] Is the Trojan horse TR/Renos.6656.3
[INFO] The file was moved to '47604cce.qua'!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0091800.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] The file was moved to '47604cd0.qua'!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0091816.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agen.593920
[INFO] The file was moved to '47604cd1.qua'!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0091823.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] The file was moved to '47604cd3.qua'!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0091824.exe
[DETECTION] Is the Trojan horse TR/Renos.6656.3
[INFO] The file was moved to '47604cd4.qua'!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0091825.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '47604ce0.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0091832.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] The file was moved to '47604ce1.qua'!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0091833.exe
[DETECTION] Is the Trojan horse TR/Renos.6656.3
[INFO] The file was moved to '47604ce3.qua'!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0091834.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] The file was moved to '47604ce4.qua'!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0091933.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] The file was moved to '47604ceb.qua'!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0091934.exe
[DETECTION] Is the Trojan horse TR/Renos.6656.3
[INFO] The file was moved to '47604cec.qua'!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0091935.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '47604cf3.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0091966.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '456e5eb4.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0091967.exe
[DETECTION] Is the Trojan horse TR/Renos.6656.3
[INFO] A backup was created as '47604cf4.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0091968.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '456e5eb5.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0091984.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '47604cf6.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0091985.exe
[DETECTION] Is the Trojan horse TR/Renos.6656.3
[INFO] A backup was created as '47604cf5.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0091986.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '456e5eb6.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0092007.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '47604cf7.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0092008.exe
[DETECTION] Is the Trojan horse TR/Renos.6656.3
[INFO] A backup was created as '456e5eb7.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP148\A0092009.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '47604cf8.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP149\A0092032.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '456e5eb9.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP149\A0092033.exe
[DETECTION] Is the Trojan horse TR/Renos.6656.3
[INFO] A backup was created as '47604cfa.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP149\A0092034.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '47604cf9.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP149\A0092046.exe
[DETECTION] Is the Trojan horse TR/Renos.6656.3
[INFO] A backup was created as '456e5eba.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP149\A0092047.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '456e5ebb.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP149\A0092049.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '47604cfc.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP151\A0092076.exe
[DETECTION] Is the Trojan horse TR/Renos.6656.3
[INFO] A backup was created as '456e5ebd.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP151\A0092077.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '47604cfd.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP151\A0092086.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '47604cfe.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP151\A0092087.exe
[DETECTION] Is the Trojan horse TR/Renos.6656.3
[INFO] A backup was created as '456e5ebf.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP151\A0092088.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '47604c80.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP151\A0092127.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '47604d00.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP151\A0092128.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '456e5f41.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP151\A0092148.exe
[DETECTION] Is the Trojan horse TR/Renos.6656.3
[INFO] A backup was created as '47604d01.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP151\A0092154.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '456e5f42.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP151\A0092155.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '47604d02.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP152\A0093156.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '47604d05.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP152\A0093157.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '456e5f46.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP156\A0093297.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '47604d11.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP156\A0093298.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '47604d12.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP156\A0094299.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '456e5f53.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP156\A0094300.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '47604d14.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP156\A0094323.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '47604d13.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP156\A0094324.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '456e5f54.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP157\A0095325.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '456e5f55.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP157\A0095326.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '47604d15.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP157\A0096326.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '47604d16.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP157\A0096327.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '456e5f57.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP159\A0097326.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '47604d1a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP159\A0097327.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '456e5f5b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP159\A0098326.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '47604d1b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP159\A0098327.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '456e5f5c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP159\A0098346.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '47604d1c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP159\A0098366.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '47604d1d.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP159\A0098367.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '456e5f5e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP175\A0104657.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '47614d4a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP175\A0104658.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '456f5f0b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP175\A0104659.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '47614d4b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP175\A0104660.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '456f5f0c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP175\A0104661.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '47614d4d.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\_OTMoveIt\MovedFiles\Program Files\Video Add-on\icmntr.exe
[DETECTION] Is the Trojan horse TR/Renos.6656.3
[INFO] A backup was created as '479d5181.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\_OTMoveIt\MovedFiles\Program Files\Video Add-on\icthis.exe
[DETECTION] Is the Trojan horse TR/Renos.24576.2
[INFO] A backup was created as '47a45181.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\_OTMoveIt\MovedFiles\Program Files\Video Add-on\ictmdl.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.did
[INFO] A backup was created as '45ab464a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\_OTMoveIt\MovedFiles\Program Files\Video Add-on\ictun.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.don
[INFO] A backup was created as '47a45182.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\_OTMoveIt\MovedFiles\Program Files\Video Add-on\icun.exe
[DETECTION] Is the Trojan horse TR/Renos.24576.3
[INFO] A backup was created as '47a55182.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\_OTMoveIt\MovedFiles\Program Files\Video Add-on\isfmm.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo.1
[INFO] A backup was created as '47965192.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\_OTMoveIt\MovedFiles\Program Files\Video Add-on\isfmntr.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.doo
[INFO] A backup was created as '47965193.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\_OTMoveIt\MovedFiles\Program Files\Video Add-on\isfun.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.dbh.4
[INFO] A backup was created as '4599465c.qua' ( QUARANTINE )
[INFO] The file was deleted!
Begin scan in 'D:\'


End of the scan: mardi 6 novembre 2007 12:34
Used time: 34:16 min

The scan has been done completely.

3883 Scanning directories
104881 Files were scanned
75 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
60 files were deleted
0 files were repaired
74 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
104806 Files not concerned
6488 Archives were scanned
2 Warnings
0 Notes
a b 8 Sécurité
6 Novembre 2007 12:54:03

C'est ok alors ?
6 Novembre 2007 18:37:04

re

oui je pense
a b 8 Sécurité
6 Novembre 2007 19:35:17

Des questions ?
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS