Votre question

Infections (dont smss.exe et services.exe )

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Août 2007 08:31:24

bonjours a tous ...

alors voila suite au départ de mon pc vers les profondeur du placard a objets qui ne marche plus ...

je suis sur l'ordi de mon pere ...( ouf, mon pc arrive la semaine prochaine ) mais le probleme n'est pas la , enfin si ...

donc cette ordi est infecter de virus ...

j'ai déjà identifier smss.exe et services.exe dans les processus, que je ne peut pas arrêter ( processus critiques )

bon déjà eux plusieurs infection de virus j'ai commencer un dépoussiérages ...

alors j'ai fais des mise a jours et j'ai redemarer en mode sans echec puis fais un scan spybot ( avec supresion de tous les truc ).

ensuite j'ai fais un sacn ad-ware dont voila le log :

Ad-Aware SE Build 1.05
Logfile Created on:mercredi 22 août 2007 19:18:07
Using definitions file:SE1R188 22.08.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):21 total references
Tracking Cookie(TAC index:3):27 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


22-08-2007 19:18:07 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 204
ThreadCreationTime : 22-08-2007 16:54:01
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 252
ThreadCreationTime : 22-08-2007 16:54:14
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 276
ThreadCreationTime : 22-08-2007 16:54:17
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 320
ThreadCreationTime : 22-08-2007 16:54:22
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 332
ThreadCreationTime : 22-08-2007 16:54:23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 488
ThreadCreationTime : 22-08-2007 16:54:26
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 548
ThreadCreationTime : 22-08-2007 16:54:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 660
ThreadCreationTime : 22-08-2007 16:54:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 872
ThreadCreationTime : 22-08-2007 16:54:46
BasePriority : Normal
FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
ProductVersion : 6.00.2900.3156
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE

#:10 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1180
ThreadCreationTime : 22-08-2007 16:56:03
BasePriority : Normal
FileVersion : 7, 5, 1, 43
ProductVersion : 7, 5, 1, 43
ProductName : AVG Anti-Spyware
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2007 GRISOFT s.r.o.
OriginalFilename : avgas.exe

#:11 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 1196
ThreadCreationTime : 22-08-2007 16:56:04
BasePriority : Normal
FileVersion : 6.2.0.208
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@aolfr.122.2o7[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:utilisateur@aolfr.122.2o7.net/
Expires : 20-08-2012 17:51:38
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@247realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@247realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@ad.yieldmanager[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@ad.yieldmanager[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@adrevolver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@adrevolver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@adserver.aol[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@adserver.aol[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@adtech[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@adtech[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@advertising[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@apmebf[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@apmebf[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@bluestreak[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@bluestreak[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@bs.serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@bs.serving-sys[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@ehg-neuftelecom.hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@ehg-neuftelecom.hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@estat[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@estat[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@iv2.bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@iv2.bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@media.adrevolver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@media.adrevolver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@metriweb[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@metriweb[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@msnportal.112.2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@msnportal.112.2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@overture[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@serving-sys[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@serving-sys[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@smartadserver[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@smartadserver[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@tradedoubler[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@tradedoubler[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : utilisateur@weborama[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Utilisateur\Cookies\utilisateur@weborama[1].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 27
Objects found so far: 27



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27

Disk Scan Result for C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 27



MRU List Object Recognized!
Location: : C:\Documents and Settings\Utilisateur\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Utilisateur\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-329068152-746137067-839522115-1004\software\adobe\photoshop\7.0\visiteddirs
Description : adobe photoshop 7 recent work folders


MRU List Object Recognized!
Location: : S-1-5-21-329068152-746137067-839522115-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-329068152-746137067-839522115-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-329068152-746137067-839522115-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-329068152-746137067-839522115-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-329068152-746137067-839522115-1004\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-329068152-746137067-839522115-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-329068152-746137067-839522115-1004\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-329068152-746137067-839522115-1004\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-329068152-746137067-839522115-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-329068152-746137067-839522115-1004\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-329068152-746137067-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-329068152-746137067-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-329068152-746137067-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio
Description : information on the last station listened to using musicmatch radio


MRU List Object Recognized!
Location: : S-1-5-21-329068152-746137067-839522115-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 48

19:21:59 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:51.422
Objects scanned:96299
Objects identified:27
Objects ignored:0
New critical objects:27




ensuite un scan AVG Anti-Spyware voila le log :
[fixed---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 06:52:41 23/08/2007

+ Résultat de l'analyse:



C:\System Volume Information\_restore{C9776F37-5F6B-435D-8122-7AE3F1123226}\RP388\A0127367.exe -> Not-A-Virus.Monitor.Win32.WinSpy.88 : Aucune action entreprise.
:mozilla.155:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.211:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.259:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.12:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.13:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.14:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.375:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.376:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.19:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.20:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.21:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.22:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.23:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.24:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.41:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.60:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.61:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.62:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.63:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.64:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.65:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.66:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.67:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.397:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.398:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.399:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.78:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Cpvfeed : Aucune action entreprise.
:mozilla.79:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Cpvfeed : Aucune action entreprise.
:mozilla.80:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Cpvfeed : Aucune action entreprise.
:mozilla.81:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Cpvfeed : Aucune action entreprise.
:mozilla.90:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.110:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
:mozilla.472:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.473:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.474:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.475:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.476:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.104:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.105:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.106:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.107:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.108:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.150:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.151:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.161:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.162:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.200:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.219:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
:mozilla.220:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
:mozilla.223:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Paycounter : Aucune action entreprise.
:mozilla.495:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Paypal : Aucune action entreprise.
:mozilla.237:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.238:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.251:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.252:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.253:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.254:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.255:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.57:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.256:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Sexlist : Aucune action entreprise.
:mozilla.257:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Sexlist : Aucune action entreprise.
:mozilla.258:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Sexlist : Aucune action entreprise.
:mozilla.270:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.271:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.272:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.278:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Specificclick : Aucune action entreprise.
:mozilla.279:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Specificclick : Aucune action entreprise.
:mozilla.280:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Specificclick : Aucune action entreprise.
:mozilla.281:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Specificclick : Aucune action entreprise.
:mozilla.283:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.284:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.285:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.286:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.287:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.306:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.307:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.308:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Tribalfusion : Aucune action entreprise.
:mozilla.328:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.329:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.330:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.432:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
:mozilla.340:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Yadro : Aucune action entreprise.
:mozilla.366:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.367:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.368:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.369:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.370:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.371:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.353:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
:mozilla.354:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
:mozilla.355:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\xpsr2ber.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.


Fin du rapport

[/fixed]

Puis deux scan Hijackthis (Un en renoment Hijackthis.exe en Andrelec1.exe )

Hijackhis:
Logfile of HijackThis v1.99.1
Scan saved at 06:54:39, on 23/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Utilisateur\Bureau\desinfection\Andrelec1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmartCard32] C:\WINDOWS\vts\services.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WDAutomaticUpdate] /EXECMAJ
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://happywash.dnsalias.com:81/activex/AMC.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCDAE8D3-C720-4FC7-9957-48AD3C2BF621}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe



Andrelec1 :
Logfile of HijackThis v1.99.1
Scan saved at 06:54:39, on 23/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Utilisateur\Bureau\desinfection\Andrelec1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmartCard32] C:\WINDOWS\vts\services.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WDAutomaticUpdate] /EXECMAJ
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://happywash.dnsalias.com:81/activex/AMC.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCDAE8D3-C720-4FC7-9957-48AD3C2BF621}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe




il ya aussi , le dossier system32 qui s'ouvre au démarage
est je ne peut plus changer les option des dossier ( Il n'y a plus ll'icone option des dossier dans panneau de configuration .) .

Que faire ?

Autres pages sur : infections smss exe services exe

23 Août 2007 15:17:08

Et ba sa en fait des logs (ok je sors :D )
23 Août 2007 15:31:48

ouai c'est mieux XD
si tu regarde les autre poste de personne infecter , il y a autent de log sauf que eux il sont sur plusieur post ...
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS