Se connecter / S'enregistrer
Votre question

msn virus photo

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
18 Juin 2007 20:38:56

bonjour, si j'ai tout bien compris, il faut que je vous montre ce que donne hijackthis suite à mon virus "est-ce vous sur cette photo" ?

c'est ça ? je débarque un peu, forcément je me suis faite avoir aussi et là je rame, merci de votre aide...


Logfile of HijackThis v1.99.1
Scan saved at 20:30:27, on 18/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\avgamsvr.exe
C:\PROGRA~1\AVG\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0220Mon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vanessa.VANPORT\doc.exe
C:\Documents and Settings\Vanessa.VANPORT\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infirmiers.com/frm/viewforum.php?f=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsma...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\prvdxxjd.dll",realset
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://migalou06.spaces.live.com//PhotoUpload/MsnPUpld....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F7189FE-FD2A-4B34-94B9-CF44BC99F303}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C67728E-8670-4A88-B061-B205279EBFDD}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACB69C0C-6A30-400D-9C66-416CF39C7139}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Autres pages sur : msn virus photo

a b 8 Sécurité
18 Juin 2007 20:45:37

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    18 Juin 2007 21:10:33

    super merci pour cette reponse rapide, voici le rapport vundofix:

    VundoFix V6.5.1

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 20:58:06 18/06/2007

    Listing files found while scanning....

    C:\windows\system32\ddcccab.dll
    C:\WINDOWS\System32\djxxdvrp.ini
    C:\windows\system32\efcdcda.dll
    C:\WINDOWS\System32\prvdxxjd.dll
    C:\windows\system32\ttstv.bak1
    C:\windows\system32\ttstv.ini
    C:\windows\system32\tuvtuvv.dll
    C:\windows\system32\tuvvvst.dll
    C:\WINDOWS\System32\urqnmnn.dll
    C:\WINDOWS\System32\vtstt.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\ddcccab.dll
    C:\windows\system32\ddcccab.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\djxxdvrp.ini
    C:\WINDOWS\System32\djxxdvrp.ini Has been deleted!

    Attempting to delete C:\windows\system32\efcdcda.dll
    C:\windows\system32\efcdcda.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\prvdxxjd.dll
    C:\WINDOWS\System32\prvdxxjd.dll Has been deleted!

    Attempting to delete C:\windows\system32\ttstv.bak1
    C:\windows\system32\ttstv.bak1 Has been deleted!

    Attempting to delete C:\windows\system32\ttstv.ini
    C:\windows\system32\ttstv.ini Has been deleted!

    Attempting to delete C:\windows\system32\tuvtuvv.dll
    C:\windows\system32\tuvtuvv.dll Has been deleted!

    Attempting to delete C:\windows\system32\tuvvvst.dll
    C:\windows\system32\tuvvvst.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\urqnmnn.dll
    C:\WINDOWS\System32\urqnmnn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\vtstt.dll
    C:\WINDOWS\System32\vtstt.dll Has been deleted!

    Performing Repairs to the registry.
    Done!



    et celui de hijackthis :


    Logfile of HijackThis v1.99.1
    Scan saved at 21:09:06, on 18/06/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\avgamsvr.exe
    C:\PROGRA~1\AVG\avgupsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\WINDOWS\V0220Mon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
    C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Mio Technology\MioSync\mioSync.exe
    C:\Program Files\TribalWeb.net\tribalweb.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Vanessa.VANPORT\Bureau\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infirmiers.com/frm/viewforum.php?f=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsma...
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {E27235DB-7199-4211-870E-AC3587BFAC00} - C:\WINDOWS\System32\vtstt.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Global Startup: DVD@ccess.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
    O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://migalou06.spaces.live.com//PhotoUpload/MsnPUpld....
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3F7189FE-FD2A-4B34-94B9-CF44BC99F303}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8C67728E-8670-4A88-B061-B205279EBFDD}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ACB69C0C-6A30-400D-9C66-416CF39C7139}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgupsvc.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe



    heu...j'y comprends rien
    Contenus similaires
    18 Juin 2007 22:22:19

    juste une précision pour la néophyte que je suis : pourquoi pour un même problème (photo.zip) les helper conseillent parfois d'installer untel logiciel et parfois un tel autre ? j'ai vu passer des msnfix, des avg quelquechose etc....
    18 Juin 2007 23:30:57

    j'ai suivi un peu les conseils donnés aux autres victimes :ouch:  , j'ai lancé msnfix, dont voici le rapport , des avis ?:

    MSN_Fix 1.325.1

    C:\Documents and Settings\Vanessa.VANPORT\Bureau\MSNFix
    Fix exécuté le 18/06/2007 - 23:27:53,78 By Vanessa
    mode normal

    ************************ Recherche les fichiers présents

    Aucun Fichier trouvé

    ************************ Recherche les dossiers présents

    ... C:\Temp






    ************************ Suppression des dossiers

    .. OK ... C:\Temp


    ************************ Nettoyage du registre



    ************************ Fichiers suspects

    /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention



    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 18062007_23283787.zip
    a b 8 Sécurité
    19 Juin 2007 11:14:37

    Ne lance pas de programmes sans mon accord.

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    19 Juin 2007 19:03:18

    voila le rapport combofix, merci

    ComboFix 07-06-18.2 - C:\Documents and Settings\Vanessa.VANPORT\Bureau\ComboFix.exe
    "Vanessa" - 2007-06-19 18:55:58 - Service Pack 1 NTFS

    /wow section - STAGE #3

    ((((((((((((((((((((((((( Files Created from 2007-05-19 to 2007-06-19 )))))))))))))))))))))))))))))))


    2007-06-19 18:55 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-19 18:54 6,530 ---hs---- C:\WINDOWS\system32\vyadd.bak1
    2007-06-19 18:54 266,336 --a------ C:\WINDOWS\system32\ddayv.dll
    2007-06-19 09:43 31,254 --a------ C:\WINDOWS\system32\rqronmk.dll
    2007-06-19 09:42 70,885 --a------ C:\DOCUME~1\VANESS~1.VAN\mon.exe
    2007-06-19 09:42 31,254 --a------ C:\WINDOWS\system32\urqrrsq.dll
    2007-06-19 09:42 240,544 --a------ C:\DOCUME~1\VANESS~1.VAN\doc.exe
    2007-06-18 20:58 <REP> d-------- C:\VundoFix Backups
    2007-06-18 20:44 31,254 --a------ C:\WINDOWS\system32\efcawvu.dll
    2007-06-18 20:17 31,254 --a------ C:\WINDOWS\system32\yayywvw.dll
    2007-06-17 22:17 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-06-17 22:17 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-06-17 22:17 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-06-17 22:17 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-06-17 22:16 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-06-17 22:16 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-06-17 22:16 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-06-17 22:16 <REP> d-------- C:\Program Files\Alwil Software
    2007-06-08 00:31 <REP> d-------- C:\Program Files\Windows Live
    2007-06-03 22:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-19 16:50:10 -------- d-----w C:\Program Files\Mozilla Thunderbird
    2007-06-19 07:17:35 -------- d-----w C:\Program Files\AVG
    2007-06-17 20:07:14 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-06-17 19:57:32 -------- d-----w C:\Program Files\Norton AntiVirus
    2007-06-17 19:05:58 -------- d-----w C:\Program Files\MSN Messenger
    2007-06-17 15:16:48 -------- d-----w C:\Program Files\Lx_cats
    2007-06-07 22:52:24 -------- d-----w C:\DOCUME~1\VANESS~1.VAN\APPLIC~1\HbTools
    2007-06-07 22:31:46 -------- d-----w C:\Program Files\Messenger Plus! Live
    2007-05-17 13:00:14 -------- d-----w C:\Program Files\VideoLAN
    2007-05-17 12:59:40 -------- d-----w C:\Program Files\Legacy Interactive
    2007-05-17 12:49:51 -------- d-----w C:\Program Files\IncrediMail
    2007-05-13 13:17:37 -------- d-----w C:\Program Files\NeoTrace Express
    2007-05-13 07:13:10 -------- d-----w C:\Program Files\TribalWeb.net
    2007-05-11 17:39:50 -------- d-----w C:\DOCUME~1\VANESS~1.VAN\APPLIC~1\dvdcss
    2007-05-09 18:34:27 -------- d-----w C:\DOCUME~1\VANESS~1.VAN\APPLIC~1\Template
    2007-04-26 16:01:16 -------- d-----w C:\Program Files\eMule
    2007-04-26 15:48:07 -------- d-----w C:\DOCUME~1\VANESS~1.VAN\APPLIC~1\TribalWeb
    2007-04-12 18:16:49 66,334 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-04-12 18:16:49 449,572 ----a-w C:\WINDOWS\system32\perfh00C.dat


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {0EA54BBE-C251-4BC5-BCBC-2DFF8927891D}=C:\WINDOWS\System32\ddayv.dll [2007-06-19 18:54]
    {2A8A997F-BB9F-48F6-AA2B-2762D50F9289}=C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll [2006-11-06 11:22]
    {DC192567-65F9-4AB6-ADB7-E13575F81726}=C:\WINDOWS\System32\urqrrsq.dll [2007-06-19 09:42]
    {E27235DB-7199-4211-870E-AC3587BFAC00}=C:\WINDOWS\System32\vtstt.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00]
    "SMSERIAL"="sm56hlpr.exe" []
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]
    "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 02:11]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 17:00]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "AVG7_Run"=C:\PROGRA~1\AVG\avgw.exe /RUNONCE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"=0 (0x0)
    "NoFind"=0 (0x0)
    "NoRun"=0 (0x0)
    "NoDesktop"=0 (0x0)
    "NoControlPanel"=0 (0x0)
    "NoClose"=0 (0x0)
    "StartMenuLogOff"=0 (0x0)
    "HideClock"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{DC192567-65F9-4AB6-ADB7-E13575F81726}"="C:\WINDOWS\System32\urqrrsq.dll" [2007-06-19 09:42]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayv]
    C:\WINDOWS\System32\ddayv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrrsq]
    urqrrsq.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    C:\Program Files\Apoint2K\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    C:\PROGRA~1\AVG\avgcc.exe /STARTUP

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
    C:\PROGRA~1\AVG\avgemc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
    C:\Program Files\HPQ\Default Settings\cpqset.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\System32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    "C:\Program Files\Lexmark 2300 Series\ezprint.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HbTools]
    C:\Program Files\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
    C:\WINDOWS\System32\hphmon05.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
    c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
    C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
    "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OHE]
    C:\Program Files\Ohé\OHE.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray]
    C:\Program Files\HbTools\Bin\4.7.1.0\HbtWeatherOnTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wnrirgva]
    C:\WINDOWS\System32\yyobxsak.exe


    Contents of the 'Scheduled Tasks' folder
    2005-02-16 21:11:00 C:\WINDOWS\tasks\Connexion Facile à Internet.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-19 18:59:56
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    SMSERIAL = sm56hlpr.exe?

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-19 19:00:44

    --- E O F ---
    a b 8 Sécurité
    19 Juin 2007 19:35:51

    Re,

    Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
    Sélectionne TOUS les emplacements en gras ci-dessous :

    C:\WINDOWS\system32\vyadd.bak1
    C:\WINDOWS\system32\ddayv.dll
    C:\WINDOWS\system32\rqronmk.dll
    C:\WINDOWS\system32\urqrrsq.dll
    C:\VundoFix Backups
    C:\WINDOWS\system32\yayywvw.dll
    C:\WINDOWS\system32\efcawvu.dll


    ---> Clique-droit puis Copier (ou Ctrl+C)

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
    Clique maintenant sur [#ff0000]MoveIt![/#f]

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    ->Informations sur le logiciel<-
    19 Juin 2007 19:49:06

    C:\WINDOWS\system32\vyadd.bak1 moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ddayv.dll
    C:\WINDOWS\system32\ddayv.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\ddayv.dll scheduled to be moved on reboot.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqronmk.dll
    C:\WINDOWS\system32\rqronmk.dll NOT unregistered.
    C:\WINDOWS\system32\rqronmk.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\urqrrsq.dll
    C:\WINDOWS\system32\urqrrsq.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\urqrrsq.dll scheduled to be moved on reboot.
    C:\VundoFix Backups moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\yayywvw.dll
    C:\WINDOWS\system32\yayywvw.dll NOT unregistered.
    C:\WINDOWS\system32\yayywvw.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\efcawvu.dll
    C:\WINDOWS\system32\efcawvu.dll NOT unregistered.
    C:\WINDOWS\system32\efcawvu.dll moved successfully.

    Created on 06/19/2007 19:43:41
    19 Juin 2007 19:50:55

    le système a effectivement demandé à être redemarré, mais si je comprends bien le rapport, tout n'a pas été supprimé, c'est ça ?
    a b 8 Sécurité
    19 Juin 2007 20:04:12

    Normalement, c'est ok. Reposte un rapport Hijackthis.
    19 Juin 2007 20:08:10

    voili voilou :

    Logfile of HijackThis v1.99.1
    Scan saved at 20:07:42, on 19/06/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\avgamsvr.exe
    C:\PROGRA~1\AVG\avgupsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
    C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\msnmgr.exe
    C:\Program Files\MSN Messenger\msnmgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\Vanessa.VANPORT\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infirmiers.com/frm/viewforum.php?f=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
    O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Global Startup: DVD@ccess.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
    O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
    O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://migalou06.spaces.live.com//PhotoUpload/MsnPUpld....
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3F7189FE-FD2A-4B34-94B9-CF44BC99F303}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8C67728E-8670-4A88-B061-B205279EBFDD}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ACB69C0C-6A30-400D-9C66-416CF39C7139}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgupsvc.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    a b 8 Sécurité
    19 Juin 2007 20:16:24

    Renomme Hijackthis.exe en Scanner.exe puis reposte un rapport.
    19 Juin 2007 20:21:35

    j'ai juste renommé l'icone du bureau en "scanner", ca suffit ?

    Logfile of HijackThis v1.99.1
    Scan saved at 20:20:49, on 19/06/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\avgamsvr.exe
    C:\PROGRA~1\AVG\avgupsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
    C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Vanessa.VANPORT\doc.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Vanessa.VANPORT\Bureau\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infirmiers.com/frm/viewforum.php?f=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
    O2 - BHO: (no name) - {64CA5564-5D38-4B8B-AB86-5B49CCEAD217} - C:\WINDOWS\System32\ddayv.dll
    O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\System32\urqrrsq.dll
    O2 - BHO: (no name) - {E27235DB-7199-4211-870E-AC3587BFAC00} - C:\WINDOWS\System32\vtstt.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\VANESS~1.VAN\LOCALS~1\Temp\MsgPlusUninst.bat"
    O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Global Startup: DVD@ccess.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
    O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
    O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://migalou06.spaces.live.com//PhotoUpload/MsnPUpld....
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3F7189FE-FD2A-4B34-94B9-CF44BC99F303}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8C67728E-8670-4A88-B061-B205279EBFDD}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ACB69C0C-6A30-400D-9C66-416CF39C7139}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O20 - Winlogon Notify: ddayv - C:\WINDOWS\System32\ddayv.dll
    O20 - Winlogon Notify: urqrrsq - C:\WINDOWS\SYSTEM32\urqrrsq.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgupsvc.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    a b 8 Sécurité
    19 Juin 2007 20:28:49

    Re,

    Clique sur le menu Démarrer puis Executer, copie/colle ceci :
    "%userprofile%\Bureau\combofix.exe" /v ddayv urqrrsq
    Clique sur [OK]. Suis les invites.

    Attends que Combofix ait terminé, un rapport sera créé. Poste le rapport.
    19 Juin 2007 20:43:31

    ComboFix 07-06-18.2 - C:\Documents and Settings\Vanessa.VANPORT\Bureau\combofix.exe
    "Vanessa" - 2007-06-19 20:37:45 - Service Pack 1 NTFS
    Command switches used :: /v ddayv urqrrsq

    /wow section - STAGE #3

    ((((((((((((((((((((((((( Files Created from 2007-05-19 to 2007-06-19 )))))))))))))))))))))))))))))))


    2007-06-19 20:35 <REP> d-------- C:\Program Files\Windows Live
    2007-06-19 20:35 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2007-06-19 20:15 31,254 --a------ C:\WINDOWS\system32\iifdeff.dll
    2007-06-19 18:55 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-19 18:54 266,336 --a------ C:\WINDOWS\system32\ddayv.dll
    2007-06-19 09:42 70,885 --a------ C:\DOCUME~1\VANESS~1.VAN\mon.exe
    2007-06-19 09:42 31,254 --a------ C:\WINDOWS\system32\urqrrsq.dll
    2007-06-19 09:42 240,570 --a------ C:\DOCUME~1\VANESS~1.VAN\doc.exe
    2007-06-17 22:17 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-06-17 22:17 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-06-17 22:17 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-06-17 22:17 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-06-17 22:16 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-06-17 22:16 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-06-17 22:16 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-06-17 22:16 <REP> d-------- C:\Program Files\Alwil Software
    2007-06-03 22:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-19 18:35:40 -------- d-----w C:\Program Files\MSN Messenger
    2007-06-19 17:09:49 -------- d-----w C:\Program Files\Mozilla Thunderbird
    2007-06-19 17:07:57 -------- d-----w C:\Program Files\Lx_cats
    2007-06-19 07:17:35 -------- d-----w C:\Program Files\AVG
    2007-06-17 20:07:14 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-06-17 19:57:32 -------- d-----w C:\Program Files\Norton AntiVirus
    2007-06-07 22:52:24 -------- d-----w C:\DOCUME~1\VANESS~1.VAN\APPLIC~1\HbTools
    2007-05-17 13:00:14 -------- d-----w C:\Program Files\VideoLAN
    2007-05-17 12:59:40 -------- d-----w C:\Program Files\Legacy Interactive
    2007-05-17 12:49:51 -------- d-----w C:\Program Files\IncrediMail
    2007-05-13 13:17:37 -------- d-----w C:\Program Files\NeoTrace Express
    2007-05-13 07:13:10 -------- d-----w C:\Program Files\TribalWeb.net
    2007-05-11 17:39:50 -------- d-----w C:\DOCUME~1\VANESS~1.VAN\APPLIC~1\dvdcss
    2007-05-09 18:34:27 -------- d-----w C:\DOCUME~1\VANESS~1.VAN\APPLIC~1\Template
    2007-04-26 16:01:16 -------- d-----w C:\Program Files\eMule
    2007-04-26 15:48:07 -------- d-----w C:\DOCUME~1\VANESS~1.VAN\APPLIC~1\TribalWeb
    2007-04-12 18:16:49 66,334 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-04-12 18:16:49 449,572 ----a-w C:\WINDOWS\system32\perfh00C.dat


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {2A8A997F-BB9F-48F6-AA2B-2762D50F9289}=C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll [2006-11-06 11:22]
    {48E34B5A-D8BE-41A5-958C-EA2A7992FF62}=C:\WINDOWS\System32\ddayv.dll [2007-06-19 18:54]
    {DC192567-65F9-4AB6-ADB7-E13575F81726}=C:\WINDOWS\System32\urqrrsq.dll [2007-06-19 09:42]
    {E27235DB-7199-4211-870E-AC3587BFAC00}=C:\WINDOWS\System32\vtstt.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00]
    "SMSERIAL"="sm56hlpr.exe" []
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]
    "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 02:11]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 17:00]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "AVG7_Run"=C:\PROGRA~1\AVG\avgw.exe /RUNONCE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"=0 (0x0)
    "NoFind"=0 (0x0)
    "NoRun"=0 (0x0)
    "NoDesktop"=0 (0x0)
    "NoControlPanel"=0 (0x0)
    "NoClose"=0 (0x0)
    "StartMenuLogOff"=0 (0x0)
    "HideClock"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{DC192567-65F9-4AB6-ADB7-E13575F81726}"="C:\WINDOWS\System32\urqrrsq.dll" [2007-06-19 09:42]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayv]
    C:\WINDOWS\System32\ddayv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrrsq]
    urqrrsq.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    C:\Program Files\Apoint2K\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    C:\PROGRA~1\AVG\avgcc.exe /STARTUP

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
    C:\PROGRA~1\AVG\avgemc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
    C:\Program Files\HPQ\Default Settings\cpqset.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\System32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    "C:\Program Files\Lexmark 2300 Series\ezprint.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HbTools]
    C:\Program Files\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
    C:\WINDOWS\System32\hphmon05.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
    c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
    C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
    "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OHE]
    C:\Program Files\Ohé\OHE.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray]
    C:\Program Files\HbTools\Bin\4.7.1.0\HbtWeatherOnTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wnrirgva]
    C:\WINDOWS\System32\yyobxsak.exe

    *Newly Created Service* - USNJSVC

    Contents of the 'Scheduled Tasks' folder
    2005-02-16 21:11:00 C:\WINDOWS\tasks\Connexion Facile à Internet.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-19 20:40:45
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    SMSERIAL = sm56hlpr.exe?

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-19 20:41:30
    C:\ComboFix2.txt ... 2007-06-19 19:00

    --- E O F ---
    a b 8 Sécurité
    19 Juin 2007 20:44:21

    Bizarre...refais un scan Hijackthis.
    19 Juin 2007 20:46:23

    quoi ? c'est grave docteur?

    Logfile of HijackThis v1.99.1
    Scan saved at 20:45:33, on 19/06/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\avgamsvr.exe
    C:\PROGRA~1\AVG\avgupsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
    C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
    C:\Program Files\Mio Technology\MioSync\mioSync.exe
    C:\Program Files\TribalWeb.net\tribalweb.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Vanessa.VANPORT\Bureau\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infirmiers.com/frm/viewforum.php?f=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
    O2 - BHO: (no name) - {48E34B5A-D8BE-41A5-958C-EA2A7992FF62} - C:\WINDOWS\System32\ddayv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\System32\urqrrsq.dll
    O2 - BHO: (no name) - {E27235DB-7199-4211-870E-AC3587BFAC00} - C:\WINDOWS\System32\vtstt.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Global Startup: DVD@ccess.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
    O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
    O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://migalou06.spaces.live.com//PhotoUpload/MsnPUpld....
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3F7189FE-FD2A-4B34-94B9-CF44BC99F303}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8C67728E-8670-4A88-B061-B205279EBFDD}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ACB69C0C-6A30-400D-9C66-416CF39C7139}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: ddayv - C:\WINDOWS\System32\ddayv.dll
    O20 - Winlogon Notify: urqrrsq - C:\WINDOWS\SYSTEM32\urqrrsq.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgupsvc.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    a b 8 Sécurité
    19 Juin 2007 21:15:17

    Désinstalle un antivirus et installe un firewall comme Kerio.
    19 Juin 2007 21:27:24

    j'ai avg free edition et avast familial, lequel dois-je supprimer ?
    a b 8 Sécurité
    19 Juin 2007 21:28:48

    AVG :) 
    19 Juin 2007 22:33:14

    bon c'est fait, mais en fait tu me fais faire ça pourquoi , qu'est-ce que tu vois sur les rapports que j'ai envoyés ?
    a b 8 Sécurité
    19 Juin 2007 22:35:48

    Tu as installé Kerio ?
    Reposte un rapport.
    19 Juin 2007 22:44:09

    aussitot dit aussitot fait :

    Logfile of HijackThis v1.99.1
    Scan saved at 22:43:33, on 19/06/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Vanessa.VANPORT\Bureau\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infirmiers.com/frm/viewforum.php?f=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\System32\urqrrsq.dll
    O2 - BHO: (no name) - {E1171880-5148-4DE5-884B-39D1BE8256B3} - C:\WINDOWS\System32\ddayv.dll
    O2 - BHO: (no name) - {E27235DB-7199-4211-870E-AC3587BFAC00} - C:\WINDOWS\System32\vtstt.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Global Startup: DVD@ccess.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
    O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
    O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://migalou06.spaces.live.com//PhotoUpload/MsnPUpld....
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3F7189FE-FD2A-4B34-94B9-CF44BC99F303}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8C67728E-8670-4A88-B061-B205279EBFDD}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ACB69C0C-6A30-400D-9C66-416CF39C7139}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: ddayv - C:\WINDOWS\System32\ddayv.dll
    O20 - Winlogon Notify: urqrrsq - C:\WINDOWS\SYSTEM32\urqrrsq.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    a b 8 Sécurité
    19 Juin 2007 22:57:00

    Re,

    1/ Télécharge The Avenger (par Swandog46) sur ton Bureau.
    Dézippe-le ensuite sur ton Bureau.

    2/ Copie tout le texte en rouge[/#f] ci-dessous :

    Citation :
    [#ff1c00]Registry keys to delete:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC192567-65F9-4AB6-ADB7-E13575F81726}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1171880-5148-4DE5-884B-39D1BE8256B3}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E27235DB-7199-4211-870E-AC3587BFAC00}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE14}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE15}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddayv
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqrrsq

    Folders to delete:
    C:\Program Files\ShopperReports

    Files to delete:
    C:\WINDOWS\System32\ddayv.dll
    C:\WINDOWS\System32\vyadd.bak
    C:\WINDOWS\System32\vyadd.bak1
    C:\WINDOWS\System32\vyadd.bak2
    C:\WINDOWS\System32\vyadd.ini
    C:\WINDOWS\System32\vyadd.ini1
    C:\WINDOWS\System32\vyadd.ini2
    C:\WINDOWS\System32\vyadd.tmp
    C:\WINDOWS\System32\urqrrsq.dll
    C:\WINDOWS\System32\qsrrqru.bak
    C:\WINDOWS\System32\qsrrqru.bak1
    C:\WINDOWS\System32\qsrrqru.bak2
    C:\WINDOWS\System32\qsrrqru.ini
    C:\WINDOWS\System32\qsrrqru.ini1
    C:\WINDOWS\System32\qsrrqru.ini2
    C:\WINDOWS\System32\qsrrqru.tmp


    ---> Clique-droit puis Copier

    Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
    si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.


    3/ Maintenant, lance The Avenger en cliquant sur l'icône présente sur le Bureau.
    Sous "Script file to execute" choisis "Input Script Manually".
    Puis clique sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
    Dans cette fenêtre, colle le texte précedemment copié sur le bureau.
    Clique sur "Done"
    Ensuite clique sur l'icône en forme de Feu Vert pour démarrer l'exécution du script.
    Réponds par "Yes" deux fois quand cela te sera demandé.

    4/ The Avenger va automatiquement faire ce qui suit :
    Il va redémarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger redémarrera votre système 2 fois)
    Pendant le redémarrage, il apparaitra brièvement une fenêtre de commande de Windows noire sur votre bureau, ceci est NORMAL.
    Après le redémarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
    The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici : C:\avenger\backup.zip.

    5/ Pour finir copie/colle le contenu du ficher c:\avenger.txt dans votre réponse avec un nouveau rapport HijackThis.
    19 Juin 2007 23:10:52

    avenger :

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\mtxslvat

    *******************

    Script file located at: \??\C:\wpqvqdai.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Folder C:\Program Files\ShopperReports deleted successfully.
    File C:\WINDOWS\System32\ddayv.dll deleted successfully.


    File C:\WINDOWS\System32\vyadd.bak not found!
    Deletion of file C:\WINDOWS\System32\vyadd.bak failed!

    Could not process line:
    C:\WINDOWS\System32\vyadd.bak
    Status: 0xc0000034



    File C:\WINDOWS\System32\vyadd.bak1 not found!
    Deletion of file C:\WINDOWS\System32\vyadd.bak1 failed!

    Could not process line:
    C:\WINDOWS\System32\vyadd.bak1
    Status: 0xc0000034



    File C:\WINDOWS\System32\vyadd.bak2 not found!
    Deletion of file C:\WINDOWS\System32\vyadd.bak2 failed!

    Could not process line:
    C:\WINDOWS\System32\vyadd.bak2
    Status: 0xc0000034

    File C:\WINDOWS\System32\vyadd.ini deleted successfully.


    File C:\WINDOWS\System32\vyadd.ini1 not found!
    Deletion of file C:\WINDOWS\System32\vyadd.ini1 failed!

    Could not process line:
    C:\WINDOWS\System32\vyadd.ini1
    Status: 0xc0000034



    File C:\WINDOWS\System32\vyadd.ini2 not found!
    Deletion of file C:\WINDOWS\System32\vyadd.ini2 failed!

    Could not process line:
    C:\WINDOWS\System32\vyadd.ini2
    Status: 0xc0000034



    File C:\WINDOWS\System32\vyadd.tmp not found!
    Deletion of file C:\WINDOWS\System32\vyadd.tmp failed!

    Could not process line:
    C:\WINDOWS\System32\vyadd.tmp
    Status: 0xc0000034

    File C:\WINDOWS\System32\urqrrsq.dll deleted successfully.


    File C:\WINDOWS\System32\qsrrqru.bak not found!
    Deletion of file C:\WINDOWS\System32\qsrrqru.bak failed!

    Could not process line:
    C:\WINDOWS\System32\qsrrqru.bak
    Status: 0xc0000034



    File C:\WINDOWS\System32\qsrrqru.bak1 not found!
    Deletion of file C:\WINDOWS\System32\qsrrqru.bak1 failed!

    Could not process line:
    C:\WINDOWS\System32\qsrrqru.bak1
    Status: 0xc0000034



    File C:\WINDOWS\System32\qsrrqru.bak2 not found!
    Deletion of file C:\WINDOWS\System32\qsrrqru.bak2 failed!

    Could not process line:
    C:\WINDOWS\System32\qsrrqru.bak2
    Status: 0xc0000034



    File C:\WINDOWS\System32\qsrrqru.ini not found!
    Deletion of file C:\WINDOWS\System32\qsrrqru.ini failed!

    Could not process line:
    C:\WINDOWS\System32\qsrrqru.ini
    Status: 0xc0000034



    File C:\WINDOWS\System32\qsrrqru.ini1 not found!
    Deletion of file C:\WINDOWS\System32\qsrrqru.ini1 failed!

    Could not process line:
    C:\WINDOWS\System32\qsrrqru.ini1
    Status: 0xc0000034



    File C:\WINDOWS\System32\qsrrqru.ini2 not found!
    Deletion of file C:\WINDOWS\System32\qsrrqru.ini2 failed!

    Could not process line:
    C:\WINDOWS\System32\qsrrqru.ini2
    Status: 0xc0000034



    File C:\WINDOWS\System32\qsrrqru.tmp not found!
    Deletion of file C:\WINDOWS\System32\qsrrqru.tmp failed!

    Could not process line:
    C:\WINDOWS\System32\qsrrqru.tmp
    Status: 0xc0000034

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC192567-65F9-4AB6-ADB7-E13575F81726} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1171880-5148-4DE5-884B-39D1BE8256B3} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E27235DB-7199-4211-870E-AC3587BFAC00} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE14} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE15} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddayv deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqrrsq deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.

    et hijack:


    Logfile of HijackThis v1.99.1
    Scan saved at 23:10:07, on 19/06/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
    C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Vanessa.VANPORT\Bureau\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infirmiers.com/frm/viewforum.php?f=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Global Startup: DVD@ccess.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
    O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://migalou06.spaces.live.com//PhotoUpload/MsnPUpld....
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3F7189FE-FD2A-4B34-94B9-CF44BC99F303}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8C67728E-8670-4A88-B061-B205279EBFDD}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ACB69C0C-6A30-400D-9C66-416CF39C7139}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    a b 8 Sécurité
    19 Juin 2007 23:16:23

    Ton pc se comporte mieux ?
    19 Juin 2007 23:20:46

    oui, mais depuis kerio déjà ca allait mieux. msn buggait encore, dès que je l'ouvrais il ouvrait dix fenêtres vides et clignotait... il continuait à le faire après toutes ces manip mais je l'ai supprimé et réinstallé et depuis aucun souci...

    ca y est ? je suis guérie ?
    a b 8 Sécurité
    19 Juin 2007 23:22:14

    C'est plutôt l'étape avec The Avenger qui a fait le ménage :) 

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Tuto sur le scan en ligne

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
    19 Juin 2007 23:46:41

    kapersky n'en est qu'à 2% de l'analyse et il a déjà trouvé 1 virus et 2 fichiers infectés....

    c'est normal après tout ce qu'on a déjà fait ? je pensais que mon pc était propre de chez propre avec tout ça, eh ben non, il reste encore des saletés !

    on n'était pas bien , dans l'temps, sans ces maudits pc ?
    19 Juin 2007 23:48:00

    en meme temps il reste bloqué à 2% et plus rien ne bouge ... :fou: 
    20 Juin 2007 10:10:17

    re bonjour tout le monde, depuis hier je tente de lancer le scan de Kapersky, et celui ci met des heures (plus de 3 heures hier) pour arriver jusqu'à 2 ou 3 % d'analyse puis il se bloque à 5923 fichier analysés.

    J'ai relancé plusieurs fois, mais à chaque fois c'est le meme résultat.

    Quelqu'un sait-il ce que je doit faire et pourquoi kapersky s'arrête tout le temps ?

    merci :cry: 
    a b 8 Sécurité
    20 Juin 2007 12:52:58

    Fais un scan en ligne Panda alors.
    20 Juin 2007 18:41:40

    bon à force de patience voilà ce que ca a donné :

    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\jb9para2.Utilisateur par défaut\cert8.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\jb9para2.Utilisateur par défaut\formhistory.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\jb9para2.Utilisateur par défaut\history.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\jb9para2.Utilisateur par défaut\key3.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\jb9para2.Utilisateur par défaut\parent.lock L'objet est verrouillé ignoré
    C:\Documents and Settings\Vanessa.VANPORT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-2f734cc-6e5bd375.zip/BaaaaBaa.class Infecté : Exploit.Java.Gimsh.a ignoré
    C:\Documents and Settings\Vanessa.VANPORT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-2f734cc-6e5bd375.zip ZIP: infecté - 1 ignoré
    C:\Documents and Settings\Vanessa.VANPORT\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Vanessa.VANPORT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Vanessa.VANPORT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\Vanessa.VANPORT\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Vanessa.VANPORT\Local Settings\Historique\History.IE5\MSHist012007062020070621\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Vanessa.VANPORT\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Vanessa.VANPORT\Mes documents\Mes téléchargements\LOGICIELS\installer-24017-17-Microsoft-Windows-Media-Player-11-build-11-FINAL-French.exe Infecté : Trojan.Win32.StartPage.aop ignoré
    C:\Documents and Settings\Vanessa.VANPORT\mon.exe/data0003 Infecté : Trojan-Downloader.Win32.Agent.brf ignoré
    C:\Documents and Settings\Vanessa.VANPORT\mon.exe NSIS: infecté - 1 ignoré
    C:\Documents and Settings\Vanessa.VANPORT\ntuser.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Vanessa.VANPORT\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
    Analyse terminée.
    a b 8 Sécurité
    20 Juin 2007 18:47:40

    Re,

    Vide ce dossier :
    C:\Documents and Settings\Vanessa.VANPORT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

    Supprime :
    C:\Documents and Settings\Vanessa.VANPORT\Mes documents\Mes téléchargements\LOGICIELS\installer-24017-17-Microsoft-Windows-Media-Player-11-build-11-FINAL-French.exe
    20 Juin 2007 19:47:53

    c'est fait, j'ai aussi lancé un scan panda qui a deja trouvé deja 78 logiciels espions et plusieurs outils de piratage....

    alors quand ce sera fini, puis-je vous demander comment faire pour nettoyer tout ça ? et puis aussi que faire pour éviter que ça recommence ?
    a b 8 Sécurité
    20 Juin 2007 19:58:10

    Poste le rapport ;) 
    20 Juin 2007 20:08:26

    panda ,n'a trouvé que des logiciels espion et n'a pas dsinfecté :


    Incident Statut Analyse

    Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Agnes\Cookies\agnes@as1.falkag[1].txt
    Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Agnes\Cookies\agnes@atdmt[2].txt
    Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Agnes\Cookies\agnes@bluestreak[2].txt
    Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\Agnes\Cookies\agnes@fe.lea.lycos[1].txt
    Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Agnes\Cookies\agnes@mediaplex[1].txt
    Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Agnes\Cookies\agnes@weborama[2].txt
    Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Agnes\Cookies\agnes@xiti[1].txt
    Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Vanessa\Cookies\vanessa@doubleclick[1].txt
    Adware:Adware/IST No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\HbTools\v3.0\HbTools\static\1\hbtwallpaper.exe[hbtWallpaper.dll]
    Adware:Adware/IST No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\HbTools\v3.0\HbTools\static\2\hbtwallpaper.exe[hbtWallpaper.dll]
    Spyware:Cookie/Comclick No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[fl01.ct2.comclick.com/]
    Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.weborama.fr/]
    Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.xiti.com/]
    Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.tradedoubler.com/]
    Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.as-eu.falkag.net/]
    Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[as1.falkag.de/]
    Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/cs.sexcounter No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.cs.sexcounter.com/]
    Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.overture.com/]
    Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.247realmedia.com/]
    Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/Server.iad.Liveperson No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[server.iad.liveperson.net/]
    Spyware:Cookie/Server.iad.Liveperson No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[server.iad.liveperson.net/hc/18766632]
    Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[sel.as-eu.falkag.net/]
    Spyware:Cookie/Zedo No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/Casalemedia No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/PointRoll No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Tribalfusion No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/WUpd No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.revenue.net/]
    Spyware:Cookie/Searchportal No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[searchportal.information.com/]
    Spyware:Cookie/onestat.com No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[stat.onestat.com/]
    Spyware:Cookie/BurstNet No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.adtech.de/]
    Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.fe.lea.lycos.fr/]
    Spyware:Cookie/Valueclick No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.valueclick.com/]
    Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.bs.serving-sys.com/]
    Spyware:Cookie/Casinotropez No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.casinotropez.com/fr/]
    Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.com.com/]
    Spyware:Cookie/Adserver No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.z1.adserver.com/]
    Spyware:Cookie/MetriWeb No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.metriweb.be/]
    Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[fe.lea.lycos.de/]
    Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[statse.webtrendslive.com/dcsio5sd4cydgsdqplcufbkze_4z7i]
    Spyware:Cookie/Apmebf No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.apmebf.com/]
    Spyware:Cookie/Belnk No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.belnk.com/]
    Spyware:Cookie/SpyLog No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.spylog.com/]
    Spyware:Cookie/Yadro No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.yadro.ru/]
    Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.ehg-dig.hitbox.com/]
    Spyware:Cookie/Go No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.go.com/]
    Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.ehg.hitbox.com/]
    Spyware:Cookie/Bfast No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.bfast.com/]
    Spyware:Cookie/Beweb No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.beweb.com/]
    Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/Maxserving No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.statse.webtrendslive.com/S141021]
    Outil indésirable:Application/NirCmd.A No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Bureau\ComboFix.exe[nircmd.exe]
    Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Bureau\MSNFix\incl\Process.exe
    Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Bureau\MSNFix.zip[MSNFix/incl/Process.exe]
    Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Cookies\vanessa@atdmt[2].txt
    Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Cookies\vanessa@bluestreak[2].txt
    Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Cookies\vanessa@weborama[2].txt
    Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Cookies\vanessa@xiti[1].txt
    Adware:Adware/IST No Désinfecté C:\Program Files\HbTools\Bin\4.7.1.0\HbtHostOE.dll
    Adware:Adware/IST No Désinfecté C:\Program Files\HbTools\Bin\4.7.1.0\ShprRprtHbt.exe[ShprRprt.dll]
    Adware:Adware/IST No Désinfecté C:\Program Files\HbTools\Bin\4.8.4.0\HbtInstIE.dll
    Adware:Adware/IST No Désinfecté C:\Program Files\HbTools\HBTV\uninstaller.exe[²ÜÇ\TVEngineCommand.dll]
    Outil indésirable:Application/NirCmd.A No Désinfecté C:\WINDOWS\nircmd.exe
    Adware:Adware/IST No Désinfecté C:\WINDOWS\system32\khffvxpd.exe[HBTVSetup.exe][²ÜÇ\TVEngineCommand.dll]
    Spyware:Spyware/Virtumonde No Désinfecté C:\_OTMoveIt\MovedFiles\VundoFix Backups\ddcccab.dll.bad
    Spyware:Spyware/Virtumonde No Désinfecté C:\_OTMoveIt\MovedFiles\VundoFix Backups\efcdcda.dll.bad
    Spyware:Spyware/Virtumonde No Désinfecté C:\_OTMoveIt\MovedFiles\VundoFix Backups\prvdxxjd.dll.bad
    Spyware:Spyware/Virtumonde No Désinfecté C:\_OTMoveIt\MovedFiles\VundoFix Backups\tuvtuvv.dll.bad
    Spyware:Spyware/Virtumonde No Désinfecté C:\_OTMoveIt\MovedFiles\VundoFix Backups\tuvvvst.dll.bad
    Spyware:Spyware/Virtumonde No Désinfecté C:\_OTMoveIt\MovedFiles\VundoFix Backups\urqnmnn.dll.bad
    Spyware:Spyware/Virtumonde No Désinfecté C:\_OTMoveIt\MovedFiles\VundoFix Backups\vtstt.dll.bad
    a b 8 Sécurité
    20 Juin 2007 20:12:01

    Re,

    Supprime :
    C:\Program Files\HbTools
    C:\WINDOWS\system32\khffvxpd.exe
    20 Juin 2007 20:39:41

    c'est fait, je relance encore un rapport de quelque chose ? :ouch: 
    a b 8 Sécurité
    20 Juin 2007 20:41:57

    Reposte un rapport Hijackthis.
    20 Juin 2007 20:53:56

    Logfile of HijackThis v1.99.1
    Scan saved at 20:53:30, on 20/06/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
    C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Documents and Settings\Vanessa.VANPORT\Bureau\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infirmiers.com/frm/viewforum.php?f=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Global Startup: DVD@ccess.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
    O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://migalou06.spaces.live.com//PhotoUpload/MsnPUpld....
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3F7189FE-FD2A-4B34-94B9-CF44BC99F303}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8C67728E-8670-4A88-B061-B205279EBFDD}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ACB69C0C-6A30-400D-9C66-416CF39C7139}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    a b 8 Sécurité
    20 Juin 2007 21:43:39

    Même problème ?
    20 Juin 2007 21:58:03

    heu... je n'ai plus de problème, à mes yeux de débutante mon PC marche super bien, c'est juste que les scan que je fais me disent que je suis infectée alors j'aimerai bien tout nettoyer pour partir sur de bonnes bases...
    a b 8 Sécurité
    20 Juin 2007 22:16:25

    Refais un scan Panda.
    20 Juin 2007 22:29:37

    alors là je rêve !

    je lance le scan panda (activescan) et je n'avais pas enlevé mon antivirus avast, et dès que la fenêtre activescan s'ouvre, avast m'affiche un message comme quoi activescan est infecté....

    c'est quoi ce bordel ? le site PANDA de recherche de virus enverrait-il lui même les virus aux internautes pour que ceux-ci achètent la version "guerisseuse" d'activescan ??!
    a b 8 Sécurité
    20 Juin 2007 22:43:41

    C'est un faux-positif, il faut désactiver Avast :) 
    21 Juin 2007 10:21:34

    riuen à faire, même en désactivant avast, le scan panda ne veut plus se lancer...
    je jette l'éponge
    a b 8 Sécurité
    21 Juin 2007 13:42:55

    Redémarre, désactive Avast!, recommence le scan.
    21 Juin 2007 22:31:21

    aucun rapport à sortir, activescan me dit qu'il n'a rien trouvé de suspect sur mon pc !!!!



    Vous savez quoi ?......

    SUPER MERCI VOUS ETES GENIAUX !!
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS