Votre question

Virus attaquant la page d'accueil d'internet explorer

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Juillet 2006 18:40:50

Bonjour,

J'ai attrapé un virus qui disait s'appelait iworm_attck_v122-02a mais également OHPEver4.12_23 j'ai utilisé smitfraudfix qui m'a enlevé les messages d'alerte en bas de l'écran et les fenêtres intempestives de pub qui s'ouvraient. Mais ma page d'accueil d'internet explorer reste about:blank impossible d'en changer. De plus deux url se mettent en raccourci sur mon bureau dès que je me connecte à internet.
Toute aide serait precieuse, merci d'avance.

Autres pages sur : virus attaquant page accueil internet explorer

1 Juillet 2006 18:56:44

Poster le log Hijackthis:

Telecharge hijackthis sur ce site:
HijackThis
Creer un dossier a son nom , dezip le dedans.
Puis lance hijackthis , appuie sur do a system scan and save a logfile.
La un fichier bloc note va s ouvrir selectionne tout sont contenu et post le .
( Si tu ne comprend pas voici un tuto hijackthis )
1 Juillet 2006 20:33:02

Merci pour ton aide
Voici ce que donne hijackThis

Logfile of HijackThis v1.99.1
Scan saved at 20:41:59, on 01/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\b2e7074f.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Alex\Mes documents\Temp\svchost.exe
C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
C:\WINDOWS\twain_32\A4CIS600\WATCH.exe
C:\Program Files\eChanblard\emule.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\rsvp.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll (file missing)
O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\System32\NDrv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D9B63CC7-E9FA-44D5-BBAB-94266FDCE766} - C:\WINDOWS\system32\jkhfg.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Disk Defragmenter] C:\WINDOWS\System32\poiwyul.exe
O4 - HKLM\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [b2e7074f.exe] C:\WINDOWS\system32\b2e7074f.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] PDSched.exe
O4 - HKCU\..\Run: [win update] wupfyny.exe
O4 - HKCU\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKCU\..\Run: [Microsoft Services] lsrv.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] kwved32.exe
O4 - HKCU\..\Run: [Windows Guard] waumgrd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Winlogin] C:\Documents and Settings\Alex\Mes documents\Temp\svchost.exe
O4 - HKCU\..\Run: [b2e7074f.exe] C:\Documents and Settings\Alex\Local Settings\Application Data\b2e7074f.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS600\WATCH.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578....
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://downloads.winwise.fr/Common/npwwg.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab285...
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLau...
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/36313...
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.edipole.fr/kits/WebInstall.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {ABB08127-7417-11D4-8566-00500448008D} (Chat Class) - http://downloads.winwise.fr/Common/npchatlax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/fr/SysWebTelecom.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8147EB4D-4F72-491E-AA69-3F0234E50392}: NameServer = 212.27.53.252 212.27.54.252
O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll
O20 - Winlogon Notify: winexy32 - winexy32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Contenus similaires
1 Juillet 2006 20:43:16

Commence par ca:

1/citation de chercheurPCA:
Si on voit CoolWebSearch, il faut penser à CWShredder
http://cwshredder.net/bin/CWShredder.exe

Mettre CWShredder dans un répertoire dédié
Fermer toutes les fenêtres
Lancer CWShredder et cliquer sur "Fix".
Redémarre l'ordinateur.
Mais cetaines variantes résistent...


2/Télécharger VundoFix :
http://www.atribune.org/ccount/click.php?id=4
Mettez le sur le bureau.
* Double-clique VundoFix.exe afin de le lancer.
* Coche Run VundoFix as a task
* Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt

3/Ewido

Telecharge ewido sur ce site:
Ewido-Anti-Malware
Fais les mise a jour puis fais un scan , post le rapport et appuie sur Apply all actions pour supprimer les menaces.

4/Post un nouveau log hijackthis car y a du travail
Je reviens apres le match




1 Juillet 2006 21:33:05

CWShredder est impossible à lancer, mon ordi dit qu'il n' est pas valide. Je vais donc passer à l'étape suivante.
1 Juillet 2006 21:50:32

VundoFix ne detecte aucun fichier infecté: voila ce que dit le rapport:
VundoFix V4.2.84

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Scan started at 21:48:18 01/07/2006

Listing files found while scanning....


No infected files were found.

Est ce que je passe à l'étape 3 quand même? Encore une fois merci pour ton aide.
1 Juillet 2006 21:53:01

oui continu mais c bizarre car une infection de type vundo se vois quand une ligne 02 et 020 on la meme dll :
O2 - BHO: (no name) - {D9B63CC7-E9FA-44D5-BBAB-94266FDCE766} - C:\WINDOWS\system32\jkhfg.dll
O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll

C pas grave on va essayer de nettoyé les autre menace et on reviendra la dessus plus tard
1 Juillet 2006 21:59:20

Ok merci je m'y met!!
2 Juillet 2006 09:36:58

Bonjour, voici le rapport d'ewido qui après une nuit de scan à trouver de nombreux virus:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 09:38:58 02/07/2006

+ Scan result:



HKLM\SOFTWARE\AKSoft -> Adware.AkSoft : No action taken.
HKLM\SOFTWARE\AKSoft\X-Tractor -> Adware.AkSoft : No action taken.
C:\Program Files\Altnet -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\WinRes.WindowsResources -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\WinRes.WindowsResources.1 -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\WinRes.WindowsResources\CLSID -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\WinRes.WindowsResources\CurVer -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Cydoor -> Adware.Cydoor : No action taken.
HKU\S-1-5-21-2121258603-3777445738-1653462319-1005\Software\Cydoor -> Adware.Cydoor : No action taken.
HKLM\SOFTWARE\Gator.com -> Adware.Gator : No action taken.
HKLM\SOFTWARE\Gator.com\AppInfo -> Adware.Gator : No action taken.
HKLM\SOFTWARE\Gator.com\CMEII -> Adware.Gator : No action taken.
HKLM\SOFTWARE\Gator.com\Gator -> Adware.Gator : No action taken.
HKLM\SOFTWARE\Gator.com\Gator\dyn -> Adware.Gator : No action taken.
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH -> Adware.Gator : No action taken.
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs -> Adware.Gator : No action taken.
HKLM\SOFTWARE\Gator.com\Gator\dyn\GUS -> Adware.Gator : No action taken.
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaTickets -> Adware.PurityScan : No action taken.
HKU\S-1-5-21-2121258603-3777445738-1653462319-1005\Software\PurityScan -> Adware.PurityScan : No action taken.
HKU\S-1-5-21-2121258603-3777445738-1653462319-1005\Software\PurityScan\sear1 -> Adware.PurityScan : No action taken.
HKU\S-1-5-21-2121258603-3777445738-1653462319-1005\Software\PurityScan\sear1\Recent File List -> Adware.PurityScan : No action taken.
HKU\S-1-5-21-2121258603-3777445738-1653462319-1005\Software\PurityScan\sear1\Settings -> Adware.PurityScan : No action taken.
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : No action taken.
C:\WINDOWS\system32\vtuurss.dll -> Adware.Virtumonde : No action taken.
C:\Program Files\Free.fr\connect.exe -> Dialer.Freefr : No action taken.
HKLM\SOFTWARE\Classes\SysWebTelecom.SysWebTelecom -> Dialer.Generic : No action taken.
HKLM\SOFTWARE\Classes\SysWebTelecom.SysWebTelecom\CLSID -> Dialer.Generic : No action taken.
HKLM\SOFTWARE\Classes\SysWebTelecom.SysWebTelecom\CurVer -> Dialer.Generic : No action taken.
C:\WINDOWS\__delete_on_reboot__w_i_n_r_e_s_._d_l_l_ -> Downloader.IstBar.ff : No action taken.
[220] C:\WINDOWS\winres.dll -> Downloader.IstBar.ff : No action taken.
C:\Documents and Settings\Alex\Local Settings\Application Data\b2e7074f.exe -> Downloader.Obfuscated.a : No action taken.
C:\WINDOWS\system32\__delete_on_reboot__b_2_e_7_0_7_4_f_._e_x_e_ -> Downloader.Obfuscated.a : No action taken.
C:\WINDOWS\Downloaded Program Files\WebInstall.dll -> Downloader.WebInstall : No action taken.
C:\WINDOWS\system32\oins.exe -> Dropper.Small : No action taken.
C:\WINDOWS\Downloaded Program Files\1f7b4dd85dd7149dbe459e023b14c559_35.exe -> Trojan.Agent.qt : No action taken.
C:\Documents and Settings\Alex\Local Settings\Temp\firefox.exe -> Trojan.Pakes : No action taken.
C:\Documents and Settings\Alex\Mes documents\Temp\__delete_on_reboot__s_v_c_h_o_s_t_._e_x_e_ -> Worm.Delf.ai : No action taken.


::Report end
2 Juillet 2006 10:34:10

Bonjour

Ne pas oublier , à la fin du scan Ewido, de faire :
Supprimer ce qu’il trouve = Apply all actions
car "no action taken" = rien fait
-----------
Télécharger ( gratuit 15 jours)
SpySweeper

= Cliquer sur "Essayer".
= Installer le programme.
= Mettre à jour=> Yes.
= Après
=> Clic sur l'onglet Sweep Options. ( à gauche)
= Sous What to Sweep, cocher les options:

= Sweep Memory
= Sweep Registry
= Sweep Cookies
= Sweep All User Accounts
= Enable Direct Disk Sweeping
= Sweep Contents of Compressed Files
= Sweep for Rootkits
= DÉCOCHER Do not Sweep System Restore Folder.[/list]
= Clic Sweep Now sur la gauche.
= Clic sur Start.

= Scan terminé, clic sur Next.
= Tout cocher, puis =>Next.
= Si Spy Sweeper veut redémarrer pour terminer le nettoyage : ACCEPTER
.
= Clic Session Log au haut - à droite, et copie tout ce qu'il y a dans la fenêtre.
= Clic sur l'onglet Summary, puis clic sur Finish.

= Colle le contenu du "Session Log" dans ta prochaine réponse.
+ un nouveau hijack fait après nettoyage
2 Juillet 2006 11:28:51

ok merci j'ai cliqué sur apply et je vais essayer spysweeper Merci
a b 8 Sécurité
2 Juillet 2006 12:04:17

Reposte ensuite un rapport Hijackthis.
2 Juillet 2006 22:40:39

voici le rapport de spysweeper:*

********
19:44: | Start of Session, dimanche 2 juillet 2006 |
19:44: Spy Sweeper started
19:44: Sweep initiated using definitions version 711
19:44: Starting Memory Sweep
19:55: Warning: Out of memory
19:58: Memory Sweep Complete, Elapsed Time: 00:13:32
19:58: Starting Registry Sweep
19:58: Found Adware: coolwebsearch (cws)
19:58: HKCR\clsid\{2d38a51a-23c9-48a1-a33c-48675aa2b494}\ (11 subtraces) (ID = 107171)
19:58: HKLM\software\classes\clsid\{2d38a51a-23c9-48a1-a33c-48675aa2b494}\ (11 subtraces) (ID = 108560)
19:58: HKLM\software\classes\typelib\{344ee577-2027-4714-82ff-0d7538488547}\ (9 subtraces) (ID = 109797)
19:58: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}\ (1 subtraces) (ID = 111216)
19:58: HKCR\typelib\{344ee577-2027-4714-82ff-0d7538488547}\ (9 subtraces) (ID = 112503)
19:58: Found Adware: purityscan
19:58: HKCR\typelib\{ee6f3f6a-ad8e-48da-9b1d-d5204b2d227d}\ (9 subtraces) (ID = 116780)
19:58: Found Adware: edipol alloticket dialer
19:58: HKCR\clsid\{7dbfda8e-d33b-11d4-9269-00600868e56e}\ (21 subtraces) (ID = 125639)
19:58: HKCR\interface\{cfbc1c5d-d33c-11d4-9269-00600868e56e}\ (8 subtraces) (ID = 125640)
19:58: HKLM\software\classes\clsid\{7dbfda8e-d33b-11d4-9269-00600868e56e}\ (21 subtraces) (ID = 125641)
19:58: HKLM\software\classes\interface\{cfbc1c5d-d33c-11d4-9269-00600868e56e}\ (8 subtraces) (ID = 125642)
19:58: HKLM\software\classes\typelib\{cfbc1c51-d33c-11d4-9269-00600868e56e}\ (9 subtraces) (ID = 125643)
19:58: HKLM\software\classes\webinstall.wwwinstall\ (5 subtraces) (ID = 125644)
19:58: HKLM\software\classes\webinstall.wwwinstall.1\ (3 subtraces) (ID = 125645)
19:58: HKCR\typelib\{cfbc1c51-d33c-11d4-9269-00600868e56e}\ (9 subtraces) (ID = 125647)
19:58: HKCR\webinstall.wwwinstall.1\ (3 subtraces) (ID = 125648)
19:58: HKCR\webinstall.wwwinstall\ (5 subtraces) (ID = 125649)
19:58: Found Adware: gain - common components
19:58: HKCR\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (8 subtraces) (ID = 126731)
19:58: HKLM\software\classes\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (8 subtraces) (ID = 126751)
19:58: Found Adware: prosearching hijack
19:58: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 134068)
19:58: HKCR\clsid\{a78cc2ff-6e4e-4556-b27c-d7c3a70d7a50}\ (11 subtraces) (ID = 137258)
19:58: HKCR\interface\{3e43040c-73c1-4898-a4f8-e2c9428b1167}\ (8 subtraces) (ID = 137344)
19:58: HKCR\interface\{20f13844-04bc-4987-9964-2502f0da54d3}\ (8 subtraces) (ID = 137346)
19:58: HKLM\software\classes\interface\{3e43040c-73c1-4898-a4f8-e2c9428b1167}\ (8 subtraces) (ID = 137674)
19:58: HKLM\software\classes\interface\{20f13844-04bc-4987-9964-2502f0da54d3}\ (8 subtraces) (ID = 137676)
19:58: HKLM\software\classes\typelib\{ee6f3f6a-ad8e-48da-9b1d-d5204b2d227d}\ (9 subtraces) (ID = 137693)
19:58: HKLM\software\microsoft\code store database\distribution units\{9eb320ce-be1d-4304-a081-4b4665414bef}\ (14 subtraces) (ID = 137704)
19:58: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{a78cc2ff-6e4e-4556-b27c-d7c3a70d7a50}\ (1 subtraces) (ID = 137917)
19:58: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\ (2 subtraces) (ID = 137986)
19:58: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
19:58: Found Adware: whenu savenow
19:58: HKLM\software\microsoft\windows\currentversion\run\ || vvsn (ID = 140442)
19:58: Found Trojan Horse: sdbot
19:58: HKU\.default\software\microsoft\windows\currentversion\run\ || microsoft windows update (ID = 140586)
19:58: Found Adware: syswebtelecom
19:58: HKCR\clsid\{efb22865-f3bc-4309-adfa-c8e078a7f762}\ (11 subtraces) (ID = 143554)
19:58: HKCR\interface\{66b0c472-a6b5-4e86-8330-f4875af90929}\ (8 subtraces) (ID = 143558)
19:58: HKCR\interface\{639581d0-8376-4073-b73b-45993fa45156}\ (8 subtraces) (ID = 143560)
19:58: HKLM\software\classes\clsid\{efb22865-f3bc-4309-adfa-c8e078a7f762}\ (11 subtraces) (ID = 143563)
19:58: HKLM\software\classes\interface\{66b0c472-a6b5-4e86-8330-f4875af90929}\ (8 subtraces) (ID = 143567)
19:58: HKLM\software\classes\interface\{639581d0-8376-4073-b73b-45993fa45156}\ (8 subtraces) (ID = 143569)
19:58: HKLM\software\classes\typelib\{21de6877-97c0-4fc7-9c16-666b996db4a2}\ (9 subtraces) (ID = 143573)
19:58: HKCR\typelib\{21de6877-97c0-4fc7-9c16-666b996db4a2}\ (9 subtraces) (ID = 143580)
19:58: Found Adware: ist yoursitebar
19:58: HKLM\software\microsoft\code store database\distribution units\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (8 subtraces) (ID = 147850)
19:58: Found Adware: security2k hijacker
19:58: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (2 subtraces) (ID = 735573)
19:58: Found Trojan Horse: trojan agent winlogonhook
19:58: HKLM\software\microsoft\mssmgr\ (14 subtraces) (ID = 937101)
19:58: Found Adware: 2020search hijack
19:58: HKLM\software\microsoft\internet explorer\main\ || search bar (ID = 1192309)
19:58: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 1192312)
19:58: Found Adware: prosearch.com hijack
19:58: HKLM\software\microsoft\internet explorer\main\ || default_search_url (ID = 1250783)
19:58: HKLM\software\microsoft\internet explorer\main\ || local page (ID = 1250784)
19:58: HKLM\software\microsoft\internet explorer\main\ || start page (ID = 1250785)
19:58: HKLM\software\microsoft\internet explorer\main\ || search page_bak (ID = 1250789)
19:58: HKLM\software\microsoft\internet explorer\main\ || searchurl (ID = 1250790)
19:58: HKLM\software\microsoft\internet explorer\main\ || start page_bak (ID = 1250791)
19:58: Found Adware: popuper
19:58: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{686a161d-5bd1-4999-8832-6393f41e564c}\ (1 subtraces) (ID = 1505707)
19:59: Found Adware: cws-aboutblank
19:59: HKU\S-1-5-21-2121258603-3777445738-1653462319-1005\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
19:59: HKU\S-1-5-21-2121258603-3777445738-1653462319-1005\software\microsoft\internet explorer\main\ || search page (ID = 134071)
19:59: HKU\S-1-5-21-2121258603-3777445738-1653462319-1005\software\microsoft\windows\currentversion\run\ || microsoft windows update (ID = 140604)
19:59: HKU\S-1-5-21-2121258603-3777445738-1653462319-1005\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
19:59: HKU\S-1-5-21-2121258603-3777445738-1653462319-1005\software\microsoft\internet explorer\main\ || search bar (ID = 1192307)
19:59: HKU\S-1-5-21-2121258603-3777445738-1653462319-1005\software\microsoft\internet explorer\search\ || searchassistant (ID = 1192311)
19:59: HKU\S-1-5-21-2121258603-3777445738-1653462319-1005\software\microsoft\internet explorer\main\ || default_search_url (ID = 1339808)
19:59: HKU\S-1-5-21-2121258603-3777445738-1653462319-1005\software\microsoft\internet explorer\main\ || searchurl (ID = 1339809)
19:59: HKU\S-1-5-21-2121258603-3777445738-1653462319-1005\software\microsoft\internet explorer\main\ || start page_bak (ID = 1339810)
19:59: HKU\S-1-5-21-2121258603-3777445738-1653462319-1005\software\microsoft\internet explorer\main\ || local page (ID = 1339811)
19:59: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || microsoft windows update (ID = 140604)
19:59: Registry Sweep Complete, Elapsed Time:00:01:01
19:59: Starting Cookie Sweep
19:59: Found Spy Cookie: atlas dmt cookie
19:59: alex@atdmt[2].txt (ID = 2253)
19:59: Found Spy Cookie: webtrends cookie
19:59: alex@m.webtrends[2].txt (ID = 3669)
19:59: Found Spy Cookie: weborama cookie
19:59: alex@weborama[2].txt (ID = 3658)
19:59: Found Spy Cookie: xiti cookie
19:59: alex@xiti[1].txt (ID = 3717)
19:59: Cookie Sweep Complete, Elapsed Time: 00:00:00
19:59: Starting File Sweep
20:34: gatorpdpsetup.log (ID = 61399)
20:58: a0000042.dll (ID = 282896)
21:34: Warning: Failed to read file "d:\system volume information\_restore{530ce4cc-7aa4-472b-ab0a-c4a85e7eda34}\rp25\a0003257.exe". System Error. Code: 8.
Espace insuffisant pour traiter cette commande
21:45: Warning: Unable to sweep compressed file: System Error. Code: 8.
Espace insuffisant pour traiter cette commande
21:45: Warning: Unable to sweep compressed file: System Error. Code: 8.
Espace insuffisant pour traiter cette commande
21:46: File Sweep Complete, Elapsed Time: 01:46:32
21:46: Full Sweep has completed. Elapsed time 02:01:31
21:46: Traces Found: 392
22:14: Removal process initiated
22:14: Quarantining All Traces: cws-aboutblank
22:14: Quarantining All Traces: ist yoursitebar
22:14: Warning: Out of memory
22:14: Failed to quarantine ist yoursitebar
22:14: Failed to quarantine HKLM: software\microsoft\code store database\distribution units\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\
22:14: Quarantining All Traces: popuper
22:14: Warning: Out of memory
22:14: Failed to quarantine popuper
22:14: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objecta\{686a161d-5bd1-4999-8832-6393f41e564c}\
22:14: Quarantining All Traces: purityscan
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Failed to quarantine purityscan
22:15: Failed to quarantine typelib\{ee6f3f6a-ad8e-48da-9b1d-d5204b2d227d}\
22:15: Failed to quarantine clsid\{a78cc2ff-6e4e-4556-b27c-d7c3a70d7a50}\
22:15: Failed to quarantine interface\{3e43040c-73c1-4898-a4f8-e2c9428b1167}\
22:15: Failed to quarantine interface\{20f13844-04bc-4987-9964-2502f0da54d3}\
22:15: Failed to quarantine HKLM: software\classes\interface\{3e43040c-73c1-4898-a4f8-e2c9428b1167}\
22:15: Failed to quarantine HKLM: software\classes\interface\{20f13844-04bc-4987-9964-2502f0da54d3}\
22:15: Failed to quarantine HKLM: software\classes\typelib\{ee6f3f6a-ad8e-48da-9b1d-d5204b2d227d}\
22:15: Failed to quarantine HKLM: software\microsoft\code store database\distribution units\{9eb320ce-be1d-4304-a081-4b4665414bef}\
22:15: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{a78cc2ff-6e4e-4556-b27c-d7c3a70d7a50}\
22:15: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\
22:15: Quarantining All Traces: sdbot
22:15: Quarantining All Traces: security2k hijacker
22:15: Warning: Out of memory
22:15: Failed to quarantine security2k hijacker
22:15: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objecta\
22:15: Quarantining All Traces: trojan agent winlogonhook
22:15: Warning: Out of memory
22:15: Failed to quarantine trojan agent winlogonhook
22:15: Failed to quarantine HKLM: software\microsoft\mssmgr\
22:15: Quarantining All Traces: coolwebsearch (cws)
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Failed to quarantine coolwebsearch (cws)
22:15: Failed to quarantine a0000042.dll
22:15: Failed to quarantine clsid\{2d38a51a-23c9-48a1-a33c-48675aa2b494}\
22:15: Failed to quarantine HKLM: software\classes\clsid\{2d38a51a-23c9-48a1-a33c-48675aa2b494}\
22:15: Failed to quarantine HKLM: software\classes\typelib\{344ee577-2027-4714-82ff-0d7538488547}\
22:15: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}\
22:15: Failed to quarantine typelib\{344ee577-2027-4714-82ff-0d7538488547}\
22:15: Quarantining All Traces: 2020search hijack
22:15: Quarantining All Traces: edipol alloticket dialer
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Failed to quarantine edipol alloticket dialer
22:15: Failed to quarantine clsid\{7dbfda8e-d33b-11d4-9269-00600868e56e}\
22:15: Failed to quarantine interface\{cfbc1c5d-d33c-11d4-9269-00600868e56e}\
22:15: Failed to quarantine HKLM: software\classes\clsid\{7dbfda8e-d33b-11d4-9269-00600868e56e}\
22:15: Failed to quarantine HKLM: software\classes\interface\{cfbc1c5d-d33c-11d4-9269-00600868e56e}\
22:15: Failed to quarantine HKLM: software\classes\typelib\{cfbc1c51-d33c-11d4-9269-00600868e56e}\
22:15: Failed to quarantine HKLM: software\classes\webinstall.wwwinstall\
22:15: Failed to quarantine HKLM: software\classes\webinstall.wwwinstall.1\
22:15: Failed to quarantine typelib\{cfbc1c51-d33c-11d4-9269-00600868e56e}\
22:15: Failed to quarantine webinstall.wwwinstall.1\
22:15: Failed to quarantine webinstall.wwwinstall\
22:15: Quarantining All Traces: prosearch.com hijack
22:15: Quarantining All Traces: prosearching hijack
22:15: Quarantining All Traces: syswebtelecom
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Failed to quarantine syswebtelecom
22:15: Failed to quarantine clsid\{efb22865-f3bc-4309-adfa-c8e078a7f762}\
22:15: Failed to quarantine interface\{66b0c472-a6b5-4e86-8330-f4875af90929}\
22:15: Failed to quarantine interface\{639581d0-8376-4073-b73b-45993fa45156}\
22:15: Failed to quarantine HKLM: software\classes\clsid\{efb22865-f3bc-4309-adfa-c8e078a7f762}\
22:15: Failed to quarantine HKLM: software\classes\interface\{66b0c472-a6b5-4e86-8330-f4875af90929}\
22:15: Failed to quarantine HKLM: software\classes\interface\{639581d0-8376-4073-b73b-45993fa45156}\
22:15: Failed to quarantine HKLM: software\classes\typelib\{21de6877-97c0-4fc7-9c16-666b996db4a2}\
22:15: Failed to quarantine typelib\{21de6877-97c0-4fc7-9c16-666b996db4a2}\
22:15: Quarantining All Traces: atlas dmt cookie
22:15: Warning: Out of memory
22:15: Failed to quarantine atlas dmt cookie
22:15: Failed to quarantine alex@atdmt[2].txt
22:15: Quarantining All Traces: gain - common components
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Warning: Out of memory
22:15: Failed to quarantine gain - common components
22:15: Failed to quarantine gatorpdpsetup.log
22:15: Failed to quarantine clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\
22:15: Failed to quarantine HKLM: software\classes\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\
22:15: Quarantining All Traces: weborama cookie
22:15: Warning: Out of memory
22:15: Failed to quarantine weborama cookie
22:15: Failed to quarantine alex@weborama[2].txt
22:15: Quarantining All Traces: webtrends cookie
22:15: Warning: Out of memory
22:15: Failed to quarantine webtrends cookie
22:15: Failed to quarantine alex@m.webtrends[2].txt
22:15: Quarantining All Traces: whenu savenow
22:15: Quarantining All Traces: xiti cookie
22:15: Warning: Out of memory
22:15: Failed to quarantine xiti cookie
22:15: Failed to quarantine alex@xiti[1].txt
22:17: Removal process completed. Elapsed time 00:02:26
********
19:39: | Start of Session, dimanche 2 juillet 2006 |
19:39: Spy Sweeper started
19:42: Your spyware definitions have been updated.
19:44: | End of Session, dimanche 2 juillet 2006 |
2 Juillet 2006 22:45:37

Et maintenant le rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 22:53:44, on 02/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
C:\WINDOWS\twain_32\A4CIS600\WATCH.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\eChanblard\emule.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll (file missing)
O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A440ADA9-47A3-45B6-A61B-00664E600C3A} - C:\WINDOWS\system32\jkhfg.dll
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\System32\NDrv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Disk Defragmenter] C:\WINDOWS\System32\poiwyul.exe
O4 - HKLM\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [Microsoft DirectX] PDSched.exe
O4 - HKCU\..\Run: [win update] wupfyny.exe
O4 - HKCU\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKCU\..\Run: [Microsoft Services] lsrv.exe
O4 - HKCU\..\Run: [Windows Guard] waumgrd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Winlogin] C:\Documents and Settings\Alex\Mes documents\Temp\svchost.exe
O4 - HKCU\..\Run: [b2e7074f.exe] C:\Documents and Settings\Alex\Local Settings\Application Data\b2e7074f.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS600\WATCH.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578....
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://downloads.winwise.fr/Common/npwwg.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab285...
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLau...
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/36313...
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.edipole.fr/kits/WebInstall.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {ABB08127-7417-11D4-8566-00500448008D} (Chat Class) - http://downloads.winwise.fr/Common/npchatlax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/fr/SysWebTelecom.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8147EB4D-4F72-491E-AA69-3F0234E50392}: NameServer = 212.27.54.252 212.27.53.252
O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll
O20 - Winlogon Notify: winexy32 - winexy32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

2 Juillet 2006 23:05:23

On va essayer de supprimer certaines menaces:

1/Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation


O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll (file missing)
O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll (file missing)
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\System32\NDrv.dll (file missing)
O4 - HKLM\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] PDSched.exe
O4 - HKCU\..\Run: [win update] wupfyny.exe
O4 - HKCU\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKCU\..\Run: [Microsoft Services] lsrv.exe
O4 - HKCU\..\Run: [Windows Guard] waumgrd.exe
O4 - HKCU\..\Run: [Winlogin] C:\Documents and Settings\Alex\Mes documents\Temp\svchost.exe
O4 - HKCU\..\Run: [b2e7074f.exe] C:\Documents and Settings\Alex\Local Settings\Application Data\b2e7074f.exe
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/... 1.0.0.8.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLau...
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/36313...
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.edipole.fr/kits/WebInstall.dll
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/fr/SysWebTelecom.cab
O20 - Winlogon Notify: winexy32 - winexy32.dll (file missing)

2/Redémarre en mode sans échec, (en tapotant F8 au démarrage).
Assures-toi que tu as accès aux fichiers cachés.
-Explorateur windows->outils->options des dossiers->affichage
"Afficher les fichiers cachés"->coché
"Masquer les extensions.."->décoché
"Masquer les fichiers protégers du système"->décoché

Supprimes manuellement les fichiers suivants:
PDSched.exe (cherche dans systeme 32)
wupfyny.exe (cherche dans systeme 32)
waumgrd.exe (cherche dans systeme 32)
C:\Documents and Settings\Alex\Mes documents\Temp\svchost.exe
C:\Documents and Settings\Alex\Local Settings\Application Data\b2e7074f.exe
Vide ta corbeille.
Redémarre ton pc.

4/
Va sur ce site VirusTotal
Fais un copier/coller du fichier si dessous dans la case blanche en haut a droite puis appuie sur send:
C:\WINDOWS\System32\poiwyul.exe
Apres post le log de l analyse faite par le site.

5/Repost un log hijackthis
2 Juillet 2006 23:05:48

Bonsoir

1 Télécharge
CCleaner.

http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

Ewido
http://www.ewido.net/en/download/
Tu l'installes et tu le mets à jour.

2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.

3 Relance un scan HijackThis et coche les lignes ci-dessous :

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll (file missing)
O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll (file missing)
O2 - BHO: (no name) - {A440ADA9-47A3-45B6-A61B-00664E600C3A} - C:\WINDOWS\system32\jkhfg.dll
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\System32\NDrv.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Disk Defragmenter] C:\WINDOWS\System32\poiwyul.exe
O4 - HKLM\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Microsoft DirectX] PDSched.exe
O4 - HKCU\..\Run: [win update] wupfyny.exe
O4 - HKCU\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKCU\..\Run: [Microsoft Services] lsrv.exe
O4 - HKCU\..\Run: [Windows Guard] waumgrd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Winlogin] C:\Documents and Settings\Alex\Mes documents\Temp\svchost.exe
O4 - HKCU\..\Run: [b2e7074f.exe] C:\Documents and Settings\Alex\Local Settings\Application Data\b2e7074f.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578....
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://downloads.winwise.fr/Common/npwwg.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab285...
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLau...
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/36313...
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=...
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.edipole.fr/kits/WebInstall.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {ABB08127-7417-11D4-8566-00500448008D} (Chat Class) - http://downloads.winwise.fr/Common/npchatlax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/fr/SysWebTelecom.cab
O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll
O20 - Winlogon Notify: winexy32 - winexy32.dll (file missing)

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »

4 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer

5 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\System32\poiwyul.exe
C:\Documents and Settings\Alex\Mes documents\Temp\svchost.exe
C:\Documents and Settings\Alex\Local Settings\Application Data\b2e7074f.exe
wupfyny.exe
PDSched.exe
lsrv.exe
waumgrd.exe

Pour ces derniers, probablement dans C:\WINDOWS\system32 ou C:\WINDOWS

6 Lance le nettoyage avec CCleaner.

Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.

7 Redémarre normalement et poste un nouveau log HijackThis.
2 Juillet 2006 23:06:52

ewido a deja ete passer, sinon plus besoin de faire la recherche avec virustotal si chercheurPCA dis que l on peut le supprimer tu peux le faire
3 Juillet 2006 21:57:38

J'ai fait les deux méthodes mais impossible de supprimer jkhfg.dll je vais essayer virus total en attendant voici le log d'hijackthis:

ogfile of HijackThis v1.99.1
Scan saved at 21:58:50, on 03/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
C:\WINDOWS\twain_32\A4CIS600\WATCH.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {16340A17-A225-4F7F-AAB4-88B7E0EC4F63} - C:\WINDOWS\system32\jkhfg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS600\WATCH.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

a b 8 Sécurité
3 Juillet 2006 22:00:36

Coriace Vundo...

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.

Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence; laisse [X]scan through Windows Explorer activé; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe
4 Juillet 2006 19:08:04

Bonjour,
Voici le rapport de virus total à propos du fichier jkhfg.dll si ça peut vous aider:

STATUS: FINISHEDComplete scanning result of "jkhfg.dll", received in VirusTotal at 07.03.2006, 22:04:18 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.20 07.03.2006 no virus found
Authentium 4.93.8 07.03.2006 no virus found
Avast 4.7.844.0 07.03.2006 no virus found
AVG 386 07.03.2006 Downloader.Virtumonde.I
BitDefender 7.2 07.03.2006 no virus found
CAT-QuickHeal 8.00 07.03.2006 no virus found
ClamAV devel-20060426 07.03.2006 no virus found
DrWeb 4.33 07.03.2006 Trojan.Virtumod
eTrust-InoculateIT 23.72.56 07.02.2006 no virus found
eTrust-Vet 12.6.2283 06.30.2006 Win32/Vundo
Ewido 3.5 07.03.2006 no virus found
Fortinet 2.77.0.0 07.03.2006 suspicious
F-Prot 3.16f 07.03.2006 no virus found
F-Prot4 4.2.1.29 07.03.2006 no virus found
Ikarus 0.2.65.0 07.03.2006 no virus found
Kaspersky 4.0.2.24 07.03.2006 no virus found
McAfee 4798 07.03.2006 Vundo
Microsoft 1.1481 07.01.2006 no virus found
NOD32v2 1.1640 07.03.2006 no virus found
Norman 5.90.23 07.03.2006 no virus found
Panda 9.0.0.4 07.03.2006 Suspicious file
Sophos 4.07.0 07.03.2006 no virus found
Symantec 8.0 07.03.2006 no virus found
TheHacker 5.9.8.168 07.03.2006 no virus found
UNA 1.83 07.03.2006 no virus found
VBA32 3.11.0 07.03.2006 no virus found
VirusBuster 4.3.7:9 07.03.2006 no virus found


Aditional Information
File size: 569396 bytes
MD5: c0d4e95c59c9304eca44a8789066a6a0
SHA1: e778d267ae1969dd59bfb36caabc624c22804f2c
packers: embedded

4 Juillet 2006 19:39:00

Voici le rapport VGB.TXT

[07/04/2006, 19:25:49] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\SBIDEXIP\VirtumundoBeGone[1].exe" )
[07/04/2006, 19:26:33] - Detected System Information:
[07/04/2006, 19:26:33] - Windows Version: 5.1.2600, Service Pack 2
[07/04/2006, 19:26:33] - Current Username: Alex (Admin)
[07/04/2006, 19:26:33] - Windows is in NORMAL mode.
[07/04/2006, 19:26:33] - Searching for Browser Helper Objects:
[07/04/2006, 19:26:34] - BHO 1: {11A084D0-704F-4515-93E3-EFFC8A5E8E12} ()
[07/04/2006, 19:26:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2006, 19:26:34] - Checking for HKLM\...\Winlogon\Notify\jkhfg
[07/04/2006, 19:26:34] - Found: HKLM\...\Winlogon\Notify\jkhfg - This is probably Virtumundo.
[07/04/2006, 19:26:34] - Assigning {11A084D0-704F-4515-93E3-EFFC8A5E8E12} MSEvents Object
[07/04/2006, 19:26:34] - BHO list has been changed! Starting over...
[07/04/2006, 19:26:34] - BHO 1: {11A084D0-704F-4515-93E3-EFFC8A5E8E12} (MSEvents Object)
[07/04/2006, 19:26:34] - ALERT: Found MSEvents Object!
[07/04/2006, 19:26:34] - BHO 2: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[07/04/2006, 19:26:34] - BHO 3: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[07/04/2006, 19:26:34] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/04/2006, 19:26:34] - BHO 5: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[07/04/2006, 19:26:34] - BHO 6: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[07/04/2006, 19:26:34] - Finished Searching Browser Helper Objects
[07/04/2006, 19:26:34] - *** Detected MSEvents Object
[07/04/2006, 19:26:34] - Trying to remove MSEvents Object...
[07/04/2006, 19:26:35] - Terminating Process: IEXPLORE.EXE
[07/04/2006, 19:26:37] - Terminating Process: RUNDLL32.EXE
[07/04/2006, 19:26:37] - Disabling Automatic Shell Restart
[07/04/2006, 19:26:37] - Terminating Process: EXPLORER.EXE
[07/04/2006, 19:26:38] - Suspending the NT Session Manager System Service
[07/04/2006, 19:26:38] - Terminating Windows NT Logon/Logoff Manager
[07/04/2006, 19:32:07] - Re-enabling Automatic Shell Restart
[07/04/2006, 19:32:07] - File to disable: C:\WINDOWS\system32\jkhfg.dll
[07/04/2006, 19:32:07] - Renaming C:\WINDOWS\system32\jkhfg.dll -> C:\WINDOWS\system32\jkhfg.dll.vir
[07/04/2006, 19:32:08] - File successfully renamed!
[07/04/2006, 19:32:08] - Removing HKLM\...\Browser Helper Objects\{11A084D0-704F-4515-93E3-EFFC8A5E8E12}
[07/04/2006, 19:32:08] - Removing HKCR\CLSID\{11A084D0-704F-4515-93E3-EFFC8A5E8E12}
[07/04/2006, 19:32:08] - Adding Kill Bit for ActiveX for GUID: {11A084D0-704F-4515-93E3-EFFC8A5E8E12}
[07/04/2006, 19:32:08] - Deleting ATLEvents/MSEvents Registry entries
[07/04/2006, 19:32:08] - Removing HKLM\...\Winlogon\Notify\jkhfg
[07/04/2006, 19:32:08] - Searching for Browser Helper Objects:
[07/04/2006, 19:32:08] - BHO 1: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[07/04/2006, 19:32:08] - BHO 2: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[07/04/2006, 19:32:08] - BHO 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/04/2006, 19:32:08] - BHO 4: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[07/04/2006, 19:32:08] - BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[07/04/2006, 19:32:08] - Finished Searching Browser Helper Objects
[07/04/2006, 19:32:08] - Finishing up...
[07/04/2006, 19:32:08] - A restart is needed.
[07/04/2006, 19:32:39] - Attempting to Restart via STOP error (Blue Screen!)


ET maintenant le rapport hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 19:46:38, on 04/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
C:\WINDOWS\twain_32\A4CIS600\WATCH.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS600\WATCH.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{8147EB4D-4F72-491E-AA69-3F0234E50392}: NameServer = 212.27.53.252 212.27.54.252
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe


Je vais telecharger blacklight et faire les manip
4 Juillet 2006 21:04:20

Blacklight n'a rien trouvé voici le rapport:

07/04/06 20:16:56 [Info]: BlackLight Engine 1.0.42 initialized
07/04/06 20:16:56 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/04/06 20:16:58 [Note]: 7019 4
07/04/06 20:16:58 [Note]: 7005 0
07/04/06 20:17:44 [Note]: 7006 0
07/04/06 20:17:45 [Note]: 7011 2600
07/04/06 20:17:45 [Note]: 7026 0
07/04/06 20:17:45 [Note]: 7026 0
07/04/06 20:18:22 [Note]: FSRAW library version 1.7.1019
07/04/06 20:24:11 [Note]: 2000 1006
07/04/06 21:07:17 [Note]: 7007 0
a b 8 Sécurité
4 Juillet 2006 23:10:28

D'autres problemes ?
5 Juillet 2006 18:47:23

Non ça à l'air d'aller, merci pour votre aide.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS