Harold

Je tiens vraiment a te remercier pour ton aide precieuse. Merci pour avoir passe du temps sur mon probleme. Tout est bien qui fini bien nb: je reste a l ecoute

Voila j ai supprime tout les fichiers sauf C:\WINDOWS\sys????.exe parceque je ne l ai pas trouve. Voici mon nouveau scan : Logfile of HijackThis v1.99.1 Scan saved at 18:38:14, on 25/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe C:\WINDOWS\system32\qttask.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\Download\hijachthis\hijackthis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{18DC9E73-C487-489B-9588-EC54A9857B46}: NameServer = 212.27.32.176,212.27.32.177 O17 - HKLM\System\CS1\Services\Tcpip\..\{18DC9E73-C487-489B-9588-EC54A9857B46}: NameServer = 212.27.32.176,212.27.32.177 O17 - HKLM\System\CS2\Services\Tcpip\..\{18DC9E73-C487-489B-9588-EC54A9857B46}: NameServer = 212.27.32.176,212.27.32.177 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe nb: merci pour les sites pour dl un pare-feu

Voila le rapport de Panda ActiveScan: Incident Status Location Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Ab scissor.url Adware:Adware/Adsmart No disinfected C:\WINDOWS\sys????.exe Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Ab scissor.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Broadband comparison.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Credit counseling.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Credit report.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Crm software.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Debt credit card.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Escorts.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Fha.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Health insurance.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Help desk software.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Insurance home.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Loan for debt consolidation.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Loan for people with bad credit.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Marketing email.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Mortgage insurance.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Mortgage life insurance.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Nevada corporations.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Online Betting Site.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Online gambling casino.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Online instant loan.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Order phentermine.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Payroll advance.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Personal loans online.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Personal loans with bad credit.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Prescription Drugs Rx Online.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Refinancing my mortgage.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Tahoe vacation rental.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Unsecured bad credit loans.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\Videos.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrateur.ORDI-XPSP2\Favoris\Sites about\What is hydrocodone.url Virus:Trj/Downloader.CFJ Disinfected C:\RECYCLER\S-1-5-21-1343024091-861567501-725345543-500\Dc27.tmp Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\d3hm.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\iemc32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\javahy32.exe Adware:Adware/Adsmart No disinfected C:\WINDOWS\sysck32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\addyu32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\crlp32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\nteh.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\winlh32.exe Adware:Adware/Adsmart No disinfected C:\WINDOWS\systy32.exe Je ne sais pas trop comment comprendre ce rapport.

Ok, ca marche. Encore un merci de plus Le scan est lance , il ne reste plus qu à attendre.

J ai tout nettoyer, mais j ai un probleme avec Pandaactivescan. Lorsque je lance le scan il y a un message d erreur : Error on downloading Panda ActiveScanAn error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try again. Possible causes of this error are: Not allowing the application's ActiveX control to be downloaded. Problems with the Internet connection. Other causes (consult the FAQs). A pars ca, j espere que tout fonctionne bien. NB: je n ai pas de pare-feu

Merci infinment . J ai tout fait ca a l air de marcher comme avant :-P Je mets mon dernier log : Logfile of HijackThis v1.99.1 Scan saved at 15:28:08, on 25/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe C:\WINDOWS\system32\qttask.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe E:\Download\hijachthis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{18DC9E73-C487-489B-9588-EC54A9857B46}: NameServer = 212.27.32.176,212.27.32.177 O17 - HKLM\System\CS1\Services\Tcpip\..\{18DC9E73-C487-489B-9588-EC54A9857B46}: NameServer = 212.27.32.176,212.27.32.177 O17 - HKLM\System\CS2\Services\Tcpip\..\{18DC9E73-C487-489B-9588-EC54A9857B46}: NameServer = 212.27.32.176,212.27.32.177 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Tu ne vois pas de problemes ? J'espere que c est clean maintenant. Encore un grand merci. NB: j ai pas compris ton NB donc je pense que je ne connais pas (GDS = j ai DS ?)

OK merci pour l aide, je pose un nouveau rapport hijachthis, on diarait que c est quand je me connect a internet avec internet explorer que le dll change (et la j ai internet explorer en travail hors connection) : Logfile of HijackThis v1.99.1 Scan saved at 13:48:22, on 25/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe C:\WINDOWS\system32\qttask.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe E:\eMule\emule.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\ACE Mega CoDecS Pack\Media Player Classic\mplayerc.exe E:\Download\hijachthis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hpkit.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hpkit.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hpkit.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hpkit.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hpkit.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hpkit.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Class - {801F3199-8EAB-0036-12D6-35DEE31205DC} - C:\WINDOWS\system32\addnk32.dll O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - C:\WINDOWS\gds.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [d3ht32.exe] C:\WINDOWS\d3ht32.exe O4 - HKLM\..\Run: [sysss32.exe] C:\WINDOWS\system32\sysss32.exe O4 - HKLM\..\RunOnce: [msqf.exe] C:\WINDOWS\msqf.exe O4 - HKLM\..\RunOnce: [crnv32.exe] C:\WINDOWS\system32\crnv32.exe O4 - HKLM\..\RunOnce: [javaep32.exe] C:\WINDOWS\system32\javaep32.exe O4 - HKLM\..\RunOnce: [netcb.exe] C:\WINDOWS\netcb.exe O4 - HKLM\..\RunOnce: [msrq32.exe] C:\WINDOWS\system32\msrq32.exe O4 - HKLM\..\RunOnce: [addgs.exe] C:\WINDOWS\addgs.exe O4 - HKLM\..\RunOnce: [appwa32.exe] C:\WINDOWS\appwa32.exe O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{18DC9E73-C487-489B-9588-EC54A9857B46}: NameServer = 212.27.32.176,212.27.32.177 O17 - HKLM\System\CS1\Services\Tcpip\..\{18DC9E73-C487-489B-9588-EC54A9857B46}: NameServer = 212.27.32.176,212.27.32.177 O17 - HKLM\System\CS2\Services\Tcpip\..\{18DC9E73-C487-489B-9588-EC54A9857B46}: NameServer = 212.27.32.176,212.27.32.177 O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\atlyb.exe" /s (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Pour SpHjfix je n ai pas de rapport ( quand je clique sur strat disinfection il ne se passe rien), pour About:Buster j ai : Scanned at: 11:42:43 on: 25/05/2005 -- Scan 1 --------------------------- About:Buster Version 4.0 Reference List : 25 No ADS found on system Removed 4 Random Key Entries Attempted Clean Of Temp folder. Removed Uninstall Key (HSA) Removed Uninstall Key (SE) Removed Uninstall Key (SW) Pages Reset... Done! -- Scan 2 --------------------------- About:Buster Version 4.0 Reference List : 25 No ADS found on system Attempted Clean Of Temp folder. Pages Reset... Done!

j ai trouve dans le site d AboutBuster une solution pour mon probleme (error 339), j ai fais les scans avec AboutBuster. Mon nouveau log est identique a celui que j ai poste juste avant.

j ai eu un probleme. Quand j ai utilise About:Buster (mon pc estait en mode sans echec) il y a eu un message d erreur: Run-time error'339': Component 'MSCOMCTL.OXC' or one of its dependencies not correctly registered: a file is missing or invalid. voici mon log apres les etapes 4 ( quand j ai lance SpHjfix et j appuis sur start desinfection il ne se passe rien, je ne sais pas si c est normal) voici mon nouveau log: Logfile of HijackThis v1.99.1 Scan saved at 10:59:26, on 25/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe C:\WINDOWS\system32\qttask.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe E:\Download\hijachthis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hpkit.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hpkit.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hpkit.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hpkit.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hpkit.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hpkit.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Class - {801F3199-8EAB-0036-12D6-35DEE31205DC} - C:\WINDOWS\system32\addnk32.dll O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - C:\WINDOWS\gds.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [d3ht32.exe] C:\WINDOWS\d3ht32.exe O4 - HKLM\..\Run: [sysss32.exe] C:\WINDOWS\system32\sysss32.exe O4 - HKLM\..\RunOnce: [msqf.exe] C:\WINDOWS\msqf.exe O4 - HKLM\..\RunOnce: [iemc32.exe] C:\WINDOWS\iemc32.exe O4 - HKLM\..\RunOnce: [d3hm.exe] C:\WINDOWS\d3hm.exe O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{18DC9E73-C487-489B-9588-EC54A9857B46}: NameServer = 212.27.32.176,212.27.32.177 O17 - HKLM\System\CS1\Services\Tcpip\..\{18DC9E73-C487-489B-9588-EC54A9857B46}: NameServer = 212.27.32.176,212.27.32.177 O17 - HKLM\System\CS2\Services\Tcpip\..\{18DC9E73-C487-489B-9588-EC54A9857B46}: NameServer = 212.27.32.176,212.27.32.177 O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\atlyb.exe" /s (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

merci pour cette reponse si rapide et precise . Je m y mets tout de suite.

Tout d'abord je suis heureux de poster mon premier message sur ce forum. J' ai un probleme de trojan, à chaque fois que je lance internet explorer AVG , mon anti virus, remarque rapidement un trojan. A la lecture de mon log je vois qu il y a des problemes (en R1 et 04 je pense principalement), mais je ne sais pas vraiment quoi cocher dans hijackthis (j ai peur que si je le fais tout seul je "casse" quelque chose). J'ai utilise Sbybot S&D, CWShredder, Ad-Aware SE Personal, a² mais ca n a rien arrange. Voici mon log : Logfile of HijackThis v1.99.1 Scan saved at 10:03:00, on 25/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe C:\WINDOWS\system32\qttask.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\Download\hijachthis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rbark.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rbark.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\rbark.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rbark.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rbark.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\rbark.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Class - {801F3199-8EAB-0036-12D6-35DEE31205DC} - C:\WINDOWS\system32\addnk32.dll O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - C:\WINDOWS\gds.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [d3ht32.exe] C:\WINDOWS\d3ht32.exe O4 - HKLM\..\Run: [sysss32.exe] C:\WINDOWS\system32\sysss32.exe O4 - HKLM\..\RunOnce: [msqf.exe] C:\WINDOWS\msqf.exe O4 - HKLM\..\RunOnce: [winlh32.exe] C:\WINDOWS\system32\winlh32.exe O4 - HKLM\..\RunOnce: [addyu32.exe] C:\WINDOWS\system32\addyu32.exe O4 - HKLM\..\RunOnce: [javahy32.exe] C:\WINDOWS\javahy32.exe O4 - HKLM\..\RunOnce: [nteh.exe] C:\WINDOWS\system32\nteh.exe O4 - HKLM\..\RunOnce: [iemc32.exe] C:\WINDOWS\iemc32.exe O4 - HKLM\..\RunOnce: [d3hm.exe] C:\WINDOWS\d3hm.exe O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{18DC9E73-C487-489B-9588-EC54A9857B46}: NameServer = 212.27.32.176,212.27.32.177 O17 - HKLM\System\CS1\Services\Tcpip\..\{18DC9E73-C487-489B-9588-EC54A9857B46}: NameServer = 212.27.32.176,212.27.32.177 O17 - HKLM\System\CS2\Services\Tcpip\..\{18DC9E73-C487-489B-9588-EC54A9857B46}: NameServer = 212.27.32.176,212.27.32.177 O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\atlyb.exe" /s (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Merci d'avance.