zelive

Bonjour tout le monde!! Voila, j'ai un ptit souci ki devient de plus en plus gros avec mon pc! Je vais commencer par le début de l'histoire! Alors il y a 2 semaines g u une puissante infection (virus et cheval de troie en tout genre) ki faisai ke je ne pouvai plus me connecter à internet! Alors g reformater mon Pc et rien n'y a fait c t de pire en pire! alors je suis venu sur zébulon pour expliker mon soucis et heureusement nous sommes venus à bout de ses vilaines bêtes! PAr contre kan je l'ai reformater, j'ai du faire des bétises... (oupss )! En effet, depuis voila les différents pb ke je rencontre : - Plus de son - Lorsque je veu me connecter à internet il fau ke je désinstalle mon modem et ke je le rinstalle (à chak foi la même galère!) - Lorsque je veu imprimer il me faut o moin 1/2 h (et encore kan ca marche!) : à savior mon imprimante est relié a l ordi par un cable usb - Mon pc fait plus ke ramé, maintenant il fai du sur place....dès kun anti virus ou kun programme se lance en même tps ke je suis sur le net il faut ke je ne touche a rien ca blok pendant 10 min o moins... Voila en gros mes ptits soucis! Sur l'ancien post ke j avai laissé dans s"curité on m avai di kil devai y avoir d conflit dan mon ordi! Je ne c pas ce ke ca veut dire je suis une débutante... Je peu vous préciser ke kan je vai dans gestionnaire de périph. : et bien il y a un point d interrogation devant autres périphérique, et dedan il y a modem PCI et Controleur audio multimédia ki eu aussi on un point d interrogation jaune avec en prime un point d'exclamation! Les vénards! Alors voila! gspr ke kelkun aura réussi à cerné mes ptits soucis et surtout m'aider!!! A bientôt

ok merci pour le conseil!!! Et merci à Qc001 et jack pour leur aide très précieuse!!! Mille Merci!!!!! A bientôt peut être!

Hello, Sniff pas de nouvelle réponse?! M'aurait on oubliée?

hello! G fait une tite inspection du coté du gestionnaire de périph. et il n'y a que autres périph. ki présente des conflits avec contrôleur audi multimédia et avec modem PCI! Voila, à savoir ke mon PC rame de plus en plus : d ke je veu imprimer, me connecter à yahoo msg, ... et l'eternel modem a desinstaller résinstaller avant toute connexion.... Et surtout je n'ai pas de son (et ca c depui ke je l ai reformaté... Oupss!) En tou cas je suis bien heureuse ke notre malade n'est plus d infection! Bon boulot!!

Me revoila, Alors voici le rapport regsearch : REGEDIT4 ; Registry Search by Bobbi Flekman © 2005 ; Version: 1.0.2.4 ; Results at 27/01/2006 14:22:02 for strings: ; 'contextplus' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... [/b]Et un rapport Hijack! (est ce kil t en faut toujour un ou c pas la peine?) Logfile of HijackThis v1.99.1 Scan saved at 14:29:43, on 27/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\GSICON.EXE C:\WINDOWS\System32\dslagent.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Documents and Settings\Lol\Mes documents\Utilitaire\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe A biento gspr!

Hello! Bon g vérifié pour mon gestionnaire de péréphique! Toute l'arborescence est bien présente mai just devan autres périphérik il y un poin dinterrogation jaune et il contient contrôleur audio multimédia et modem PCI ki eux aussi ont droit a leur ptit point d 'interrogation mais avec un extra : un point d exclamation! Les chanceux! alors je ne sais pas si c est movai sign mai g préférer le signaler! Bon je vais faire t manip! A mon avis je vai encore mettre 2h! alors je préfère dire bonn nui et a demain! java script:add_smilie("","smid_143") icon_Sleep2.gif:sleep2:

Hello!! Bon g fait toutes t manip! ya pas u de pb sauf concernant Blacklight ou tu me disai de laisser scan through Windows Explorer activé => je n'ai vu ca nul par et dans le rapport ke tu verra plus bas et bien il n y a aps l'ai r d avoir d objet infecté ! Sinon concernant l'état de la bécane voici un ptit récap : - Je galère toujours pour me conecter à Internet : kan je rallum mon pc pas de connexion, obligée de désinstaller réinstaller mon modem (ce ki me prend 15 min à chak foi!) : pkoi je ne peu pas me connecter sans faire ca??!! - Sinon kan je navigu sur le net ca va il est plutot réactif - Par contre dès ke je branche une clé USB ou encore pire mon imprimante la c la fin des haricot! Monsieur tourne au ralenti et en moyenn je met 30 min pour imprimer.... Vive Flash! Mai bon pour le moment ce ki m import c pouvoir d'une manière ou d'une autre pouvoir me connecté pour te poster mes rapports! Rapport Blacklight 01/25/06 14:39:39 [info]: BlackLight Engine 1.0.30 initialized 01/25/06 14:39:39 [info]: OS: 5.1 build 2600 (Service Pack 1) 01/25/06 14:39:40 [Note]: 7019 4 01/25/06 14:39:40 [Note]: 7005 0 01/25/06 14:40:04 [Note]: 7006 0 01/25/06 14:40:04 [Note]: 7011 1404 01/25/06 14:40:08 [Note]: FSRAW library version 1.7.1014 01/25/06 14:40:59 [Note]: 7007 0 Hijack! Logfile of HijackThis v1.99.1 Scan saved at 15:01:04, on 25/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Brother\Brmfcmon\brmfcwnd.exe C:\WINDOWS\system32\dslAgent.exe C:\WINDOWS\system32\gsicon.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\ftp.exe C:\Documents and Settings\Lol\Mes documents\Utilitaire\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{38FF1FBB-217E-4C16-BEC9-673D7EB37A9C}: NameServer = 194.117.200.10 194.117.200.15 O17 - HKLM\System\CS1\Services\Tcpip\..\{38FF1FBB-217E-4C16-BEC9-673D7EB37A9C}: NameServer = 194.117.200.10 194.117.200.15 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe Voila voila,

pas de nouvell? Et bien tan pis ! a demain gspr!! Bonne nuit les petits!

Me revoila avec .....................;; un rapoort Panda!!!!! Si si !! Panda Incident Statut Analyse Virus:W32/Akbot.C.worm Désinfecté Système d’exploitation Adware:adware/swimsuitnetwork No Désinfecté C:\WINDOWS\SYSTEM32\MYDLL.dll Adware:adware/dollarrevenue No Désinfecté C:\WINDOWS\teller2.chk Adware:adware/sqwire No Désinfecté Registre Windows Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt[.xiti.com/] Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/2o7.net No Désinfecté C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt[.2o7.net/] Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt[.adtech.de/] Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt[as1.falkag.de/] Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt[fe.lea.lycos.fr/] Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt[] Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Lol\Bureau\l2mfix\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Lol\Bureau\l2mfix.exe[Process.exe] Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Lol\Bureau\SMITFRAUD\SmitfraudFix\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Lol\Bureau\SmitfraudFix.zip[Process.exe] Outil indésirable:Application/Processor No Désinfecté C:\WINDOWS\system32\Process.exe Virus:W32/Akbot.C.worm Désinfecté C:\WINDOWS\system32\steam.dll Outil indésirable:Application/Processor No Désinfecté F:\l2mfix.exe[Process.exe] Outil indésirable:Application/Processor No Désinfecté F:\SmitfraudFix.zip[Process.exe] Et un rapport Hijack! Logfile of HijackThis v1.99.1 Scan saved at 20:16:24, on 24/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\WINDOWS\system32\dslAgent.exe C:\WINDOWS\system32\gsicon.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\Lol\Mes documents\Utilitaire\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\RunOnce: [Panda_cleaner_249467] C:\WINDOWS\System32\ActiveScan\pavdr.exe 249467 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{38FF1FBB-217E-4C16-BEC9-673D7EB37A9C}: NameServer = 194.117.200.10 194.117.200.15 O17 - HKLM\System\CS1\Services\Tcpip\..\{38FF1FBB-217E-4C16-BEC9-673D7EB37A9C}: NameServer = 194.117.200.10 194.117.200.15 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Microsoft Network Service (Network) - Unknown owner - C:\WINDOWS\msnet32.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe Voila! Bon je tai posté un peu tout je sais mai vu ke je ne mis connai pas du tout... Je préfère en faire tro ke pas assez! Voila!

Re G essayer de refaire un scan avec Panda ca a fonctionné sauf que lorsque je veu enregistrer le rapport et bien ptit beug et internet explorer se coupe.... Alors g rééssayer et rebelott ... Bon je vai y retourner on ne sai jamai : jamai 2 sans 3!

Bonjour, bonjour! Bon je n ai pas de bonne nouvelle! Alors hier g voulu fair tout ce ke tu ma dis alors pour regseach pas de pb! G le Scan! par contre kan g voulu faire panda impossible ke ca démarre! Après je me suis souvenu kil fallai désactiver avast ce ke g fai! Je relance une analyse Panda et pas moyen ca n avancai pas! PAs d'analyse Panda! Je me suis pas di bon je vai aller poster un ptit msg sur le forum pour demander kommen faire et la c le drame : PLUS D internet!!!!!!!!! Alors depuis hier soir g fait tout les scan possible et desinstaller reinstaller mon modem : et tjs aps d internet. La après avoir fai un scan spy sweeper jai reussi a me reconnecter! Alors vite je t envoi mes différent rapports Les Rapport de Scan : Regsearch REGEDIT4 ; Registry Search by Bobbi Flekman © 2005 ; Version: 1.0.2.4 ; Results at 23/01/2006 22:48:18 for strings: ; 'adchannel' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... Après ce scan l'analyse Panda ne voulai pas démarrer! alors g redéammrer mon ordi et après plus d Internet! Alors g fai différent scan : avast => cheval de troie dans C:/WINDOWS/System32/eraseme_08148.exe (mis en quarantaine) --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 14:33:06, 24/01/2006 + Somme de contrôle: A0007B4D + Résultats du scan: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K1AFSTA3\exe1[1].exe -> Proxy.Small.dv : Nettoyer et sauvegarder :mozilla.10:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder :mozilla.17:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder :mozilla.18:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder :mozilla.19:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder :mozilla.20:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder :mozilla.28:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder :mozilla.29:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder :mozilla.30:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder :mozilla.47:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Mediaplex : Nettoyer et sauvegarder :mozilla.58:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder :mozilla.71:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.72:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.73:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.74:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.75:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder :mozilla.76:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder :mozilla.77:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder :mozilla.78:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder :mozilla.79:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder :mozilla.103:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder :mozilla.104:C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder C:\Documents and Settings\Lol\Cookies\lol@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder C:\Documents and Settings\Lol\sa4fdgf.exe -> Downloader.Adload.j : Nettoyer et sauvegarder ::Fin du rapport Spy Sweeper ******** 15:29: | Début de session, mardi 24 janvier 2006 | 15:29: Spy Sweeper démarrée 15:29: Analyse lancée avec la version des définitions 604 15:29: Démarrage de l’analyse de la mémoire 15:36: Analyse de la mémoire terminée, temps passé : 00:07:39 15:36: Démarrage de l’analyse du Registre 15:37: Analyse du Registre terminée, temps passé :00:00:33 15:37: Démarrage de l’analyse des cookies 15:37: Analyse des cookies terminée, temps passé : 00:00:00 15:37: Démarrage de l’analyse des fichiers 15:37: Trouvé Adware: dollarrevenue 15:37: a0020675.exe (ID = 233781) 15:38: a0021134.exe (ID = 233781) 15:39: a0020823.exe (ID = 233781) 16:02: Trouvé Adware: command 16:02: a0020676.vbs (ID = 231442) 16:04: Trouvé Adware: targetsaver 16:04: a0020677.exe (ID = 193501) 16:05: Trouvé Adware: apropos 16:05: a0020674.dll (ID = 166754) 16:21: a0019217.exe (ID = 231443) 16:22: Trouvé Adware: look2me 16:22: a0019257.dll (ID = 159) 16:22: Trouvé Adware: findthewebsiteyouneed hijacker 16:22: a0019366.exe (ID = 233482) 16:22: a0019367.exe (ID = 233481) 16:28: a0019222.vbs (ID = 185675) 16:28: Trouvé Trojan Horse: sdbot 16:28: a0020499.ini (ID = 74768) 16:29: Analyse des fichiers terminée, temps passé : 00:51:54 16:29: Analyse complète terminée. Durée 01:00:14 16:29: Traces trouvées : 12 16:47: Processus de suppression lancé. 16:47: Mise en quarantaine de toutes les traces : look2me 16:47: Mise en quarantaine de toutes les traces : sdbot 16:47: Mise en quarantaine de toutes les traces : apropos 16:47: Mise en quarantaine de toutes les traces : command 16:47: Mise en quarantaine de toutes les traces : findthewebsiteyouneed hijacker 16:47: Mise en quarantaine de toutes les traces : targetsaver 16:48: Mise en quarantaine de toutes les traces : dollarrevenue 16:48: Processus de suppression lancé. Durée 00:00:46 voila après ce dernier scan et une énième installation de mon modem j ai pu me connecter... Voici un rapport Hijack ke je vien de faire Logfile of HijackThis v1.99.1 Scan saved at 17:03:16, on 24/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe C:\WINDOWS\System32\GSICON.EXE C:\WINDOWS\System32\dslagent.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Documents and Settings\Lol\Mes documents\Utilitaire\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinDLL (steam.dll)] rundll32.exe C:\WINDOWS\System32\steam.dll,start O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Microsoft Network Service (Network) - Unknown owner - C:\WINDOWS\msnet32.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe Je t avou ke je commence à desespéré... Mai en tout cas merci pour ta précieuse aide! A tout a leur peu être! Je reste connectée!

oh la la je vien de mettre 35 min rien ke pour imprimer t explikations!! Eh la je clik sur le 1er lien et sniff error!! cette page n existe pas! ke faire! en faisan ma ptite recherche g reussi a le trouver sur le site!! ouff ptite frayeur! allez o boulo!

Bon, g pu faire tout les scan demandés! Par contre bonjour le tps ke ca a pris!! Mon ordi rame komm un fou!! Malheureusment, kan g redémarré l'ordi à la suite du scan avaec spy sweeper et bien impossible de me reconnecter à Internet!!! alors rebelott g désinstaller mon modem et je l ai remis et la ca a l air de fonctionner! Alors bon pour l'instant si ca marche comm ca je vai pas être tro exigeante... Allez place aux rapports! Voici le ptit Jotti! File: steam.dll Status: POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database) MD5 13840b5b0c6723cdb6a8b8b4d012306f Packers detected: PETITE Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VBA32 Found Backdoor.xBot.1 (paranoid heuristics) (probable variant) Ensuite Spy sweeper! ******** 16:21: | Début de session, lundi 23 janvier 2006 | 16:21: Spy Sweeper démarrée 16:21: Analyse lancée avec la version des définitions 604 16:21: Démarrage de l’analyse de la mémoire 16:30: Analyse de la mémoire terminée, temps passé : 00:09:21 16:30: Démarrage de l’analyse du Registre 16:31: Trouvé Adware: targetsaver 16:31: HKLM\software\microsoft\windows\currentversion\uninstall\tsa\ (2 traces secondaires) (ID = 143607) 16:31: Trouvé Adware: command 16:31: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ (7 traces secondaires) (ID = 892523) 16:31: HKLM\system\currentcontrolset\services\cmdservice\ (12 traces secondaires) (ID = 958670) 16:31: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 traces secondaires) (ID = 1016064) 16:31: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 traces secondaires) (ID = 1016072) 16:31: HKLM\software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}\ (7 traces secondaires) (ID = 1110756) 16:31: Trouvé Adware: findthewebsiteyouneed hijack 16:31: HKU\S-1-5-21-1292428093-1202660629-1801674531-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437) 16:31: Analyse du Registre terminée, temps passé :00:00:36 16:31: Démarrage de l’analyse des cookies 16:31: Trouvé Spy Cookie: atlas dmt cookie 16:31: lol@atdmt[1].txt (ID = 2253) 16:31: Trouvé Spy Cookie: xiti cookie 16:31: lol@xiti[1].txt (ID = 3717) 16:31: Analyse des cookies terminée, temps passé : 00:00:00 16:31: Démarrage de l’analyse des fichiers 16:32: Trouvé Adware: dollarrevenue 16:32: a0019365.exe (ID = 235307) 16:33: Trouvé Adware: look2me 16:33: a0019234.dll (ID = 159) 16:33: Trouvé Adware: findthewebsiteyouneed hijacker 16:33: a0006096.exe (ID = 233481) 16:34: drevil[1].exe (ID = 233781) 16:34: sadf.exe (ID = 233781) 16:35: a0016672.exe (ID = 233781) 16:35: a0019236.dll (ID = 159) 16:35: a0016717.exe (ID = 235307) 16:35: drsmartload[1].exe (ID = 235307) 16:35: a0019449.exe (ID = 233781) 16:36: a0019223.dll (ID = 195129) 16:37: a0019229.dll (ID = 159) 16:37: a0005592.exe (ID = 233481) 16:37: a0015239.dll (ID = 159) 16:37: a0016165.exe (ID = 233482) 16:38: a0017086.dll (ID = 195129) 16:39: a0006628.exe (ID = 233482) 16:39: a0007105.dll (ID = 195129) 16:39: drevil[1].exe (ID = 233781) 16:40: a0005922.exe (ID = 235307) 16:40: a0006196.dll (ID = 159) 16:43: a0019280.dll (ID = 159) 16:43: a0015708.exe (ID = 235307) 16:45: a0019444.dll (ID = 159) 16:45: a0019445.dll (ID = 159) 16:46: a0015522.exe (ID = 231443) 16:46: a0005879.exe (ID = 231443) 16:46: a0019296.dll (ID = 159) 16:47: a0019226.dll (ID = 159) 16:47: a0015525.exe (ID = 233481) 16:54: a0015235.dll (ID = 159) 16:55: uninstall_nmon.vbs (ID = 231442) 16:57: Avertissement: Failed to open file "c:\system volume information\_restore{1be6d9d5-1482-4ca7-a2ef-29984dbc865e}\rp28\a0019237.dll". Accès refusé 16:57: a0005571.dll (ID = 159) 16:58: a0019294.dll (ID = 159) 16:59: a0006813.exe (ID = 233781) 16:59: a0006835.exe (ID = 235307) 16:59: a0019446.dll (ID = 159) 16:59: a0019447.dll (ID = 159) 16:59: Avertissement: Failed to open file "c:\system volume information\_restore{1be6d9d5-1482-4ca7-a2ef-29984dbc865e}\rp28\a0019221.exe". Accès refusé 17:00: Avertissement: Failed to open file "c:\system volume information\_restore{1be6d9d5-1482-4ca7-a2ef-29984dbc865e}\rp22\a0005527.dll". Accès refusé 17:00: a0005544.dll (ID = 159) 17:00: a0019448.dll (ID = 159) 17:01: a0019293.dll (ID = 159) 17:01: a0019228.dll (ID = 159) 17:01: Trouvé Adware: apropos 17:01: atmtd.dll (ID = 166754) 17:01: atmtd.dll._ (ID = 166754) 17:01: a0019451.exe (ID = 233812) 17:01: tsuninst.exe (ID = 193501) 17:01: a0019266.dll (ID = 159) 17:02: a0019295.dll (ID = 159) 17:02: a0005597.dll (ID = 159) 17:02: a0005601.dll (ID = 159) 17:02: a0015713.dll (ID = 159) 17:02: a0019235.dll (ID = 159) 17:02: a0019232.dll (ID = 159) 17:03: a0006384.exe (ID = 231443) 17:03: a0006389.exe (ID = 233481) 17:09: a0016184.dll (ID = 159) 17:10: a0019230.dll (ID = 159) 17:11: a0012125.dll (ID = 166754) 17:17: a0019225.dll (ID = 159) 17:19: a0019231.dll (ID = 159) 17:20: a0013811.exe (ID = 233812) 17:21: a0019227.dll (ID = 159) 17:21: a0014826.exe (ID = 193501) 17:22: a0015166.vbs (ID = 231442) 17:22: a0019211.dll (ID = 159) 17:22: a0016303.exe (ID = 231443) 17:22: a0015699.exe (ID = 231443) 17:22: a0019241.dll (ID = 159) 17:23: a0015862.exe (ID = 231443) 17:23: a0016164.exe (ID = 233481) 17:24: a0019233.dll (ID = 159) 17:25: a0019443.dll (ID = 159) 17:25: a0019240.dll (ID = 159) 17:30: Avertissement: The file sweep got stuck and had to be terminated and restarted in "safe" (slow) mode.. 17:31: Analyse des fichiers terminée, temps passé : 00:59:21 17:31: Analyse complète terminée. Durée 01:09:26 17:31: Traces trouvées : 124 17:31: Processus de suppression lancé. 17:31: Mise en quarantaine de toutes les traces : look2me 17:32: Mise en quarantaine de toutes les traces : apropos 17:32: Mise en quarantaine de toutes les traces : dollarrevenue 17:32: Mise en quarantaine de toutes les traces : command 17:32: Mise en quarantaine de toutes les traces : findthewebsiteyouneed hijacker 17:32: Mise en quarantaine de toutes les traces : findthewebsiteyouneed hijack 17:32: Mise en quarantaine de toutes les traces : targetsaver 17:32: Mise en quarantaine de toutes les traces : atlas dmt cookie 17:32: Mise en quarantaine de toutes les traces : xiti cookie 17:33: Processus de suppression lancé. Durée 00:01:43 ******** 16:07: | Début de session, lundi 23 janvier 2006 | 16:07: Spy Sweeper démarrée 16:07: Analyse lancée avec la version des définitions 604 16:07: Démarrage de l’analyse de la mémoire 16:15: Analyse annulée 16:20: Analyse de la mémoire terminée, temps passé : 00:13:07 16:20: Traces trouvées : 0 16:21: | Fin de session, lundi 23 janvier 2006 | ******** 16:01: | Début de session, lundi 23 janvier 2006 | 16:01: Spy Sweeper démarrée 16:07: | Fin de session, lundi 23 janvier 2006 | et enfin notre petit Hijack! Logfile of HijackThis v1.99.1 Scan saved at 17:50:33, on 23/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\GSICON.EXE C:\WINDOWS\System32\dslagent.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\Lol\Mes documents\Utilitaire\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinDLL (steam.dll)] rundll32.exe C:\WINDOWS\System32\steam.dll,start O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Microsoft Network Service (Network) - Unknown owner - C:\WINDOWS\msnet32.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe A bientot pour de nouvelle aventure!

Hello qc001! Voila ma ptite réponse concernant Kaspersky : je vais revenir sur l'histoire de notre ptit malade! Voila il y a une semaine du jour au lendemain impossible de me connecter à internet! Alors g appelé une amie à la rescousse histoire kel reformate le tout et kan prime ell m'install Windows XP (g t sous win98 avan...)! Bref on lutte car la bestiol été très malade! Par contre on install plein d antivirus et ccie (ewido, avast, Zone alarm...) car avant j'avai Norton mai apparement pas très bon... Et un ami nous a conseiller d'installer kaspersky histoire de virer les virus afin de pouvoir se connecter à nouvo! Donc ptite analyse concluante avec Kaspersky mais après g vu kil n'été pas compatible avec Avast (message d'alerte d'Avast à chak démarrage!) Donc bye bye Kaspersky! G fai une bétise??? Voili voilou! Bon je vais faire tout les ptit scan en espérant pouvoir me reconnecté à internet après le redémarrage! (je n'ai pas étein mon ordi depuis hier soir! je suis tromatisée lol)! A tout à leur Gspr!

Bon me revoila ! g fait la mise à jour ewido, les scan sur panda (rapport ci joint pr le poste de travail et les disk locaux). Par contre une fois tout ca fai et l'ordi redémarré et bien je ne pouvai plus me connecté à Internet!! (gross crise de désespoir! )! Alors g réinstaller mon modem et la ca march pour le momen!!! (mai juska kan?! ) en plus ewido me signal des objet infecté et avast un virus! Bon vous verrez ca surment avec mes différents rapports! En espérant pouvoir me reconnecté demain!! Je vais me coucher après toute c émotions!!!! Rapport Ewido --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 00:06:01, 23/01/2006 + Somme de contrôle: 20787AD4 + Résultats du scan: C:\Documents and Settings\Lol\Bureau\l2mfix\backup.zip/dlls/aetiveds.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Lol\Bureau\l2mfix\backup.zip/dlls/arlui.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Lol\Bureau\l2mfix\backup.zip/dlls/imxsap.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Lol\Bureau\l2mfix\backup.zip/dlls/k0jsla171d.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Lol\Bureau\l2mfix\backup.zip/dlls/ktl0l73m1.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Lol\Bureau\l2mfix\backup.zip/dlls/wbavideo.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Lol\Bureau\l2mfix\dlls\aetiveds.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Lol\Bureau\l2mfix\dlls\arlui.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Lol\Bureau\l2mfix\dlls\imxsap.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Lol\Bureau\l2mfix\dlls\k0jsla171d.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Lol\Bureau\l2mfix\dlls\ktl0l73m1.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Lol\Bureau\l2mfix\dlls\wbavideo.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Lol\drsdf.exe -> Downloader.Adload.j : Nettoyer et sauvegarder C:\Documents and Settings\Lol\Mes documents\Utilitaire\backups\backup-20060121-183048-816.dll -> Adware.Virtumonde : Nettoyer et sauvegarder C:\WINDOWS\system32\ca32.exe/rm32.dll -> Adware.Virtumonde : Nettoyer et sauvegarder C:\WINDOWS\system32\ca32.exe/dr32.exe -> Downloader.Adload.j : Nettoyer et sauvegarder C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BQ7NQ7W7\ca32[1].zip/rm32.dll -> Adware.Virtumonde : Nettoyer et sauvegarder C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BQ7NQ7W7\ca32[1].zip/dr32.exe -> Downloader.Adload.j : Nettoyer et sauvegarder C:\WINDOWS\system32\dr32.exe -> Downloader.Adload.j : Nettoyer et sauvegarder C:\WINDOWS\system32\svchost.dll -> Backdoor.IRCBot.nf : Nettoyer et sauvegarder C:\WINDOWS\system32\wgxmhcey.dll -> Backdoor.IRCBot.nf : Nettoyer et sauvegarder C:\WINDOWS\system32\winzip81.exe -> Backdoor.Rbot.ann : Nettoyer et sauvegarder ::Fin du rapport Rapport Panda Diskes locaux : Incident Statut Analyse Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt[] Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Lol\Bureau\l2mfix\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Lol\Bureau\l2mfix.exe[Process.exe] Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Lol\Bureau\SMITFRAUD\SmitfraudFix\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Lol\Bureau\SmitfraudFix.zip[Process.exe] Outil indésirable:Application/Processor No Désinfecté C:\RECYCLER\S-1-5-21-1292428093-1202660629-1801674531-1003\Dc2\VundoFix\process.exe Virus:W32/Sdbot.GDQ.worm Désinfecté C:\WINDOWS\msnet32.exe Adware:adware/commad No Désinfecté C:\WINDOWS\system32\atmtd.dll Virus:W32/Sdbot.ftp Désinfecté C:\WINDOWS\system32\i Adware:adware/swimsuitnetwork No Désinfecté C:\WINDOWS\system32\MYDLL.dll Outil indésirable:Application/Processor No Désinfecté C:\WINDOWS\system32\Process.exe Adware:Adware/Sqwire No Désinfecté C:\WINDOWS\system32\tsuninst.exe Adware:adware/dollarrevenue No Désinfecté C:\WINDOWS\teller2.chk poste de travail : Incident Statut Analyse Adware:adware/commad No Désinfecté C:\WINDOWS\SYSTEM32\atmtd.dll Adware:adware/swimsuitnetwork No Désinfecté C:\WINDOWS\SYSTEM32\MYDLL.dll Adware:adware/sqwire No Désinfecté C:\WINDOWS\SYSTEM32\tsuninst.exe Adware:adware/dollarrevenue No Désinfecté C:\WINDOWS\teller2.chk Adware:adware/secure32 No Désinfecté C:\WINDOWS\System32\drivers\etc\hosts Spyware:spyware/virtumonde No Désinfecté Registre Windows Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt[.xiti.com/] Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Lol\Application Data\Mozilla\Firefox\Profiles\fvgfkcda.default\cookies.txt[] Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Lol\Bureau\l2mfix\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Lol\Bureau\l2mfix.exe[Process.exe] Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Lol\Bureau\SMITFRAUD\SmitfraudFix\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Lol\Bureau\SmitfraudFix.zip[Process.exe] Outil indésirable:Application/Processor No Désinfecté C:\RECYCLER\S-1-5-21-1292428093-1202660629-1801674531-1003\Dc2\VundoFix\process.exe Virus:Trj/Qhost.gen Désinfecté C:\WINDOWS\system32\drivers\etc\hosts Outil indésirable:Application/Processor No Désinfecté C:\WINDOWS\system32\Process.exe Adware:Adware/Sqwire No Désinfecté C:\WINDOWS\system32\tsuninst.exe [/b]rapport Hijack! Logfile of HijackThis v1.99.1 Scan saved at 01:47:36, on 23/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\GSICON.EXE C:\WINDOWS\System32\dslagent.exe C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\Lol\Mes documents\Utilitaire\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [WinDLL (steam.dll)] rundll32.exe C:\WINDOWS\System32\steam.dll,start O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Microsoft Network Service (Network) - Unknown owner - C:\WINDOWS\msnet32.exe (file missing) Bon voila, j avou ke je suis en stress : en voyan ke ca remarchai le net g t toute fofoll!! mai g crié victoire tro vite vu ke ca ma refai le coup de connexion impossibl Alors suspense, demain vais je pouvoir me reconnecté? Merci bocoup pour votre aide en tout cas!!! A demain gspr !

Alors voila le 1er rapport smitfraudfix : SmitFraudFix v2.15 Rapport fait à 18:03:24,12 le 22/01/2006 Executé à partir de C:\Documents and Settings\Lol\Bureau\SMITFRAUD\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\ C:\drsmartload1.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS C:\WINDOWS\drsmartload.dat PRESENT ! C:\WINDOWS\winsysupd.exe PRESENT ! C:\WINDOWS\winsysban.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Lol\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport le 2ème rapport : SmitFraudFix v2.15 Rapport fait à 18:10:22,93 le 22/01/2006 Executé à partir de C:\Documents and Settings\Lol\Bureau\SMITFRAUD\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\drsmartload1.exe supprimé C:\WINDOWS\drsmartload.dat supprimé C:\WINDOWS\winsysupd.exe supprimé C:\WINDOWS\winsysban.exe supprimé »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport Et le rapport hijack : Logfile of HijackThis v1.99.1 Scan saved at 18:15:21, on 22/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\GSICON.EXE C:\WINDOWS\System32\dslagent.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe C:\Documents and Settings\Lol\Mes documents\Utilitaire\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

et voila! tout c'est bien passé! Ca cest le rapport vundox fix! VundoFix V4.0 Listing files found while scanning.... C:\WINDOWS\system32\geedd.dll Attempting to delete C:\WINDOWS\system32\geedd.dll C:\WINDOWS\system32\geedd.dll Has been deleted! Performing Repairs to the registry. Done! Et ca le rapport de hijack! Logfile of HijackThis v1.99.1 Scan saved at 17:08:52, on 22/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\windows\winsysban.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\GSICON.EXE C:\WINDOWS\System32\dslagent.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe C:\Documents and Settings\Lol\Mes documents\Utilitaire\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {5D29C749-5FD1-0004-A1EB-05D58C25E49F} - C:\WINDOWS\System32\klpj.dll R3 - URLSearchHook: (no name) - {6804F749-72E2-3530-8CDB-35F8BC15C9AF} - C:\WINDOWS\System32\klpj.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5D29C749-5FD1-0004-A1EB-05D58C25E49F} - C:\WINDOWS\System32\klpj.dll O2 - BHO: (no name) - {6804F749-72E2-3530-8CDB-35F8BC15C9AF} - C:\WINDOWS\System32\klpj.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe voila!

voila le rapport 1er rapport : L2mfix 010406 Creating Account. La commande s'est termin‚e correctement. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 376 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 464 'winlogon.exe' Killing PID 464 'winlogon.exe' Killing PID 464 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1492 'explorer.exe' Killing PID 1492 'explorer.exe' Killing PID 1492 'explorer.exe' Killing PID 1492 'explorer.exe' Killing PID 1492 'explorer.exe' Killing PID 1492 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1208 'rundll32.exe' Killing PID 1208 'rundll32.exe' Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrateurs ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). Deleting: C:\WINDOWS\system32\aetiveds.dll Successfully Deleted: C:\WINDOWS\system32\aetiveds.dll Deleting: C:\WINDOWS\system32\arlui.dll Successfully Deleted: C:\WINDOWS\system32\arlui.dll Deleting: C:\WINDOWS\system32\imxsap.dll Successfully Deleted: C:\WINDOWS\system32\imxsap.dll Deleting: C:\WINDOWS\system32\k0jsla171d.dll Successfully Deleted: C:\WINDOWS\system32\k0jsla171d.dll Deleting: C:\WINDOWS\system32\ktl0l73m1.dll Successfully Deleted: C:\WINDOWS\system32\ktl0l73m1.dll Deleting: C:\WINDOWS\system32\wbavideo.dll Successfully Deleted: C:\WINDOWS\system32\wbavideo.dll msg11?.dll 0 fichier(s) copi‚(s). Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geedd] "Asynchronous"=dword:00000001 "DllName"="geedd.dll" "Impersonate"=dword:00000000 "Logon"="Logon" "Logoff"="Logoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reinstall] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\k0jsla171d.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** C:\WINDOWS\system32\aetiveds.dll C:\WINDOWS\system32\arlui.dll C:\WINDOWS\system32\imxsap.dll C:\WINDOWS\system32\k0jsla171d.dll C:\WINDOWS\system32\ktl0l73m1.dll C:\WINDOWS\system32\wbavideo.dll Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{371B952E-5834-40C0-95F1-0803F96C5F72}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{371B952E-5834-40C0-95F1-0803F96C5F72}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{371B952E-5834-40C0-95F1-0803F96C5F72}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{371B952E-5834-40C0-95F1-0803F96C5F72}\InprocServer32] @="C:\\WINDOWS\\system32\\imxsap.dll" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{371B952E-5834-40C0-95F1-0803F96C5F72}"=- [-HKEY_CLASSES_ROOT\CLSID\{371B952E-5834-40C0-95F1-0803F96C5F72}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: adding: dlls/aetiveds.dll (164 bytes security) (deflated 5%) adding: dlls/arlui.dll (164 bytes security) (deflated 5%) adding: dlls/imxsap.dll (164 bytes security) (deflated 4%) adding: dlls/k0jsla171d.dll (164 bytes security) (deflated 4%) adding: dlls/ktl0l73m1.dll (164 bytes security) (deflated 5%) adding: dlls/wbavideo.dll (164 bytes security) (deflated 4%) adding: backregs/371B952E-5834-40C0-95F1-0803F96C5F72.reg (212 bytes security) (deflated 69%) adding: backregs/notibac.reg (164 bytes security) (deflated 88%) adding: backregs/shell.reg (164 bytes security) (deflated 73%) Et voila le rapport hijack! Logfile of HijackThis v1.99.1 Scan saved at 15:54:12, on 22/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\windows\winsysban.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\GSICON.EXE C:\WINDOWS\System32\dslagent.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\Lol\Mes documents\Utilitaire\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {5D29C749-5FD1-0004-A1EB-05D58C25E49F} - C:\WINDOWS\System32\klpj.dll R3 - URLSearchHook: (no name) - {6804F749-72E2-3530-8CDB-35F8BC15C9AF} - C:\WINDOWS\System32\klpj.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5D29C749-5FD1-0004-A1EB-05D58C25E49F} - C:\WINDOWS\System32\klpj.dll O2 - BHO: (no name) - {6804F749-72E2-3530-8CDB-35F8BC15C9AF} - C:\WINDOWS\System32\klpj.dll O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\geedd.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: geedd - C:\WINDOWS\SYSTEM32\geedd.dll O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\k0jsla171d.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

et un ptit rapport hijack! Logfile of HijackThis v1.99.1 Scan saved at 15:13:11, on 22/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\windows\winsysban.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\GSICON.EXE C:\WINDOWS\System32\dslagent.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe C:\Documents and Settings\Lol\Mes documents\Utilitaire\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {5D29C749-5FD1-0004-A1EB-05D58C25E49F} - C:\WINDOWS\System32\klpj.dll R3 - URLSearchHook: (no name) - {6804F749-72E2-3530-8CDB-35F8BC15C9AF} - C:\WINDOWS\System32\klpj.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5D29C749-5FD1-0004-A1EB-05D58C25E49F} - C:\WINDOWS\System32\klpj.dll O2 - BHO: (no name) - {6804F749-72E2-3530-8CDB-35F8BC15C9AF} - C:\WINDOWS\System32\klpj.dll O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\geedd.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: geedd - C:\WINDOWS\SYSTEM32\geedd.dll O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\k0jsla171d.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

Hello les sauveurs! Bon g pu faire tout ce ke tu ma dis de faire c a dire le rapport l2mfix et voici le ptit rapport demandé! : L2MFIX find log 010406 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geedd] "Asynchronous"=dword:00000001 "DllName"="geedd.dll" "Impersonate"=dword:00000000 "Logon"="Logon" "Logoff"="Logoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reinstall] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\ir64l5jq1.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{32B71473-FAB9-4FF4-F156-36ECCCA0404F}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension de la page de propri‚t‚s de mise … jour automatique" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{371B952E-5834-40C0-95F1-0803F96C5F72}"="" "{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{472083B0-C522-11CF-8763-00608CC02F24}"="avast" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{371B952E-5834-40C0-95F1-0803F96C5F72}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{371B952E-5834-40C0-95F1-0803F96C5F72}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{371B952E-5834-40C0-95F1-0803F96C5F72}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{371B952E-5834-40C0-95F1-0803F96C5F72}\InprocServer32] @="C:\\WINDOWS\\system32\\aetiveds.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ aetiveds.dll Sun 22 Jan 2006 0:15:44 ..S.R 235 192 229,68 K arlui.dll Sat 21 Jan 2006 22:52:30 ..S.R 236 584 231,04 K atmtd.dll Thu 19 Jan 2006 19:25:56 A.... 687 592 671,48 K geedd.dll Tue 10 Jan 2006 2:30:38 ..... 36 877 36,01 K ir64l5~1.dll Sun 22 Jan 2006 0:09:20 ..S.R 235 192 229,68 K k0jsla~1.dll Sun 22 Jan 2006 0:13:22 ..S.R 233 727 228,25 K klpj.dll Tue 17 Jan 2006 17:12:22 A.... 139 264 136,00 K pncrt.dll Fri 20 Jan 2006 0:31:30 A.... 278 528 272,00 K pndx5016.dll Fri 20 Jan 2006 0:31:32 A.... 6 656 6,50 K pndx5032.dll Fri 20 Jan 2006 0:31:32 A.... 5 632 5,50 K rmoc3260.dll Fri 20 Jan 2006 0:32:00 A.... 147 495 144,04 K sirenacm.dll Wed 14 Dec 2005 0:24:42 A.... 118 784 116,00 K svchost.dll Thu 19 Jan 2006 18:46:24 ..SH. 49 460 48,30 K wbavideo.dll Sun 22 Jan 2006 0:09:22 ..S.R 233 727 228,25 K wgxmhcey.dll Thu 19 Jan 2006 18:46:24 A.... 49 460 48,30 K 15 items found: 15 files (6 H/S), 0 directories. Total of file sizes: 2 694 170 bytes 2,57 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est B4E7-6902 R‚pertoire de C:\WINDOWS\System32 22/01/2006 00:15 235ÿ192 aetiveds.dll 22/01/2006 00:13 233ÿ727 k0jsla171d.dll 22/01/2006 00:09 233ÿ727 wbavideo.dll 22/01/2006 00:09 235ÿ192 ir64l5jq1.dll 21/01/2006 22:52 236ÿ584 arlui.dll 21/01/2006 14:15 <REP> dllcache 19/01/2006 18:46 49ÿ460 svchost.dll 19/01/2006 16:56 <REP> Microsoft 17/01/2006 17:13 405ÿ504 ?ti2evxx.exe 7 fichier(s) 1ÿ629ÿ386 octets 2 R‚p(s) 34ÿ236ÿ514ÿ304 octets libres

A part la mise à jour Ewido ke je nai pas pu faire ( pas de connexion internet!) voici les différents rapports demandés : Rapport Ewido : --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 22:50:52, 21/01/2006 + Somme de contrôle: E9A9F9D3 + Résultats du scan: HKLM\SOFTWARE\ClickSpring -> Spyware.PurityScan : Nettoyer et sauvegarder [680] C:\WINDOWS\system32\oveaut32.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Program Files\Fichiers communs\qkmz\qkmzd\qkmzc.dll -> Downloader.Small : Nettoyer et sauvegarder C:\RECYCLER\S-1-5-21-1292428093-1202660629-1801674531-1003\Dc1\asappsrv.dll -> Spyware.CommAd : Erreur durant le nettoyage C:\RECYCLER\S-1-5-21-1292428093-1202660629-1801674531-1003\Dc1\command.exe -> Adware.CommAd : Erreur durant le nettoyage C:\RECYCLER\S-1-5-21-1292428093-1202660629-1801674531-1003\Dc2.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder C:\WINDOWS\system32\cc32.exe -> Proxy.Agent.ic : Nettoyer et sauvegarder C:\WINDOWS\system32\desenh.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\dwrgui.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\ilsetup.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\kjdsf.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\kwdlv1.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\m228lcfu1f28.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\miv1_0.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\oveaut32.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\pEqsp.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\r8p8li7u18.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\sdgina.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\ssvsvc.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\whpcore.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\wrnrnr.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\windows.exe -> Proxy.Agent.ic : Nettoyer et sauvegarder ::Fin du rapport Rapport hijack : Logfile of HijackThis v1.99.1 Scan saved at 22:56:27, on 21/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\windows\winsysban.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\GSICON.EXE C:\WINDOWS\System32\dslagent.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\roor\eups.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\?ti2evxx.exe C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Documents and Settings\Lol\Mes documents\Utilitaire\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {5D29C749-5FD1-0004-A1EB-05D58C25E49F} - C:\WINDOWS\System32\klpj.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {6804F749-72E2-3530-8CDB-35F8BC15C9AF} - C:\WINDOWS\System32\klpj.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5D29C749-5FD1-0004-A1EB-05D58C25E49F} - C:\WINDOWS\System32\klpj.dll O2 - BHO: (no name) - {6804F749-72E2-3530-8CDB-35F8BC15C9AF} - C:\WINDOWS\System32\klpj.dll O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\geedd.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [WinDLL (svchost.dll)] rundll32.exe C:\WINDOWS\System32\svchost.dll,start O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe O4 - HKLM\..\Run: [WinDLL (jbi32.dll)] rundll32.exe C:\WINDOWS\System32\jbi32.dll,start O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [qkmz] C:\PROGRA~1\FICHIE~1\qkmz\qkmzm.exe O4 - HKCU\..\Run: [Oetc] "C:\Program Files\roor\eups.exe" -vt yazr O4 - HKCU\..\Run: [itz] C:\WINDOWS\System32\?ti2evxx.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: geedd - C:\WINDOWS\SYSTEM32\geedd.dll O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\lv4m09h1e.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe Et voila!!

Pour la mise a jour de ewido ce n'est pas possible car pas d'internet !! C'est pas grave?

Re coucou! Alors j'ai fait toute la demarche que tu m'as donné mais le seul soucis c'est que je n'ai pas pu faire l'activescan chez Panda parce que internet ne marche pas je te parle du pc d'une copine qui elle a la chance de pouvoir se connecter. Alors voici le rapport hijack : Logfile of HijackThis v1.99.1 Scan saved at 18:43:22, on 21/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\TGFjb3ll\command.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\mswmf32.exe C:\Program Files\Network Monitor\netmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wxpdll32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\cc32.exe C:\WINDOWS\System32\rundll32.exe C:\windows\winsysban.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\GSICON.EXE C:\WINDOWS\System32\dslagent.exe C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\roor\eups.exe C:\WINDOWS\System32\?ti2evxx.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Lol\Mes documents\Utilitaire\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {5D29C749-5FD1-0004-A1EB-05D58C25E49F} - C:\WINDOWS\System32\klpj.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {6804F749-72E2-3530-8CDB-35F8BC15C9AF} - C:\WINDOWS\System32\klpj.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5D29C749-5FD1-0004-A1EB-05D58C25E49F} - C:\WINDOWS\System32\klpj.dll O2 - BHO: (no name) - {6804F749-72E2-3530-8CDB-35F8BC15C9AF} - C:\WINDOWS\System32\klpj.dll O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\geedd.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [WinDLL (svchost.dll)] rundll32.exe C:\WINDOWS\System32\svchost.dll,start O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe O4 - HKLM\..\Run: [cc32] C:\WINDOWS\System32\cc32.exe O4 - HKLM\..\Run: [WinDLL (jbi32.dll)] rundll32.exe C:\WINDOWS\System32\jbi32.dll,start O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [qkmz] C:\PROGRA~1\FICHIE~1\qkmz\qkmzm.exe O4 - HKCU\..\Run: [Oetc] "C:\Program Files\roor\eups.exe" -vt yazr O4 - HKCU\..\Run: [itz] C:\WINDOWS\System32\?ti2evxx.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: geedd - C:\WINDOWS\SYSTEM32\geedd.dll O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\mvn6l95s1.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGFjb3ll\command.exe O23 - Service: mswmf32 - Unknown owner - C:\WINDOWS\mswmf32.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: wxpdll32 - Unknown owner - C:\WINDOWS\wxpdll32.exe Et voici le rapport VundoFix : VundoFix V2.15 by Atri -------------------------------------------------------------------------------------- Listing files contained in the vundofix folder. -------------------------------------------------------------------------------------- killvundo.bat process.exe ReadMe.txt vundo.reg vundofix.txt -------------------------------------------------------------------------------------- Filepaths entered -------------------------------------------------------------------------------------- The filepath entered was C:\WINDOWS\System32\geedd.dll The second filepath entered was C:\WINDOWS\System32\ddeeg.* -------------------------------------------------------------------------------------- Log from Process -------------------------------------------------------------------------------------- Killing PID 156 'smss.exe' Error 0x6 : Descripteur non valide Killing PID 812 'explorer.exe' Killing PID 684 'rundll32.exe' Killing PID 684 'rundll32.exe' Killing PID 232 'winlogon.exe' Error 0x6 : Descripteur non valide -------------------------------------------------------------------------------------- Could not delete C:\WINDOWS\System32\geedd.dll. C:\WINDOWS\System32\ddeeg.* Deleted sucessfully. Fixing Registry -------------------------------------------------------------------------------------- Voila !! j'attend de tes nouvelles sauveur!

Bonjour, Voila gros souci !! J'ai un cheval de Troie qui galope dans mon pc et impossible de le virer!! J'ai tout essayé (enfin ce que je connais) : Avast, Antivir, Kaspersky, ils me disent que j'ai des trojan mais ils ne peuvent pas les supprimer! Par ailleurs, quand j'installe un antivirus, Internet ne marche plus et quand j'enleve l'antivirus miracle ca remarche ... enfin remarchait puisque depuis hier qu'il y en ai un ou pas impossible de me connecter. Alors j'ai fais un petit scan avec hijack et voici le rapport : Logfile of HijackThis v1.99.1 Scan saved at 15:03:10, on 20/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\TGFjb3ll\command.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\mswmf32.exe C:\Program Files\Network Monitor\netmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wxpdll32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\cc32.exe C:\WINDOWS\System32\rundll32.exe C:\windows\winsysban.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\System32\GSICON.EXE C:\WINDOWS\System32\dslagent.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\FICHIE~1\qkmz\qkmzm.exe C:\Program Files\roor\eups.exe C:\WINDOWS\System32\?ti2evxx.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe C:\Documents and Settings\Lol\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {5D29C749-5FD1-0004-A1EB-05D58C25E49F} - C:\WINDOWS\System32\klpj.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {6804F749-72E2-3530-8CDB-35F8BC15C9AF} - C:\WINDOWS\System32\klpj.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5D29C749-5FD1-0004-A1EB-05D58C25E49F} - C:\WINDOWS\System32\klpj.dll O2 - BHO: (no name) - {6804F749-72E2-3530-8CDB-35F8BC15C9AF} - C:\WINDOWS\System32\klpj.dll O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\System32\geedd.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [WinDLL (svchost.dll)] rundll32.exe C:\WINDOWS\System32\svchost.dll,start O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe O4 - HKLM\..\Run: [cc32] C:\WINDOWS\System32\cc32.exe O4 - HKLM\..\Run: [WinDLL (jbi32.dll)] rundll32.exe C:\WINDOWS\System32\jbi32.dll,start O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [qkmz] C:\PROGRA~1\FICHIE~1\qkmz\qkmzm.exe O4 - HKCU\..\Run: [Oetc] "C:\Program Files\roor\eups.exe" -vt yazr O4 - HKCU\..\Run: [itz] C:\WINDOWS\System32\?ti2evxx.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\n86qlij518o.dll O20 - Winlogon Notify: geedd - C:\WINDOWS\SYSTEM32\geedd.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGFjb3ll\command.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: mswmf32 - Unknown owner - C:\WINDOWS\mswmf32.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: wxpdll32 - Unknown owner - C:\WINDOWS\wxpdll32.exe Enfin voila!! J'espère que quelqu'un pourra me donner un petit coup de main! merci d'avance!