:P Bonjour ça fait deux jours que je galère vraiment avec un trojan

J'ai lu vos conseils et utilisé smitfraudfix, puis par sécurité ccs et ccleaner

Tout a enfin fonctionné

puis ce soir rebelotte

sur le rapport :(HKEY_CURRENT_USER\sofware\Microsoft\Internet Explorer\Desktop\Components\0]


"Friendlyname"="ma page d'accueil"

Précision j'ai un blog sur windows live messenger et les problèmes sont revenus quand j'y suis allée. Une amie a été infectée après la visite de mon blog !! est-ce ça et comment résoudre le problème


J'ai redémarrer mon pc mode sans échec, nettoyé les vers dans temp.... ils sont revenus

ouala quoi une simplette de l'informatique qui vous demande de l'aide


- Télécharge HijackThis de Merijn sur ton bureau.

- Renomme le fichier HijackThis.exe en Scanner.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

- Tape Scanner.exe et Appuye sur la touche Entrée.

- Génère un rapport en suivant ces indications :

- Double-clic sur Scanner.exe

- Exécute le et clique sur Do a scan and save log file.

- Le rapport s'ouvre sur leBloc-Note

- Colle le rapport ici, pour cela :

- Menu Edition / Selectionner Tout

- Menu Edition / copier

- Ici dans un nouveau message : clic droit / coller

Aide : N'hésite pas à consulter l'aide HijackThis -


Logfile of HijackThis v1.99.1

Scan saved at 22:08:23, on 02/09/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:










C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe


C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe




C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe


C:\Program Files\Softwin\BitDefender10\bdagent.exe


C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe

C:\Program Files\MSN Messenger\msnmsgr.exe


C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

c:\program files\softwin\bitdefender10\bdmcon.exe


C:\Documents and Settings\virginie gallet.ACER-86U03S59CR\Bureau\Scanner.exe.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE

O4 - HKLM\..\Run: [6A63041F] C:\WINDOWS\System32\zehrnx.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"


O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\RunServices: [7EC6CBC2] C:\WINDOWS\System32\zehrnx.exe

O4 - HKLM\..\RunOnce: [AntiRK] "C:\Program Files\Softwin\BitDefender10\antirk.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: 2.0.lnk = C:\Program Files\ 2.0\program\quickstart.exe

O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


wouah je vais finir par me faire virer du forum....

pas de windows log dans services.msc


voici les rapports



Sunday, September 03, 2006 2:53:07 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version:

Kaspersky Anti-Virus database last update: 3/09/2006

Kaspersky Anti-Virus database records: 207489



Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true


Scan Target - My Computer:





Scan Statistics:

Total number of scanned objects: 63757

Number of viruses found: 2

Number of infected objects: 12 / 0

Number of suspicious objects: 0

Duration of the scan process: 01:21:39


Infected Object Name / Virus Name / Last Action

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\nvsvcd.exe Infected: skipped

C:\WINDOWS\Temp\tmp00007b42\tmp00000000 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\virginie gallet.ACER-86U03S59CR\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\virginie gallet.ACER-86U03S59CR\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\virginie gallet.ACER-86U03S59CR\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\virginie gallet.ACER-86U03S59CR\Local Settings\Historique\History.IE5\MSHist012006090320060904\index.dat Object is locked skipped

C:\Documents and Settings\virginie gallet.ACER-86U03S59CR\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\virginie gallet.ACER-86U03S59CR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\virginie gallet.ACER-86U03S59CR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\virginie gallet.ACER-86U03S59CR\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\virginie gallet.ACER-86U03S59CR\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped

C:\Documents and Settings\virginie gallet.ACER-86U03S59CR\Application Data\Bitdefender\Desktop\Profiles\asdict.dat Object is locked skipped

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavIcl_Log\pav_icl_log_PavLsp.txt Object is locked skipped

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavIcl_Log\pav_icl_log_PavTracer_svchost.txt Object is locked skipped

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavIcl_Log\pav_icl_log_PavTracer_lsass.txt Object is locked skipped

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavIcl_Log\pav_icl_log_PavTracer_alg.txt Object is locked skipped

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavIcl_Log\pav_icl_log_PavTracer_iexplore.txt Object is locked skipped

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavIcl_Log\pav_icl_log_PavTracer_AcroRd32.txt Object is locked skipped

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavIcl_Log\pav_icl_log_PavTracer_vsserv.txt Object is locked skipped

C:\Program Files\Softwin\BitDefender10\aspdict.dat Object is locked skipped

C:\System Volume Information\_restore{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP541\A0102302.exe Infected: Trojan-Proxy.Win32.Horst.av skipped

C:\System Volume Information\_restore{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP541\change.log Object is locked skipped

C:\System Volume Information\_restore{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP532\A0098577.exe Infected: Trojan-Proxy.Win32.Horst.av skipped

C:\System Volume Information\_restore{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP538\A0099579.exe Infected: Trojan-Proxy.Win32.Horst.av skipped

D:\System Volume Information\_restore{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP532\A0098563.exe Infected: Trojan-Proxy.Win32.Horst.av skipped

D:\System Volume Information\_restore{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP532\A0098565.exe Infected: Trojan-Proxy.Win32.Horst.av skipped

D:\System Volume Information\_restore{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP538\A0099558.exe Infected: Trojan-Proxy.Win32.Horst.av skipped

D:\System Volume Information\_restore{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP538\A0099561.exe Infected: Trojan-Proxy.Win32.Horst.av skipped

D:\System Volume Information\_restore{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP538\A0099577.exe Infected: Trojan-Proxy.Win32.Horst.av skipped

D:\System Volume Information\_restore{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP538\A0099581.exe Infected: Trojan-Proxy.Win32.Horst.av skipped

D:\System Volume Information\_restore{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP541\A0102300.exe Infected: Trojan-Proxy.Win32.Horst.av skipped

D:\System Volume Information\_restore{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP541\A0102304.exe Infected: Trojan-Proxy.Win32.Horst.av skipped


Scan process completed.





ewido anti-spyware - Scan Report



+ Created at: 12:59:06 03/09/2006


+ Scan result:




C:\Documents and Settings\virginie gallet\Local Settings\Temp\__unin__.exe -> Adware.Altnet : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Local Settings\Temp\ -> Adware.Altnet : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Local Settings\Temp\ -> Adware.Altnet : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Local Settings\Temp\cd_clint.dll -> Adware.Cydoor : Cleaned with backup (quarantined).

HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned with backup (quarantined).

C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> Adware.PeerNet : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Local Settings\Temp\remove.exe -> Downloader.Keenval.f : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet.ACER-86U03S59CR\Local Settings\Temp\25exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet.ACER-86U03S59CR\Local Settings\Temp\91exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@247realmedia[3].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet.ACER-86U03S59CR\Cookies\virginie gallet@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@atdmt[4].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet.ACER-86U03S59CR\Cookies\virginie gallet@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@bluestreak[3].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Local Settings\Temp\Cookies\virginie gallet@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@fl01.ct2.comclick[3].txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet.ACER-86U03S59CR\Cookies\virginie gallet@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@doubleclick[3].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@estat[2].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@estat[3].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Local Settings\Temp\Cookies\virginie gallet@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@webpdp.gator[2].txt -> TrackingCookie.Gator : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet.ACER-86U03S59CR\Cookies\virginie gallet@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@valueclick[3].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet.ACER-86U03S59CR\Cookies\virginie gallet@weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@weborama[1].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).

C:\Documents and Settings\virginie gallet\Cookies\virginie gallet@weborama[4].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).



::Report end


Script clean par Malekal_morte -


Microsoft Windows XP [version 5.1.2600]

Script execute en mode sans echec


*** Suppression de fichiers sur C:


*** Suppression des fichiers dans C:\WINDOWS\


*** Suppression des fichiers dans C:\WINDOWS\system32



*** Suppression des clefs du registre effectuee..



Logfile of HijackThis v1.99.1

Scan saved at 15:19:07, on 03/09/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:








C:\Documents and Settings\virginie gallet.ACER-86U03S59CR\Bureau\Scanner.exe.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"


O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: 2.0.lnk = C:\Program Files\ 2.0\program\quickstart.exe

O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)




