RESOLU .....SPAM

[oGu]

Nickel. J'attends la suite.

[galahad97]

j'ai pas de firefox

je pense que les fichiers qui reste sont des traces de ce qu'il y avait avant

J'ai repris ce PC avec l'ntreprise et il se peut que le ménage ait été mal fait

que fais je?

[galahad97]

rapport HJ:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:53:24, on 25/05/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\keyhook.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\WINDOW~3\MESSEN~1\msnmsgr.exe

C:\WINDOWS\system32\sistray.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\acer\eRecovery\Monitor.exe

C:\Acer\eManager\anbmServ.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wanadoo.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~3\MESSEN~1\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?91bb5a865fe846ecac54c8549e222c2e

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?91bb5a865fe846ecac54c8549e222c2e

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150063111484

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

 

--

End of file - 9357 bytes

[galahad97]

rapport antivir:

 

 

Avira AntiVir Personal

Report file date: dimanche 25 mai 2008 14:08

 

Scanning for 1286436 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Save mode

Username: Anne

Computer name: PORTABLE2

 

Version information:

BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 15/04/2008 11:22:38

AVSCAN.DLL : 8.1.1.0 53505 Bytes 15/04/2008 11:22:38

LUKE.DLL : 8.1.2.9 151809 Bytes 15/04/2008 11:22:38

LUKERES.DLL : 8.1.2.1 12033 Bytes 15/04/2008 11:22:38

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 19:27:16

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 21:42:08

ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 00:25:32

ANTIVIR3.VDF : 7.0.4.88 158720 Bytes 25/05/2008 13:53:08

Engineversion : 8.1.0.46

AEVDF.DLL : 8.1.0.5 102772 Bytes 15/04/2008 11:22:38

AESCRIPT.DLL : 8.1.0.33 266618 Bytes 15/05/2008 23:26:30

AESCN.DLL : 8.1.0.18 119156 Bytes 15/05/2008 23:26:26

AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 18:07:18

AEPACK.DLL : 8.1.1.5 364918 Bytes 15/05/2008 23:26:22

AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19/04/2008 12:36:34

AEHEUR.DLL : 8.1.0.29 1253750 Bytes 15/05/2008 23:26:08

AEHELP.DLL : 8.1.0.14 115063 Bytes 19/04/2008 12:36:24

AEGEN.DLL : 8.1.0.21 303477 Bytes 15/05/2008 23:25:54

AEEMU.DLL : 8.1.0.6 430451 Bytes 07/05/2008 23:25:14

AECORE.DLL : 8.1.0.29 168311 Bytes 15/05/2008 23:25:48

AVWINLL.DLL : 1.0.0.7 14593 Bytes 15/04/2008 11:22:38

AVPREF.DLL : 8.0.0.1 25857 Bytes 15/04/2008 11:22:38

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 18:16:24

AVREG.DLL : 8.0.0.0 30977 Bytes 15/04/2008 11:22:38

AVARKT.DLL : 1.0.0.23 307457 Bytes 15/04/2008 11:22:38

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 15/04/2008 11:22:38

SQLITE3.DLL : 3.3.17.1 339968 Bytes 15/04/2008 11:22:38

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 15/04/2008 11:22:38

NETNT.DLL : 8.0.0.1 7937 Bytes 15/04/2008 11:22:38

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 15/04/2008 11:22:34

RCTEXT.DLL : 8.0.32.0 86273 Bytes 15/04/2008 11:22:34

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: repair

Secondary action.................: delete

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: dimanche 25 mai 2008 14:08

 

Starting search for hidden objects.

The driver could not be initialized.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'Explorer.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

11 processes with 11 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '47' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <ACER>

C:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <ACERDATA>

 

 

End of the scan: dimanche 25 mai 2008 15:05

Used time: 56:52 min

 

The scan has been done completely.

 

5020 Scanning directories

364438 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

364438 Files not concerned

7085 Archives were scanned

1 Warnings

0 Notes

[galahad97]

pour le nota dont tu fais état, je suis d'accord avec toi:

mais à part quelque survole de site de classe X , rien de crack ou autres. De plus après chaque visite où il y a un potentiel de risque je lance antivir après.

mais force est de constater que cela n'est pas suffisant alors on va supprimer ces visites et j'espère en avoir fini avec ses ennuis.

Quoiqu'il en soit merci pour tout ce que tu fais, toi et tes collègues bien entendu.

[galahad97]

rapport malware

Malwarebytes' Anti-Malware 1.09

Version de la base de données: 560

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 98376

Temps écoulé: 21 minute(s), 4 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 26

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\system32\MSNSA32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\system32\SIPSPI32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\Installer\id53.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\licencia.txt (Malware.Trace) -> No action taken.

C:\WINDOWS\telefonos.txt (Malware.Trace) -> No action taken.

C:\WINDOWS\textos.txt (Malware.Trace) -> No action taken.

[galahad97]

rapport malware

Malwarebytes' Anti-Malware 1.09

Version de la base de données: 560

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 98376

Temps écoulé: 21 minute(s), 4 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 26

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\system32\MSNSA32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\system32\SIPSPI32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\Installer\id53.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\licencia.txt (Malware.Trace) -> No action taken.

C:\WINDOWS\telefonos.txt (Malware.Trace) -> No action taken.

C:\WINDOWS\textos.txt (Malware.Trace) -> No action taken.

[galahad97]

RAPPORT EWIDO:

__________________________________________________

ewido anti-spyware online scanner

http://www.ewido.net

__________________________________________________

 

 

Name: TrackingCookie.Estat

Path: C:\Documents and Settings\Anne\Cookies\anne@estat[1].txt

Risk: Medium

 

Name: TrackingCookie.Smartadserver

Path: C:\Documents and Settings\Anne\Cookies\anne@smartadserver[2].txt

Risk: Medium

 

Name: TrackingCookie.Pointroll

Path: C:\Documents and Settings\Anne\Cookies\anne@ads.pointroll[1].txt

Risk: Medium

 

Name: TrackingCookie.Atdmt

Path: C:\Documents and Settings\Anne\Cookies\anne@atdmt[2].txt

Risk: Medium

 

Name: TrackingCookie.Adtech

Path: C:\Documents and Settings\Anne\Cookies\anne@adtech[1].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\Anne\Cookies\anne@laredoute.solution.weborama[2].txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: C:\Documents and Settings\Anne\Cookies\anne@serving-sys[1].txt

Risk: Medium

 

Name: TrackingCookie.Webtrends

Path: C:\Documents and Settings\Anne\Cookies\anne@m.webtrends[1].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\Anne\Cookies\anne@searchmobile.solution.weborama[2].txt

Risk: Medium

 

Name: TrackingCookie.Estat

Path: C:\Documents and Settings\Anne\Cookies\anne@estat[2].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\Anne\Cookies\anne@cetelem.solution.weborama[2].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\Anne\Cookies\anne@aimfar.solution.weborama[1].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\Anne\Cookies\anne@samsung.solution.weborama[2].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\Anne\Cookies\anne@francecredit2.solution.weborama[1].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\Anne\Cookies\anne@weborama[1].txt

Risk: Medium

 

Name: TrackingCookie.Dealtime

Path: C:\Documents and Settings\Anne\Cookies\anne@dealtime[2].txt

Risk: Medium

 

Name: TrackingCookie.Epilot

Path: C:\Documents and Settings\Anne\Cookies\anne@www.epilot[1].txt

Risk: Medium

 

Name: TrackingCookie.Findwhat

Path: C:\Documents and Settings\Anne\Cookies\anne@findwhat[1].txt

Risk: Medium

 

Name: TrackingCookie.Tribalfusion

Path: C:\Documents and Settings\Anne\Cookies\anne@tribalfusion[1].txt

Risk: Medium

 

Name: TrackingCookie.Dealtime

Path: C:\Documents and Settings\Anne\Cookies\anne@stat.dealtime[2].txt

Risk: Medium

 

Name: TrackingCookie.Smartadserver

Path: C:\Documents and Settings\Anne\Cookies\anne@smartadserver[3].txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: C:\Documents and Settings\Anne\Cookies\anne@ice.112.2o7[1].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\Anne\Cookies\anne@emiratespromos2008.solution.weborama[2].txt

Risk: Medium

 

Name: TrackingCookie.Comclick

Path: C:\Documents and Settings\Anne\Cookies\anne@fl01.ct2.comclick[1].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\Anne\Cookies\anne@jardindorante.solution.weborama[2].txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: C:\Documents and Settings\Anne\Cookies\anne@bs.serving-sys[2].txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: C:\Documents and Settings\Anne\Cookies\anne@msnportal.112.2o7[1].txt

Risk: Medium

 

Name: TrackingCookie.Mediaplex

Path: C:\Documents and Settings\PAT\Cookies\pat@mediaplex[1].txt

Risk: Medium

 

Name: TrackingCookie.Doubleclick

Path: C:\Documents and Settings\PAT\Cookies\pat@doubleclick[2].txt

Risk: Medium

 

Name: TrackingCookie.Estat

Path: C:\Documents and Settings\PAT\Cookies\pat@estat[1].txt

Risk: Medium

 

Name: TrackingCookie.Adtech

Path: C:\Documents and Settings\PAT\Cookies\pat@adtech[1].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\PAT\Cookies\pat@laredoute.solution.weborama[2].txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: C:\Documents and Settings\PAT\Cookies\pat@aolfr.122.2o7[1].txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: C:\Documents and Settings\PAT\Cookies\pat@2o7[1].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\PAT\Cookies\pat@weborama[2].txt

Risk: Medium

 

Name: TrackingCookie.Atdmt

Path: C:\Documents and Settings\PAT\Cookies\pat@atdmt[2].txt

Risk: Medium

 

Name: TrackingCookie.Advertising

Path: C:\Documents and Settings\PAT\Cookies\pat@advertising[2].txt

Risk: Medium

 

Name: TrackingCookie.Bluestreak

Path: C:\Documents and Settings\PAT\Cookies\pat@bluestreak[1].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\PAT\Cookies\pat@cetelem.solution.weborama[2].txt

Risk: Medium

 

Name: TrackingCookie.Smartadserver

Path: C:\Documents and Settings\PAT\Cookies\pat@smartadserver[2].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\PAT\Cookies\pat@emiratespromos2008.solution.weborama[2].txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: C:\Documents and Settings\PAT\Cookies\pat@serving-sys[1].txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: C:\Documents and Settings\PAT\Cookies\pat@bs.serving-sys[2].txt

Risk: Medium

 

Name: TrackingCookie.Webtrends

Path: C:\Documents and Settings\PAT\Cookies\pat@m.webtrends[2].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\PAT\Cookies\pat@nestle.solution.weborama[2].txt

Risk: Medium

 

Name: TrackingCookie.Adviva

Path: C:\Documents and Settings\Administrateur\Cookies\administrateur@adviva[1].txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: C:\Documents and Settings\Administrateur\Cookies\administrateur@bs.serving-sys[2].txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: C:\Documents and Settings\Administrateur\Cookies\administrateur@serving-sys[2].txt

Risk: Medium

 

Name: TrackingCookie.Doubleclick

Path: C:\Documents and Settings\Administrateur\Cookies\administrateur@doubleclick[1].txt

Risk: Medium

 

Name: TrackingCookie.Smartadserver

Path: C:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[1].txt

Risk: Medium

 

Name: TrackingCookie.Bluestreak

Path: C:\Documents and Settings\Administrateur\Cookies\administrateur@bluestreak[2].txt

Risk: Medium

 

Name: TrackingCookie.Webtrends

Path: C:\Documents and Settings\Administrateur\Cookies\administrateur@m.webtrends[2].txt

Risk: Medium

 

Name: TrackingCookie.Tradedoubler

Path: C:\Documents and Settings\Administrateur\Cookies\administrateur@tradedoubler[2].txt

Risk: Medium

 

Name: TrackingCookie.Mediaplex

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@mediaplex[1].txt

Risk: Medium

 

Name: TrackingCookie.Bluestreak

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@bluestreak[2].txt

Risk: Medium

 

Name: TrackingCookie.Advertising

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@advertising[1].txt

Risk: Medium

 

Name: TrackingCookie.Smartadserver

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@www.smartadserver[1].txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@bs.serving-sys[1].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@weborama[2].txt

Risk: Medium

 

Name: TrackingCookie.Pointroll

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@ads.pointroll[2].txt

Risk: Medium

 

Name: TrackingCookie.Comclick

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@fl01.ct2.comclick[2].txt

Risk: Medium

 

Name: TrackingCookie.Atdmt

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@atdmt[1].txt

Risk: Medium

 

Name: TrackingCookie.Estat

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@estat[1].txt

Risk: Medium

 

Name: TrackingCookie.Casalemedia

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@casalemedia[1].txt

Risk: Medium

 

Name: TrackingCookie.Revenue

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@revenue[2].txt

Risk: Medium

 

Name: TrackingCookie.Yieldmanager

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@ad.yieldmanager[1].txt

Risk: Medium

 

Name: TrackingCookie.Doubleclick

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@doubleclick[2].txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@serving-sys[1].txt

Risk: Medium

 

Name: TrackingCookie.Information

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@searchportal.information[2].txt

Risk: Medium

 

Name: TrackingCookie.Overture

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@overture[1].txt

Risk: Medium

 

Name: TrackingCookie.Hitbox

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@ehg-telecomitalia.hitbox[1].txt

Risk: Medium

 

Name: TrackingCookie.Hitbox

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@hitbox[2].txt

Risk: Medium

 

Name: TrackingCookie.Adtech

Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@adtech[2].txt

Risk: Medium

[oGu]

Ok.

 

Poursuivons!

 

 

HIJACKTHIS

 

• Relance HijackThis
  
• Sélectionne "Do a scan only"
  
• Coche les lignes suivantes si elles existent:
   

  R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
   
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
   
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
   
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
   
  O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
   
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

   
   
   
  
• Ferme tes navigateurs
  
• Clique en bas sur "Fix checked"
  
• Redémarre
  

 

 

 

 

EWIDO

 

 

Ewido a mis à jour des cookies traceurs sans danger. On va quand même leur faire la peau!

 

• Double-clique sur le fichier ewido_micro.exe pour l'exécuter.
  
• Connecte éventuellement tes clés USB et disques externes.
  
• Le programme va demander dès son lancement un accès internet pour se mettre à jour, accepte.
  
• Puis, un nouvel écran apparaît, assure toi que toutes les cases soient cochées.
  
• Clique sur Start Scan et laisse l'outil travailler.
  
• Quand l'outil à fini, FERME TES NAVIGATEURS puis clique sur Remove infections
  

 

 

 

SMITFRAUDFIX

 

MBAM signale des fichiers ressemblant à du SmitFraud: on va s'assurer que tout va bien de ce côté-là.

 

• Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31 en cliquant sur cette image:
   
  
   
  Désactive ton antivirus temporairement, le temps du scanner.
   
  
• Double-clic dessus pour le lancer
  
• Choisis l'option 1 et appuie sur Entrée
  
• Réponds o (Oui) aux deux questions suivantes si elles sont posées
  
• Un rapport sera généré, sauvegarde le dans un dossier
  
• Copie/colle le contenu du rapport ici
  
• Réactive ton antivirus
  

 

 

HIJACKTHIS

 

Poste un nouveau rapport s'il te plaît!

[galahad97]

Bonsoir Ogu,

 

je t'informe que lors du téléchargement de Smitfraudfix, antivir à détécter quelque chose :

"contains detection pattern of dropper Dr/tool.reboot?F93

qu'est ce que je fais?

A+