Informastuce

Bonjour,

N'oublie pas de potser les rapports demandés Wink

Je regarderai tout ça quand tu auras posté salut

Nouveau Age : 16 Inscrit le : 31 Mar 2007 Messages : 35 Configuration : 2000

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 20:39:27 2007-04-01

+ Résultat de l'analyse:

C:\Program Files\Video ActiveX Object -> Adware.Generic : Aucune action entreprise.
C:\Program Files\Video ActiveX Object\iesplugin.dll -> Adware.Generic : Aucune action entreprise.
C:\Program Files\Video ActiveX Object\iesuninst.exe -> Adware.Generic : Aucune action entreprise.
C:\Program Files\Video ActiveX Object\isaddon.dll -> Adware.Generic : Aucune action entreprise.
C:\Program Files\Video ActiveX Object\isamini.exe -> Adware.Generic : Aucune action entreprise.
C:\Program Files\Video ActiveX Object\isamonitor.exe -> Adware.Generic : Aucune action entreprise.
C:\Program Files\Video ActiveX Object\isauninst.exe -> Adware.Generic : Aucune action entreprise.
C:\Program Files\Video ActiveX Object\ot.ico -> Adware.Generic : Aucune action entreprise.
C:\Program Files\Video ActiveX Object\pmmon.exe -> Adware.Generic : Aucune action entreprise.
C:\Program Files\Video ActiveX Object\pmsngr.exe -> Adware.Generic : Aucune action entreprise.
C:\Program Files\Video ActiveX Object\pmuninst.exe -> Adware.Generic : Aucune action entreprise.
C:\Program Files\Video ActiveX Object\ts.ico -> Adware.Generic : Aucune action entreprise.
C:\Program Files\Video ActiveX Object\uninst.exe -> Adware.Generic : Aucune action entreprise.
HKLM\SOFTWARE\Classes\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.Generic : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.Generic : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.IntCodec : Aucune action entreprise.
HKU\S-1-5-21-602162358-1303643608-1801674531-1000\Software\Internet Security -> Adware.IntCodec : Aucune action entreprise.
C:\Documents and Settings\Jacqueline\Bureau\old\C\old-jacqueline4juill\old jacqueline\E\Program Files\Fichiers communs\WinFixer 2005\FCrXML.dll -> Adware.Winfixer : Aucune action entreprise.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\S5Q3KTEB\framecj[1].htm -> Downloader.Small.zbi : Aucune action entreprise.
C:\Program Files\eMule\Incoming\Cyberlink.PowerDVD.Deluxe.v7.0.Multilingual.Incl.Keymaker-CORE.rar/Cyberlink.PowerDVD.Deluxe.v7.0.Multilingual.Incl.Keymaker-CORE\keygen.exe -> Logger.Banker.ba : Aucune action entreprise.
C:\WINNT\system32\urroxtl.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Aucune action entreprise.
:mozilla.245:C:\Documents and Settings\Jacqueline\Bureau\old\C\old-jacqueline4juill\old jacqueline\E\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\kx58wtta.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.246:C:\Documents and Settings\Jacqueline\Bureau\old\C\old-jacqueline4juill\old jacqueline\E\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\kx58wtta.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.247:C:\Documents and Settings\Jacqueline\Bureau\old\C\old-jacqueline4juill\old jacqueline\E\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\kx58wtta.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.248:C:\Documents and Settings\Jacqueline\Bureau\old\C\old-jacqueline4juill\old jacqueline\E\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\kx58wtta.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.249:C:\Documents and Settings\Jacqueline\Bureau\old\C\old-jacqueline4juill\old jacqueline\E\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\kx58wtta.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.632:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\e4d8bgdm.default\cookies-1.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.633:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\e4d8bgdm.default\cookies-1.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.634:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\e4d8bgdm.default\cookies-1.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.635:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\e4d8bgdm.default\cookies-1.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.636:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\e4d8bgdm.default\cookies-1.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.637:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\e4d8bgdm.default\cookies-1.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\Documents and Settings\Jacqueline\Bureau\old\C\old-jacqueline4juill\old jacqueline\E\Documents and Settings\Client\Cookies\client@247realmedia[2].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.10:C:\Documents and Settings\Jacqueline\Bureau\old\C\old-jacqueline4juill\old jacqueline\E\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\kx58wtta.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.11:C:\Documents and Settings\Jacqueline\Bureau\old\C\old-jacqueline4juill\old jacqueline\E\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\kx58wtta.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.12:C:\Documents and Settings\Jacqueline\Bureau\old\C\old-jacqueline4juill\old jacqueline\E\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\kx58wtta.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.13:C:\Documents and Settings\Jacqueline\Bureau\old\C\old-jacqueline4juill\old jacqueline\E\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\kx58wtta.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.14:C:\Documents and Settings\Jacqueline\Bureau\old\C\old-jacqueline4juill\old jacqueline\E\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\kx58wtta.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.15:C:\Documents and Settings\Jacqueline\Bureau\old\C\old-jacqueline4juill\old jacqueline\E\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\kx58wtta.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.403:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\e4d8bgdm.default\cookies-1.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.404:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\e4d8bgdm.default\cookies-1.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.405:C:\Documents and Settings\Jacqueline\Application Data\Mozilla\Firefox\Profiles\e4d8bgdm.default\cookies-1.txt -> TrackingCookie.2o7 : Aucune action entreprise.
...

Nouveau Age : 16 Inscrit le : 31 Mar 2007 Messages : 35 Configuration : 2000

Logfile of HijackThis v1.99.1
Scan saved at 17:19:13, on 2007-04-01
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\runservice.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RunDLL32.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\internat.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\unzipped\hijackthis\bonjour.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18A99A3D-CE18-422C-8629-2AD5BBC539B4} - C:\WINNT\system32\pmnnl.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINNT\system32\wunonvap.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Fichiers communs\{3064EA94-0702-1036-0424-020315050002}\MyToolBar.dll (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Fichiers communs\{3064EA94-0702-1036-0424-020315050002}\MyToolBar.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] :"C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] :C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PVModule] :C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINNT\system32\kapxwuqf.dll",setvm
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINNT\system32\emttpgdh.dll",setvm
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINNT\system32\dthfmvgk.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152070384484
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: pmnnl - C:\WINNT\system32\pmnnl.dll
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - C:\WINNT\system32\nbbrhbd.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Nouveau Age : 16 Inscrit le : 31 Mar 2007 Messages : 35 Configuration : 2000

VundoFix V6.3.18

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 20:41:42 2007-04-01

Listing files found while scanning....

C:\Documents and settings\Jacqueline\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Jacqueline\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINNT\system32\bhvxsbns.dll
C:\WINNT\system32\bxvxyiuc.dll
C:\WINNT\system32\clvtlnay.dll
C:\WINNT\system32\dkradlce.dll
C:\WINNT\system32\dthfmvgk.dll
C:\WINNT\system32\emttpgdh.dll
C:\WINNT\system32\hdgpttme.ini
C:\WINNT\system32\hvixoxvu.dll
C:\WINNT\system32\kgvmfhtd.ini
C:\WINNT\system32\lnnmp.bak1
C:\WINNT\system32\lnnmp.bak2
C:\WINNT\system32\lnnmp.ini
C:\WINNT\system32\lnnmp.ini2
C:\WINNT\system32\lnnmp.tmp
C:\WINNT\system32\lnxinrtl.dll
C:\WINNT\system32\pmnnl.dll
C:\WINNT\system32\sghsiyst.dll
C:\WINNT\system32\wunonvap.dll
C:\WINNT\system32\yhuudity.dll

Beginning removal...

Attempting to delete C:\Documents and settings\Jacqueline\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Jacqueline\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\Jacqueline\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Jacqueline\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\WINNT\system32\dthfmvgk.dll
C:\WINNT\system32\dthfmvgk.dll Has been deleted!

Attempting to delete C:\WINNT\system32\emttpgdh.dll
C:\WINNT\system32\emttpgdh.dll Has been deleted!

Attempting to delete C:\WINNT\system32\hdgpttme.ini
C:\WINNT\system32\hdgpttme.ini Has been deleted!

Attempting to delete C:\WINNT\system32\kgvmfhtd.ini
C:\WINNT\system32\kgvmfhtd.ini Has been deleted!

Attempting to delete C:\WINNT\system32\lnnmp.bak1
C:\WINNT\system32\lnnmp.bak1 Has been deleted!

Attempting to delete C:\WINNT\system32\lnnmp.bak2
C:\WINNT\system32\lnnmp.bak2 Has been deleted!

Attempting to delete C:\WINNT\system32\lnnmp.ini
C:\WINNT\system32\lnnmp.ini Has been deleted!

Attempting to delete C:\WINNT\system32\lnnmp.ini2
C:\WINNT\system32\lnnmp.ini2 Has been deleted!

Attempting to delete C:\WINNT\system32\lnnmp.tmp
C:\WINNT\system32\lnnmp.tmp Has been deleted!

Attempting to delete C:\WINNT\system32\pmnnl.dll
C:\WINNT\system32\pmnnl.dll Could not be deleted.

Attempting to delete C:\WINNT\system32\wunonvap.dll
C:\WINNT\system32\wunonvap.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINNT\system32\lnnmp.ini
C:\WINNT\system32\lnnmp.ini Has been deleted!

Performing Repairs to the registry.
Done!

Nouveau Age : 16 Inscrit le : 31 Mar 2007 Messages : 35 Configuration : 2000

SmitFraudFix v2.162

Rapport fait à 16:24:04,10, dim. 2007-04-01
Executé à partir de C:\unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\runservice.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\Video ActiveX Object\pmmon.exe
C:\WINNT\system32\RunDLL32.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32

C:\WINNT\system32\urroxtl.dll PRESENT !
C:\WINNT\system32\components\flx?.dll PRESENT !
C:\WINNT\system32\components\flx??.dll PRESENT !
C:\WINNT\system32\components\flx???.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jacqueline

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jacqueline\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JACQUE~1\Favoris

C:\DOCUME~1\JACQUE~1\Favoris\Antivirus Test Online.url PRESENT !
C:\DOCUME~1\JACQUE~1\Favoris\Online Security Test.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video ActiveX Object\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"

[HKEY_CLASSES_ROOT\CLSID\{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}\InProcServer32]
@="C:\WINNT\system32\nbbrhbd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}\InProcServer32]
@="C:\WINNT\system32\nbbrhbd.dll"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.B)
DNS Server Search Order: 192.168.0.1

Description: D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.B)
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0CEC8CA6-038A-49A2-8292-82F4DA68894A}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E094A045-A02E-40CD-918A-2417D32E0C45}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FB47CB8C-3736-4428-BD86-A9E18D55B891}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0CEC8CA6-038A-49A2-8292-82F4DA68894A}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E094A045-A02E-40CD-918A-2417D32E0C45}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FB47CB8C-3736-4428-BD86-A9E18D55B891}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0CEC8CA6-038A-49A2-8292-82F4DA68894A}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E094A045-A02E-40CD-918A-2417D32E0C45}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FB47CB8C-3736-4428-BD86-A9E18D55B891}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Nouveau Age : 16 Inscrit le : 31 Mar 2007 Messages : 35 Configuration : 2000

tient il en manque un mais je n'ai pas faite cette étape...

Bonjour. Il y a du boulot.

I) Tu n'as rien supprimé de ce qu'AVGA a trouvé :

Nouveau Age : 16 Inscrit le : 31 Mar 2007 Messages : 35 Configuration : 2000

bonjour je refait ca et je post

A tout de suite Wink

Nouveau Age : 16 Inscrit le : 31 Mar 2007 Messages : 35 Configuration : 2000

je l'ai fait avec AVG et j'ai tout suprimer les fichier problématique...

mais j'ai oublier de sauvedarder le fichier ...

Bonsoir.

Pas grave tant que tu as supprimé les fichiers infectés.

Continue la procédure Wink

Nouveau Age : 16 Inscrit le : 31 Mar 2007 Messages : 35 Configuration : 2000

SmitFraudFix v2.162

Rapport fait à 16:24:04,10, dim. 2007-04-01
Executé à partir de C:\unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\runservice.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\Video ActiveX Object\pmmon.exe
C:\WINNT\system32\RunDLL32.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32

C:\WINNT\system32\urroxtl.dll PRESENT !
C:\WINNT\system32\components\flx?.dll PRESENT !
C:\WINNT\system32\components\flx??.dll PRESENT !
C:\WINNT\system32\components\flx???.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jacqueline

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jacqueline\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JACQUE~1\Favoris

C:\DOCUME~1\JACQUE~1\Favoris\Antivirus Test Online.url PRESENT !
C:\DOCUME~1\JACQUE~1\Favoris\Online Security Test.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video ActiveX Object\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"

[HKEY_CLASSES_ROOT\CLSID\{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}\InProcServer32]
@="C:\WINNT\system32\nbbrhbd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}\InProcServer32]
@="C:\WINNT\system32\nbbrhbd.dll"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.B)
DNS Server Search Order: 192.168.0.1

Description: D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.B)
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0CEC8CA6-038A-49A2-8292-82F4DA68894A}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E094A045-A02E-40CD-918A-2417D32E0C45}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FB47CB8C-3736-4428-BD86-A9E18D55B891}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0CEC8CA6-038A-49A2-8292-82F4DA68894A}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E094A045-A02E-40CD-918A-2417D32E0C45}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FB47CB8C-3736-4428-BD86-A9E18D55B891}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0CEC8CA6-038A-49A2-8292-82F4DA68894A}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E094A045-A02E-40CD-918A-2417D32E0C45}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FB47CB8C-3736-4428-BD86-A9E18D55B891}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin