salut a tous,
depuis que j'ai formaté mon pc un raccourci nommé "e1xplrer" c'est installer dans mon bureau, dans mes documents et dans un dossier nomé QUICK LUNCH j'ai beau le suprimé il revien toujour. J'ai aussi ma page de demarrage qui c'est modifier qui me donne comme adresse http://www.1987324.com/?301 et une fenetre qui s'ouvre au demarrage avec comme titre ladresse de la nouvelle page de demarrage et lorsque je ferme cette fenetre el m'ouvre cette page internet.
je voulais donc savoir comment enlever tous sa svp j'ai deja passé smitfraudix et spybot merci

Bonjour,

Poste un rapport Hijackthis :

• Télécharge Hijackthis
• Mets le dans un dossier ou sur ton bureau
• Lance l'application
• Choisis l'option Do a system scan and save a logfile
• Copie/Colle le rapport ici

Aide sur Hijackthis

Bonjour

Télécharge HijackThis v1.99.1
http://pchelpbordeaux.free.fr/fram [...] his_vf.exe
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm

Fais un scan et poste l'analyse.

Un peu en retard Chercheur ;-)

voila le rapport:

Logfile of HijackThis v1.99.1
Scan saved at 16:42:53, on 30/06/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\fswinsys.exe
C:\WINDOWS\System32\LckFldService.exe
C:\WINDOWS\System32\tkkqy.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tkkqy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sysmon.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\CURITY~1\tracert.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dbsmyy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\tkkqy.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\marouane\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?301
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\tkkqy.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\winsock\csrss.exe,fgqujek.exe
O2 - BHO: (no name) - {538E7B0E-EDC6-9619-9A9F-90FC2DFFB5C1} - C:\WINDOWS\System32\gasgieex.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [Realtek Sound Managers] lkycmdgf.exe
O4 - HKLM\..\Run: [MSNS PLUS XP2] msnnsg.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\sysmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [wmed1.exe] C:\WINDOWS\TEMP\wmed1.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe
O4 - HKLM\..\RunServices: [Realtek Sound Managers] lkycmdgf.exe
O4 - HKLM\..\RunServices: [MSNS PLUS XP2] msnnsg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Bosh] "C:\WINDOWS\CURITY~1\tracert.exe" -vt yazr
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [_Windows] C:\WINDOWS\WinSecurity\services.exe
O4 - HKCU\..\Run: [Brshvs] C:\Documents and Settings\marouane\Application Data\W?nSxS\s?ool32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O15 - Trusted Zone: www.1987324.com
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 9933926125
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JA [...] anager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{60AA79FD-24DD-4707-84DA-76728A702D05}: NameServer = 85.255.116.86,85.255.112.157
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - (no file)
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi268906.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE (file missing)
O23 - Service: fsecure 2006 (fsecure) - Unknown owner - C:\WINDOWS\fswinsys.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\System32\LckFldService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows TCP/IP Socket Driver (winsck) - Unknown owner - C:\WINDOWS\winsock\csrss.exe (file missing)

Je m'occupe de ton rapport, patiente

Imprime ces instructions si nécessaire car il va y avoir un redémarrage de l'ordinateur.

Télécharge le FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes:

O17 - HKLM\System\CCS\Services\Tcpip\..\{60AA79FD-24DD-4707-84DA-76728A702D05}: NameServer = 85.255.116.86,85.255.112.157

Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.

A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis.
Installe Ewido
Lance Ewido puis mets le à jour en cliquant sur " Update Now "
Ferme le programme.
Aide sur Ewido de Rub_Mic

Redémarre en mode sans échec

Relance Ewido puis choisis l'onglet " Scanner "
Fais un " Complete System Scan "
** Si un fichier est infecté, choisis l'option " Apply All Actions " en fin d'analyse **
Clique sur " Save Report " puis sur " Save Report As "
Enregistre ce fichier .txt sur ton bureau, Copie/Colle le ici en mode normal.

voila le raport de fixwareout:

Fixwareout ver 1.003
Last edited 04/26/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is lagitamate

»»»»» Search by size and names...

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal

et voila celui de hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 17:09:18, on 30/06/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\aspi268906.exe
C:\WINDOWS\fswinsys.exe
C:\WINDOWS\System32\LckFldService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dbsmyy.exe
C:\WINDOWS\System32\tkkqy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tkkqy.exe
C:\WINDOWS\System32\tkkqy.exe
C:\WINDOWS\System32\lkycmdgf.exe
C:\WINDOWS\System32\sysmon.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\CURITY~1\tracert.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\marouane\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe
C:\Program Files\MSN\MSN Explorer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\marouane\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?301
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\tkkqy.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\winsock\csrss.exe,fgqujek.exe
O2 - BHO: (no name) - {538E7B0E-EDC6-9619-9A9F-90FC2DFFB5C1} - C:\WINDOWS\System32\gasgieex.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [Realtek Sound Managers] lkycmdgf.exe
O4 - HKLM\..\Run: [MSNS PLUS XP2] msnnsg.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\sysmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [wmed1.exe] C:\WINDOWS\TEMP\wmed1.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [Realtek Sound Managers] lkycmdgf.exe
O4 - HKLM\..\RunServices: [MSNS PLUS XP2] msnnsg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Bosh] "C:\WINDOWS\CURITY~1\tracert.exe" -vt yazr
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [_Windows] C:\WINDOWS\WinSecurity\services.exe
O4 - HKCU\..\Run: [Brshvs] C:\Documents and Settings\marouane\Application Data\W?nSxS\s?ool32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O15 - Trusted Zone: www.1987324.com
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 9933926125
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JA [...] anager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - (no file)
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi268906.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE (file missing)
O23 - Service: fsecure 2006 (fsecure) - Unknown owner - C:\WINDOWS\fswinsys.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\System32\LckFldService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows TCP/IP Socket Driver (winsck) - Unknown owner - C:\WINDOWS\winsock\csrss.exe (file missing)

je suis maintnant en train de telecharger ewido et je vous tien au courant du resultat final dans un instant...

Apres Ewido, on finira a la main avec Hijackthis.

voila dsl pour le retard mais sa a mis beaucoup de temps pour le scan donc voila le rapport:

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 17:53:29 30/06/2006

+ Scan result:



C:\WINDOWS\system32\pushow49.dll -> Adware.AdvertMen : Cleaned with backup (quarantined).
C:\Program Files\Services en ligne\Connectez-vous en ligne avec MSN.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\LinkOptimizer\LinkOptimizer.dll -> Adware.LinkOptimizer : Cleaned with backup (quarantined).
C:\WINDOWS\em.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gasgieex.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ntvdm.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Fichiers communs\fuuw\fuuwd\fuuwc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\WINDOWS\system32\LKYCMDGF.EXE.$DIS -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\WINDOWS\system32\MSNNSG.0XE -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fswinsys.exe -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sysfind.exe -> Dialer.Archiviosex.c : Cleaned with backup (quarantined).
C:\WINDOWS\system32\senssrv.dll -> Downloader.Agent.afl : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winbymhà.exe -> Downloader.Agent.amt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\wincwkeà.exe -> Downloader.Agent.amt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\windsaxfaÑ.exe -> Downloader.Agent.amt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winfcbww¥.exe -> Downloader.Agent.amt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winhkrksjÊ.exe -> Downloader.Agent.amt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winkcdrà.exe -> Downloader.Agent.amt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winlgrrc¥.exe -> Downloader.Agent.amt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winlixtà.exe -> Downloader.Agent.amt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winlpmlq¥.exe -> Downloader.Agent.amt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winpibjqcÊ.exe -> Downloader.Agent.amt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winpphnbxÊ.exe -> Downloader.Agent.amt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winpqevà.exe -> Downloader.Agent.amt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winqvcià.exe -> Downloader.Agent.amt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winsrsjà.exe -> Downloader.Agent.amt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winuteofwÑ.exe -> Downloader.Agent.amt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winwqaaà.exe -> Downloader.Agent.amt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winxisià.exe -> Downloader.Agent.amt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winyfjgj¥.exe -> Downloader.Agent.amt : Cleaned with backup (quarantined).
C:\WINDOWS\winres.dll -> Downloader.IstBar.ff : Cleaned with backup (quarantined).
C:\WINDOWS\system32\auauipo.dll -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cbcbjvs.exe -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kokopa.exe -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lklkk.dll -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vyvyw.dat -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fgqujek.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jisnphv.dll -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tkkqy.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
[720] C:\WINDOWS\System32\jisnphv.dll -> Downloader.Qoologic.bj : Error during cleaning.
[736] C:\WINDOWS\System32\dbsmyy.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
[764] C:\WINDOWS\System32\tkkqy.exe -> Downloader.Qoologic.bj : Error during cleaning.
[784] C:\WINDOWS\System32\tkkqy.exe -> Downloader.Qoologic.bj : Error during cleaning.
[792] C:\WINDOWS\System32\tkkqy.exe -> Downloader.Qoologic.bj : Error during cleaning.
C:\WINDOWS\Temp\winD7.tmp.exe -> Downloader.Small.cvw : Cleaned with backup (quarantined).
C:\Program Files\Shareaza\Downloads\02 jeux d'enfants 55.zip/install.exe -> Hijacker.Agent.hi : Cleaned with backup (quarantined).
C:\Program Files\Shareaza\Downloads\sabrina stop 11.rar/setup.exe -> Hijacker.Agent.hi : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winodaor¥.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cdvxdraw32.dll -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wmrandv32.dll -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\WINDOWS\comdlg66.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\WINDOWS\system32\clcbt.exe -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ipod.raw.exe -> Proxy.Lager.bj : Cleaned with backup (quarantined).
C:\WINDOWS\winsock\CSRSS.0XE -> Proxy.Ranky.fq : Cleaned with backup (quarantined).
C:\Documents and Settings\marouane\Application Data\Microsoft\dcom_15.dll -> Proxy.Xmiler.a : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll -> Proxy.Xorpix.v : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll~ -> Proxy.Xorpix.v : Cleaned with backup (quarantined).
C:\Documents and Settings\hinde\Cookies\hinde@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\marouane\Cookies\marouane@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\hinde\Cookies\hinde@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\soufiane\Cookies\soufiane@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\hinde\Cookies\hinde@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\marouane\Cookies\marouane@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\hinde\Cookies\hinde@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\soufiane\Cookies\soufiane@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\hinde\Cookies\hinde@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\soufiane\Cookies\soufiane@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\hinde\Cookies\hinde@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\hinde\Cookies\hinde@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\hinde\Cookies\hinde@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\hinde\Cookies\hinde@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\hinde\Cookies\hinde@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\system32\dcom_12.dll -> Trojan.Agent.nl : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\f481487017f10424cfe314ff4aa75b75_35.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\WINDOWS\system32:riaa.dll -> Trojan.Agent.vp : Cleaned with backup (quarantined).
C:\Documents and Settings\marouane\Application Data\tofareraci\systvmrs.exe -> Trojan.Dialer.hc : Cleaned with backup (quarantined).
C:\WINDOWS\system32\maxd641.exe -> Trojan.Dialer.pw : Cleaned with backup (quarantined).
C:\WINDOWS\thiselt.exe -> Trojan.Popuper : Cleaned with backup (quarantined).


::Report end

Reposte un rapport Hijackthis