Aller au contenu

Alinus

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    11

  • Inscription

  • Dernière visite

Alinus's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Alinus
    Mon log sous Spy Sweeper m'a fait penser à celui de Claire (Chazal) après solution à ses problèmes... Dans la trusted zone, je n'ai aucun site déclaré. Effectivement, j'ai supprimé des centaines de lignes "ad-a-w-a-r-e.com ' de mon log.... Franchement, les gars, votre professionnalisme (passion ??? - je n'ai pas compris complètement l'origine de ZEb' : français, québécois ?? m'épate ...
  2. Alinus
    Oups, je ré-édite pour vider le message , je l'avais inséré deux fois...
  3. Alinus
    Bonjour Mister Ingals... 1) le message vient de Spy Sweeper 2) le contenu de hosts est exactement : 127.0.0.1 www.igetnet.com 127.0.0.1 code.ignphrases.com 127.0.0.1 clear-search.com 127.0.0.1 r1.clrsch.com 127.0.0.1 sds.clrsch.com 127.0.0.1 status.clrsch.com 127.0.0.1 www.clrsch.com 127.0.0.1 clr-sch.com 127.0.0.1 sds-qckads.com 127.0.0.1 status.qckads.com 127.0.0.1 www.qoolaid.com 127.0.0.1 www.qoologic.com 127.0.0.1 www.CLKPrecision.com 127.0.0.1 www.urllogic.com 127.0.0.1 www.clkoptimizer.com 127.0.0.1 www.isearch.com 127.0.0.1 isearch.com 127.0.0.1 www.idownload.com 127.0.0.1 idownload.com 127.0.0.1 www.mytotalsearch.com 127.0.0.1 mytotalsearch.com 127.0.0.1 www.lop.com 127.0.0.1 lop.com 127.0.0.1 www.page-not-found.net 127.0.0.1 page-not-found.net 127.0.0.1 www.isearchhere.com 127.0.0.1 isearchhere.com 127.0.0.1 xads.offeroptimizer.comm 127.0.0.1 search.offeroptimizer.com 127.0.0.1 ximages.offeroptimizer.com 127.0.0.1 xlime.offeroptimizer.com 127.0.0.1 xadsj-o.offeroptimizer.com 127.0.0.1 xadsj.offeroptimizer.com 127.0.0.1 www.webseacom 127.0.0.1 sr.adwave.com 127.0.0.1 www.adwave.com 127.0.0.1 adwave.com EVENT:HOST:127.0.0.1 127.0.0.1 www.pacimedia.com 127.0.0.1 www.pacimedia.com 127.0.0.1 www.pacimedia.com 127.0.0.1 www.offeroptimizer.com 127.0.0.1 www.pacimedia.com 127.0.0.1 www.pacimedia.com 127.0.0.1 www.pacimedia.com 127.0.0.1 as.adwave.com 127.0.0.1 www.pacimedia.com 127.0.0.1 www.pacimedia.com 127.0.0.1 www.pacimedia.com 127.0.0.1 www.websearch.com 127.0.0.1 websearch.com 127.0.0.1 www.pacimedia.com 127.0.0.1 www.pacimedia.com 127.0.0.1 www.pacimedia.com 127.0.0.1 www.pacimedia.com 127.0.0.1 www.pacimedia.com 127.0.0.1 www.pacimedia.com 127.0.0.1 www.pacimedia.com 127.0.0.1 www.pacimedia.com Qu'en penses-tu ?
  4. Alinus
    Bonjours Charles ! C'est sympa d'être repassé. J'ai pu faire un sc delete lsass , c'est la seule commande qui a été couronnée de succès. Mais je crosi que ça été suffisant, parce qu'il me semble que le log est propre... (ces 2 lignes 23 lsa server et lsass , c'était une des dernières manifestations de Sasser - que je m'étais déjà chopé - ou ce sont des trucs inutiles et trisqués trainés par XP ? Logfile of HijackThis v1.99.1 Scan saved at 08:51:39, on 20/11/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Alain\Mes documents\Unzipped\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.news.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119644501453 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe __________________________ Au fait, bien sûr, maintenant j'ai SpySweeper qui veille à l'initialisation de Windows, tu le vois d'ailleurs dans le log. A chaque fois que je surfe dans la journée sur un site (clean, quel qu'il soit) j'ai un message qui me dit que des pages net ont été rajoutées et qui me demande si je les garde ou si je veux les enlever... Comment désactiver cette proposition ? Je n'ose pas trop tripatouiller ce programme. Qui plus est , le pire est qu'il me parle d'IE , alors que je l'ai désinstallé dans le panneau de config et que j'ai dorénéavant pris FIREFOX comme navigateur
  5. Alinus
    Je viens de faire - encore - des mises à jours critiques que me conseillait TREND INTERNET SECURITY 12 (et pas windows update !..., un peu de nettoyage de registre et voilà , mon dernier log. Merci de vos conseils d'optimisation, donc et VIVE SPY SWEEPER !!!!! et les gens qui conseillent ici ... ZEBULON : THE BEST INTERNET SECURITY FORUM ON THE WEB ! Logfile of HijackThis v1.99.1 Scan saved at 08:47:27, on 19/11/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\DfrgNtfs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Alain\Mes documents\Unzipped\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.news.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119644501453 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Local Security Authority Server (LSA Server) - Logitech, Inc. - (no file) O23 - Service: Local Security Authority Subsystem Service (lsass) - Logitech, Inc. - (no file) O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe --------------
  6. Alinus
    ok, Charles ! et merci. j'attend tes conseils
  7. Alinus
    Salut Charles Je n'ai pas attendu, je piaffais d'impatience , j'ai fixé 02 et 20... et j'ai ce log, mainetant.... Ai-je encore du nettoyage à faire ? (Vous êtes des génies !) Logfile of HijackThis v1.99.1 Scan saved at 00:37:41, on 19/11/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\Program Files\The Cleaner\tca.exe C:\Program Files\The Cleaner\tcm.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Alain\Mes documents\Unzipped\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.news.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119644501453 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Local Security Authority Server (LSA Server) - Logitech, Inc. - (no file) O23 - Service: Local Security Authority Subsystem Service (lsass) - Logitech, Inc. - (no file) O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe --------- Je file me coucher et digérer lma soirée ....hips... à demain ... bonsoir le Québec !
  8. Alinus
    Bon... retour at home... je n'ai pas tourné au beaujolpif' , alors ça va encore.... Je t'ai supprimé des milliards de lignes "shield ....ad-a-aware etc" et j'ai conservé tout ce qui était différent de cette mention ******** 19:18: | Start of Session, vendredi 18 novembre 2005 | 19:18: Spy Sweeper started 19:18: Sweep initiated using definitions version 574 19:18: Starting Memory Sweep 19:19: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 19:19: Found Adware: virtumonde 19:19: Detected running threat: C:\WINDOWS\system32\geebx.dll (ID = 77) 19:19: Found Adware: icannnews 19:19: Detected running threat: C:\WINDOWS\system32\j42qlef51h2.dll (ID = 83) 19:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 19:21: Detected running threat: C:\WINDOWS\system32\wanhttp.dll (ID = 83) 19:25: Memory Sweep Complete, Elapsed Time: 00:06:24 19:25: Starting Registry Sweep 19:25: Found Trojan Horse: trojan-backdoor-soundcheck 19:25: HKLM\system\currentcontrolset\control\lsa\ || compaq service drivers (ID = 144196) 19:25: HKLM\software\microsoft\ole\ || compaq service drivers (ID = 144197) 19:25: HKCR\msevents.msevents\ (5 subtraces) (ID = 749130) 19:25: HKCR\msevents.msevents.1\ (3 subtraces) (ID = 749136) 19:25: HKLM\software\classes\msevents.msevents\ (5 subtraces) (ID = 749153) 19:25: HKLM\software\classes\msevents.msevents.1\ (3 subtraces) (ID = 749157) 19:25: Found Adware: dollarrevenue 19:25: HKLM\software\microsoft\drsmartload\ (1 subtraces) (ID = 916795) 19:25: HKU\S-1-5-21-725345543-179605362-1801674531-1004\software\microsoft\ole\ || compaq service drivers (ID = 144193) 19:25: Found Adware: effective-i toolbar 19:25: HKU\S-1-5-18\software\effective-i\ (6 subtraces) (ID = 125657) 19:25: HKU\S-1-5-18\software\microsoft\ole\ || compaq service drivers (ID = 144193) 19:25: HKU\S-1-5-18\software\microsoft\windows\currentversion\runservices\ || compaq service drivers (ID = 144194) 19:25: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || compaq service drivers (ID = 144195) 19:25: Registry Sweep Complete, Elapsed Time:00:00:20 19:25: Starting Cookie Sweep 19:25: Found Spy Cookie: 2o7.net cookie 19:25: alain@2o7[1].txt (ID = 1957) 19:25: Found Spy Cookie: yieldmanager cookie 19:25: [email protected][1].txt (ID = 3751) 19:25: Found Spy Cookie: falkag cookie 19:25: [email protected][1].txt (ID = 2650) 19:25: Found Spy Cookie: belnk cookie 19:25: alain@belnk[1].txt (ID = 2292) 19:25: Found Spy Cookie: bluestreak cookie 19:25: alain@bluestreak[2].txt (ID = 2314) 19:25: [email protected][2].txt (ID = 2293) 19:25: Found Spy Cookie: realmedia cookie 19:25: alain@realmedia[1].txt (ID = 3235) 19:25: Found Spy Cookie: serving-sys cookie 19:25: alain@serving-sys[1].txt (ID = 3343) 19:25: Found Spy Cookie: weborama cookie 19:25: alain@weborama[1].txt (ID = 3658) 19:25: Found Spy Cookie: xiti cookie 19:25: alain@xiti[1].txt (ID = 3717) 19:25: Cookie Sweep Complete, Elapsed Time: 00:00:00 19:25: Starting File Sweep 19:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 19:35: Warning: Failed to open file "c:\windows\pchealth\errorrep\userdumps\lsass.exe.20051111-064636-00.mdmp". Accès refusé 19:36: Warning: Failed to open file "c:\windows\pchealth\errorrep\userdumps\lsass.exe.20051111-155539-00.mdmp". Accès refusé 19:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 19:37: Warning: Failed to open file "c:\windows\pchealth\errorrep\userdumps\lsass.exe.20051111-095602-00.mdmp". Accès refusé 19:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 19:41: Found Adware: adtech2005 19:41: adtech2005.exe (ID = 194580) 19:41: timessquare.exe (ID = 194150) 19:41: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 21:03: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 21:04: Warning: Unhandled Archive Type 21:04: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 21:04: Warning: Unhandled Archive Type 21:18: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 21:18: Warning: Invalid Stream 21:18: Warning: Invalid Stream 21:18: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 21:19: File Sweep Complete, Elapsed Time: 01:54:26 21:20: Full Sweep has completed. Elapsed time 02:01:19 21:20: Traces Found: 50 21:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 23:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 23:56: Removal process initiated 23:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 23:59: Quarantining All Traces: icannnews 23:59: icannnews is in use. It will be removed on reboot. 23:59: C:\WINDOWS\system32\j42qlef51h2.dll is in use. It will be removed on reboot. 23:59: C:\WINDOWS\system32\wanhttp.dll is in use. It will be removed on reboot. 23:59: Quarantining All Traces: virtumonde 23:59: virtumonde is in use. It will be removed on reboot. 23:59: C:\WINDOWS\system32\geebx.dll is in use. It will be removed on reboot. 23:59: Quarantining All Traces: trojan-backdoor-soundcheck 23:59: Quarantining All Traces: adtech2005 23:59: Quarantining All Traces: dollarrevenue 23:59: Quarantining All Traces: effective-i toolbar 23:59: Quarantining All Traces: 2o7.net cookie 23:59: Quarantining All Traces: belnk cookie 23:59: Quarantining All Traces: bluestreak cookie 23:59: Quarantining All Traces: falkag cookie 23:59: Quarantining All Traces: realmedia cookie 23:59: Quarantining All Traces: serving-sys cookie 23:59: Quarantining All Traces: weborama cookie 23:59: Quarantining All Traces: xiti cookie 23:59: Quarantining All Traces: yieldmanager cookie 23:59: Preparing to restart your computer. Please wait... 23:59: Removal process completed. Elapsed time 00:02:58 ******** 19:15: | Start of Session, vendredi 18 novembre 2005 | 19:15: Spy Sweeper started 19:16: Your spyware definitions have been updated. 19:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 19:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 19:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 19:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 19:18: | End of Session, vendredi 18 novembre 2005 | ---------------------------- Log HJT Logfile of HijackThis v1.99.1 Scan saved at 00:32:20, on 19/11/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\Program Files\The Cleaner\tca.exe C:\Program Files\The Cleaner\tcm.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Alain\Mes documents\Unzipped\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.news.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\System32\geebx.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119644501453 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: geebx - C:\WINDOWS\System32\geebx.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Local Security Authority Server (LSA Server) - Logitech, Inc. - (no file) O23 - Service: Local Security Authority Subsystem Service (lsass) - Logitech, Inc. - (no file) O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe ---------------------------------------------------- J'ai plein d'espoir à voir ces logs, non ???
  9. Alinus
    Le scan de Spy Sweeper et en cours (très long , j'ai 60 go de donnéees), il m'a déjà trouvé virtumonde, icannews, trojan-backdoor-soundcheck, dollarrevenue, effezctive itool bar et plein de spy cookies... J'ai donc de l'espoir par contre, cher Qc001, je dois partir à un dîner avec des amis... je laisse tourner la bécane et je poste les logs souhaités vers 12h30 dernier carat... A+ et bonne soirée et déjà , merci de ta super-efficacité !!
  10. Alinus
    Merci de ton accueil chaleureux... Même dans 11 minutes, si tu veux...
  11. Alinus
    D'abord, un grand bonjour à tous... Depuis une huitaine, j'erre sur divers forums spécialisés ... je ne vais pas en faire la pub mais je n'ai pas trop de réponse sur mon problème. Sur pas mal d'aspects, il ressemble à bcp d'autres, mais ce que j'ai fait déjà n'a pas marché... Symptômes, je les ai tous : IE ouvert, redirections vers des pages type www.searc'h, oas.central, paypopup... pour les plus récurrentes... Ouverture de très jolis pop-ups dessins aux contours très design... Winfixer qui veut s'installer en permanence.... Ralentissement du proc" J'ai déjà fait pas mal de kill sous processxp, de fix HJT, de destruction de la geebx sous killpocket, de l2mfix.bat, de vundo Fix, de scan en ligne, de spybot, d'adaware, mais , pour l'instant, l'ordre n'a pas du être bon, puisuq eça persiste/... Je n'arrive pas à me décrocher la geebx.dll et elle est suivie dans le Winlogon par une autre dll foireuse au nom aléatoire à chaque boot.... J'ai parcouru ce forum et j'ai l'impression que ça peut marcher ici (vil fayot que je suis ; . Merci à tous d'essayer de m'aider ... Voici mon log HJT actuel : Logfile of HijackThis v1.99.1 Scan saved at 18:37:09, on 18/11/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Alain\Mes documents\Unzipped\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.news.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\System32\geebx.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119644501453 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\j42qlef51h2.dll O20 - Winlogon Notify: geebx - C:\WINDOWS\System32\geebx.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Local Security Authority Server (LSA Server) - Logitech, Inc. - (no file) O23 - Service: Local Security Authority Subsystem Service (lsass) - Logitech, Inc. - (no file) O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe MERCI !
×
×
  • Créer...