delphine05

et voici le dernier rapport hijackthis en mode normal : Logfile of HijackThis v1.99.1 Scan saved at 23:02:37, on 02/12/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Intel\Intel® Active Monitor\imontray.exe C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE C:\WINDOWS\System32\carpserv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\PROGRA~1\INTERN~2\KBOSDCtl.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\INTERN~2\KCodeMsg.EXE C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe c:\program files\Adobe\Acrobat Reader 5\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Delphine\My Documents\DELPHINE\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.fastnetonline.com:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{25CD001B-45BD-44F3-9683-9B606019D49F}: NameServer = 190.102.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{5F443BDA-896E-4564-98C0-FCD928390CAB}: NameServer = 82.198.15.242 82.198.15.242 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Je suis abasourdie !! Comment es possible que j'ai autant de fichiers infectes ??? Es ce que cela veut dire que des que je vais sur un site meme style yves rocher.... je me fais coler un spyware ??? Voici le rapport : --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 22:18:47, 02/12/2005 + Report-Checksum: 3A61D824 + Scan result: HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Spyware.InternetOptimizer : Cleaned with backup HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup HKU\S-1-5-21-1202660629-963894560-839522115-1003\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup HKU\S-1-5-21-1202660629-963894560-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup HKU\S-1-5-21-1202660629-963894560-839522115-1003\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup C:\WINDOWS\system32\rlls.dll -> Spyware.RK : Cleaned with backup C:\WINDOWS\system32\rlvknlg.exe -> Spyware.RK : Cleaned with backup C:\WINDOWS\system32\rk.bin -> Spyware.RK : Cleaned with backup C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@estat[1].txt -> Spyware.Cookie.Estat : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@preview.itrack[1].txt -> Spyware.Cookie.Itrack : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@www.smartadserver[5].txt -> Spyware.Cookie.Smartadserver : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ehg-kodak.hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@overture[5].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@overture[3].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@imgserv.adbutler[1].txt -> Spyware.Cookie.Adbutler : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@www.smartadserver[4].txt -> Spyware.Cookie.Smartadserver : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ads.pointroll[4].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ehg-yvesrocher.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoaldpclqasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@iv2.bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@www.smartadserver[2].txt -> Spyware.Cookie.Smartadserver : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ehg-kodak.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ehg-yvesrocher.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ehg-kinepolis.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ehg-nestlebebe.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ehg-vivacances.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ehg-nestlefr.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ilead.itrack[1].txt -> Spyware.Cookie.Itrack : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@www.smartadserver[3].txt -> Spyware.Cookie.Smartadserver : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ehg-warnerbrothers.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ehg-nestlefr.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@estat[3].txt -> Spyware.Cookie.Estat : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@112.2o7[3].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@sel.as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ehg-franceloisirs.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@redcats.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ehg-danieljouvance.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ehg-nestlefr.hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@overture[4].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@data4.perf.overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@sel.as-us.falkag[3].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ads.pointroll[5].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@robeez.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@112.2o7[4].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Delphine\Cookies\delphine@ehg-yvesrocher.hitbox[4].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\System Volume Information\_restore{B78FE052-4EBB-4F49-9A1C-7B536AC56FE1}\RP361\A0080647.exe -> Adware.NewDotNet : Cleaned with backup C:\System Volume Information\_restore{B78FE052-4EBB-4F49-9A1C-7B536AC56FE1}\RP361\A0080717.dll -> Spyware.NewDotNet : Cleaned with backup C:\System Volume Information\_restore{B78FE052-4EBB-4F49-9A1C-7B536AC56FE1}\RP339\A0076816.exe -> Adware.NewDotNet : Cleaned with backup ::Report End

Voila donc le dernier rapport Logfile of HijackThis v1.99.1 Scan saved at 20:38:11, on 02/12/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Intel\Intel® Active Monitor\imontray.exe C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE C:\WINDOWS\System32\carpserv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\INTERN~2\KBOSDCtl.EXE C:\PROGRA~1\INTERN~2\KCodeMsg.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe C:\WINDOWS\System32\ctfmon.exe C:\Documents and Settings\Delphine\My Documents\DELPHINE\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.fastnetonline.com:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{25CD001B-45BD-44F3-9683-9B606019D49F}: NameServer = 190.102.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{5F443BDA-896E-4564-98C0-FCD928390CAB}: NameServer = 82.198.15.242 82.198.15.242 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Par contre j'ai perdu Yahoo messenger..... es ce normal et puis je re telecharger en version avec voice ??? Au fait, je n'ai pas pu faire fonctionner le easycleaner !!! Et

OK Merci Par contre, je n'arrive pas a ouvrir le programme du easycleaner.... je l;ai sauvegarder dans program files et quand je double clic dessus rien ne se passe ???? j;ai essaye de re telecharger ... mais c'est toujours la mme chose

J;ai effectivement une connection par cable (libanaise) Pour le p2p j;ai bien compris et voudrais savoir si la radio sur internet est OK (safe) ? Vu qu'il n'y a que Nostalgie ou radios en arabe au liban......

Cher Megataupe, Je veux bien t'indiquer tout ce que tu veux mais je ne sais absolument pas ou trouver le FAI ni l'IP... Pour info je voudrais savoir si je peux telechrger E-mule car j;aime bien ecouter quelques morceaux de musiques avant d'acheter l'album.... Au liban nous n'avons pas les systemes avec casques pour ecouter les albums chez le marchand avant d'acheter... Merci encore de ton aide pendant ce temps je telecharge le programme easycleaner....

Voici de nouveau le message de norton : C'est grave docteur ? Scan type: Auto-Protect Scan Event: Threat Found! Threat: W32.Explet.A@mm File: C:\WINDOWS\system32\supu.exe Location: C:\WINDOWS\system32 Computer: PENTIUM4 User: SYSTEM Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied Date found: Friday, December 02, 2005 4:53:43 PM

Oula je ne voudrai surtout pas etre sujet de discorde !!!! SVP Bon enfin je pense que j'ai reussi a m'en sortir et voila le rapport : Logfile of HijackThis v1.99.1 Scan saved at 16:24:18, on 02/12/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ctfmon.exe C:\Documents and Settings\Delphine\My Documents\DELPHINE\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_98.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa K++\kpp.exe" "C:\Program Files\Kazaa K++\Kazaa.kpp" /SYSTRAY O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LeechGet] "C:\Program Files\LeechGet 2002\LeechGet.exe" -intray O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Analyser avec LeechGet - file://C:\Program Files\LeechGet 2002\\Parser.html O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Télécharger en utilisant l'assistant LeechGet - file://C:\Program Files\LeechGet 2002\\Wizard.html O8 - Extra context menu item: Télécharger en utilisant LeechGet - file://C:\Program Files\LeechGet 2002\\AddUrl.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing) O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing) O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc.../bridge-c10.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{25CD001B-45BD-44F3-9683-9B606019D49F}: NameServer = 190.102.1.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Si c'est pas ca !!!!! et bien cela veut dire que je me suis plantee...... mais bon je suis vieille et blonde alors je suis pardonnee non ?!

Aie Aie Aie, je me sens bien vieille avec tout ca.... Alors je viens demander de l'aide. J;ai depuis quelques temps mon PC qui rame sec. le probleme est que j;ai beau lire vos sujets je ne comprends pas grand chose a votre language Une fenettre de Norton me disant assez regulierment que je suis infectee par W32.explet.A@mm et W32.spybot et que norton les a bien annules. Alors j;ai fais un scan avec a2 qui m'a trouve 18 malwares. je les ai donc annule et cela continue quand meme. Autre chose, j;ai enormement de pop-up depuis quelques temps Pourriez m'expliquer comme a un enfant de 4 ans la marche a suivre svp MERCI BEAUCOUP D"AVANCE Je ne sais pas si cela a de l'importance mais je vis au Liban et donc est une connection internet par cable...