Aller au contenu

lobo

Membres
  • Compteur de contenus

    11
  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    francais

lobo's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Voila , j ai executer toutes tes indications, je pense que ca doit être bon, en tout cas plus de fenetre intemperstive , j envoie quand meme un rapport HJT des fois que j'aurai oublié qque chose En attendant un grand merci à toi et Qc001 Et vive ce site que je ne connaissais pas et que je vais maintenant recommander à tout mes amis @+ Logfile of HijackThis v1.99.1 Scan saved at 15:47:42, on 03/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Acer\eManager\anbmServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\Program Files\Internet Explorer\iexplore.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/Default.asp?MSPSA=1 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - https://ssl.tele2.com/inc/accounthelper.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4DCC41CB-62C6-4D77-9FF2-CED4B056CC2A}: NameServer = 212.151.136.242,212.151.136.246 O17 - HKLM\System\CCS\Services\Tcpip\..\{75C6B068-0B75-4ACA-9435-4471FF580011}: NameServer = 212.151.136.241,212.151.136.246 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
  2. Salut Qc OO1, j ai enfin reussi a effectuer la mise a jour d'ewido. J'ai scanné avec ewido et HJT et voici les rapports Pour l instant tout a l air de fonctionner, j attends ton avis A ++ Logfile of HijackThis v1.99.1 Scan saved at 21:40:01, on 02/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Acer\eManager\anbmServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/Default.asp?MSPSA=1 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - https://ssl.tele2.com/inc/accounthelper.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4DCC41CB-62C6-4D77-9FF2-CED4B056CC2A}: NameServer = 212.151.136.242,212.151.136.246 O17 - HKLM\System\CCS\Services\Tcpip\..\{75C6B068-0B75-4ACA-9435-4471FF580011}: NameServer = 212.151.136.241,212.151.136.246 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 21:35:38, 02/02/2006 + Somme de contrôle: 321F1422 + Résultats du scan: C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Nettoyer et sauvegarder C:\WINDOWS\system32\msplock32.dll -> Adware.NaviPromo : Nettoyer et sauvegarder C:\Documents and Settings\MICH\Cookies\mich@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder C:\Documents and Settings\MICH\Cookies\mich@estat[1].txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder C:\Documents and Settings\MICH\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder C:\Documents and Settings\MICH\Cookies\mich@weborama[2].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder C:\Documents and Settings\MICH\Cookies\mich@com[2].txt -> Spyware.Cookie.Com : Nettoyer et sauvegarder C:\Documents and Settings\MICH\Cookies\mich@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder C:\Documents and Settings\MICH\Cookies\mich@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder C:\Documents and Settings\MICH\Cookies\[email protected][2].txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder C:\Documents and Settings\MICH\Cookies\[email protected][2].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder C:\Documents and Settings\MICH\Cookies\[email protected][1].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP102\A0024613.dll -> Adware.NaviPromo : Nettoyer et sauvegarder C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP103\A0030560.dll -> Adware.NaviPromo : Nettoyer et sauvegarder C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP103\A0024658.dll -> Adware.NaviPromo : Nettoyer et sauvegarder C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP103\A0024677.dll -> Adware.NaviPromo : Nettoyer et sauvegarder C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP103\A0024696.dll -> Adware.NaviPromo : Nettoyer et sauvegarder C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP103\A0024720.dll -> Adware.NaviPromo : Nettoyer et sauvegarder C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP103\A0024738.dll -> Adware.NaviPromo : Nettoyer et sauvegarder C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP103\A0024751.dll -> Adware.NaviPromo : Nettoyer et sauvegarder C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP103\A0029886.dll -> Adware.NaviPromo : Nettoyer et sauvegarder ::Fin du rapport
  3. Salut, j ai fait tout ce que tu m as dit mais ewido me refuse obstinément l'accès a l'update j essaierai plus tard pour voir si sa s'arrange G essaye de desactiver avast sans resultat pourtant la connexion internet fonctionne
  4. Bonjour, g effectué les manip demandé par QC001 et lui ai envoyé le rapport. après ca, par hasard, g effectué un scan avec spyboot qui m a detecté 5 intrus, g activé le bouton corriger les problemes et comme par miracle après une deuxième analyse tout les intrus avaient disparu. Serait ce la fin de mes soucis ? faut il que j envoie un nouveau rapport HJT apres avoir utilisé spyboot ?
  5. Bonjour à mes secouristes, g eu quelques difficultés a redémarrer mon portable aujourd'hui, il plantais au démarrage, g alors demarré en mode sans échec et g désinstallé l antivirus asvast et g redemarrer en mode normale, c'est reparti norm g ete coupé ? ....donc normalement G effectué les manoeuvres indiquées et je vous transmet donc le rapport HJT version english Je réinstallerai un antivirus après ce fichu chantier : un conseil pour un freeware en français et performant ? Merci davance Logfile of HijackThis v1.99.1 Scan saved at 14:38:44, on 31/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Acer\eManager\anbmServ.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\hijackthis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/Default.asp?MSPSA=1 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/...svc32_FR_XP.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - https://ssl.tele2.com/inc/accounthelper.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4DCC41CB-62C6-4D77-9FF2-CED4B056CC2A}: NameServer = 212.151.136.242,212.151.136.246 O17 - HKLM\System\CCS\Services\Tcpip\..\{75C6B068-0B75-4ACA-9435-4471FF580011}: NameServer = 212.151.136.241,212.151.136.246 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
  6. J allais oublier le rapport de kaspersky, 2 signaux d'alerte virus pendant le scan ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Tuesday, January 31, 2006 02:24:44 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 31/01/2006 Kaspersky Anti-Virus database records: 163394 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 43962 Number of viruses found: 3 Number of infected objects: 25 Number of suspicious objects: 0 Duration of the scan process: 1437 sec Infected Object Name - Virus Name C:\Documents and Settings\MICH\.housecall\Quarantine\A0013365.dll.bac_a03760 Infected: Email-Worm.Win32.Bagle.ef C:\Documents and Settings\MICH\.housecall\Quarantine\A0013373.exe.bac_a03760 Infected: Email-Worm.Win32.Bagle.ef C:\Documents and Settings\MICH\.housecall\Quarantine\A0013384.dll.bac_a03760 Infected: Email-Worm.Win32.Bagle.ef C:\Documents and Settings\MICH\.housecall\Quarantine\A0013385.dll.bac_a03760 Infected: Email-Worm.Win32.Bagle.ef C:\Documents and Settings\MICH\.housecall\Quarantine\A0013404.dll.bac_a03760 Infected: Email-Worm.Win32.Bagle.ef C:\Documents and Settings\MICH\.housecall\Quarantine\A0013405.dll.bac_a03760 Infected: Email-Worm.Win32.Bagle.ef C:\Documents and Settings\MICH\.housecall\Quarantine\A0013430.dll.bac_a03760 Infected: Email-Worm.Win32.Bagle.ef C:\Documents and Settings\MICH\.housecall\Quarantine\A0013431.dll.bac_a03760 Infected: Email-Worm.Win32.Bagle.ef C:\Documents and Settings\MICH\.housecall\Quarantine\A0013440.exe.bac_a03760 Infected: Email-Worm.Win32.Bagle.ef C:\Documents and Settings\MICH\.housecall\Quarantine\A0015490.dll.bac_a03760 Infected: Email-Worm.Win32.Bagle.ef C:\Documents and Settings\MICH\.housecall\Quarantine\A0013406.dll.bac_a03760 Infected: Email-Worm.Win32.Bagle.eh C:\Documents and Settings\MICH\.housecall\Quarantine\A0013407.dll.bac_a03760 Infected: Email-Worm.Win32.Bagle.eh C:\Documents and Settings\MICH\.housecall\Quarantine\A0013432.dll.bac_a03760 Infected: Email-Worm.Win32.Bagle.eh C:\Documents and Settings\MICH\.housecall\Quarantine\A0013441.exe.bac_a03760 Infected: Email-Worm.Win32.Bagle.eh C:\Documents and Settings\MICH\.housecall\Quarantine\A0015491.dll.bac_a03760 Infected: Email-Worm.Win32.Bagle.eh C:\Documents and Settings\MICH\.housecall\Quarantine\A0015492.exe.bac_a03760 Infected: Email-Worm.Win32.Bagle.eh C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\08833E49.exe Infected: Email-Worm.Win32.Bagle.ef C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\33EA5B9A.exe Infected: Email-Worm.Win32.Bagle.eh C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4C266DB8.dll Infected: Email-Worm.Win32.Bagle.ef C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4C7E5B57.dll Infected: Email-Worm.Win32.Bagle.eh C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4EDA32BE.exe Infected: Email-Worm.Win32.Bagle.eh C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02B967C1.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02B967C1.tmp Infected: Email-Worm.Win32.Sober.y C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\032E4F3F.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\032E4F3F.tmp Infected: Email-Worm.Win32.Sober.y Scan process completed.
  7. Bonjour, g du partir precipitement tout à l'heure dsl, pas vu le temps passer, G telecharge la VO de HJT avec la version francaise je n arrivais pas a ouvrir le fichier both.log, enfin le voici quand même Logfile of HijackThis v1.99.1 Scan saved at 01:26:14, on 31/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Acer\eManager\anbmServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\Program Files\scrabbleproB\scrabblepro.exe C:\Program Files\MSN Messenger\MSNMSGR.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe C:\hijackthis\HijackThis.exe C:\WINDOWS\system32\ping.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/Default.asp?MSPSA=1 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/...svc32_FR_XP.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - https://ssl.tele2.com/inc/accounthelper.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4DCC41CB-62C6-4D77-9FF2-CED4B056CC2A}: NameServer = 212.151.136.242,212.151.136.246 O17 - HKLM\System\CCS\Services\Tcpip\..\{75C6B068-0B75-4ACA-9435-4471FF580011}: NameServer = 212.151.136.241,212.151.136.246 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe doesn't exist HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iexplore.exe ----------------------- ----------------------- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" "SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent" "SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe" "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\"" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE" "LaunchApp"="Alaunch" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "eRecoveryService"="C:\\Windows\\System32\\Check.exe" "AGRSMMSG"="AGRSMMSG.exe" @="" "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Fichiers hors connexion] @="{750fdf0e-2a26-11d1-a3ea-080036587f03}" [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With] @="{09799AFB-AD67-11d1-ABCD-00C04FC30936}" [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu] @="{A470F8CF-A1E8-4f65-8335-227475AA5C46}" [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd] @="{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}] @="Épingle du menu Démarrer" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" Scheduled Tasks Folder Contents * C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\SA.DAT
  8. dsl mais un message d alerte me dis que windows ne trouve pas le fichier hijackthis.exe
  9. merci pour ton aide, voici ce que tu m as demandé Logfile of HijackThis v1.99.1 Scan saved at 17:31:42, on 30/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Acer\eManager\anbmServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/Default.asp?MSPSA=1 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/...svc32_FR_XP.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - https://ssl.tele2.com/inc/accounthelper.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4DCC41CB-62C6-4D77-9FF2-CED4B056CC2A}: NameServer = 212.151.136.242,212.151.136.246 O17 - HKLM\System\CCS\Services\Tcpip\..\{75C6B068-0B75-4ACA-9435-4471FF580011}: NameServer = 212.151.136.241,212.151.136.246 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichier Incident Statut Analyse Adware:adware/navipromo No Désinfecté C:\WINDOWS\system32\ehlxtvrys_navps.dat Adware:Adware/NaviPromo No Désinfecté C:\WINDOWS\system32\msclock32.dll Adware:Adware/NaviPromo No Désinfecté C:\WINDOWS\system32\msplock32.dll Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\MICH\Cookies\mich@doubleclick[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\MICH\Cookies\mich@xiti[1].txt Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\MICH\Cookies\mich@mediaplex[1].txt Spyware:Cookie/Zedo No Désinfecté C:\Documents and Settings\MICH\Cookies\mich@zedo[1].txt Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\MICH\Cookies\mich@weborama[1].txt Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\MICH\Cookies\mich@com[2].txt Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\MICH\Cookies\mich@serving-sys[2].txt Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\MICH\Cookies\mich@atdmt[2].txt Spyware:Cookie/Reliablestats No Désinfecté C:\Documents and Settings\MICH\Cookies\[email protected][1].txt Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\MICH\Cookies\mich@bluestreak[1].txt s communs\Symantec Shared\SNDSrvc.exe Bonne chance a toi
  10. spyboot me découvre un Magiccontrol.agent et n'arrive pas a me le supprimer. des fenetres publicitaires s'ouvre intempestivement lorsque je suis sur internet explorer et je recois des courriers indésirables dans ma boite e-mail. Pouvez vous m'aider je suis paumé. Mon rapport Hijackthis Merci d"avance Logfile of HijackThis v1.99.1 Scan saved at 16:24:05, on 30/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Acer\eManager\anbmServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01? FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/Default.asp? MSPSA=1 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3 \Office10\EXCEL.EXE/3000 O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/...svc32_FR_XP.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - https://ssl.tele2.com/inc/accounthelper.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4DCC41CB-62C6-4D77-9FF2-CED4B056CC2A}: NameServer = 212.151.136.242,212.151.136.246 O17 - HKLM\System\CCS\Services\Tcpip\..\{75C6B068-0B75-4ACA-9435-4471FF580011}: NameServer = 212.151.136.241,212.151.136.246 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1 \msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
  11. ]Bonjour à tous, depuis quelques jours un intrus c est incrusté sur mon portable, impossible de le virer avec spyboot (magiccontrol.agent). De plus, des fenêtres de pub intempestives s ouvre lorsque je suis sur le web. et je recois du courrier indesirable dans ma boite e-mail. Quelqu'un pourrait il aider une truffe en informatique comme moi. D'avance, mersi à l'âme charitable[/size][/size]
×
×
  • Créer...