requin

Voici le rapport du scan en ligne de Panda, qui bizarrement n'a pas pris bcp de temps: Incident Statut Analyse Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Mehdi Kadmiri\Cookies\mehdi kadmiri@247realmedia[2].txt Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Mehdi Kadmiri\Cookies\mehdi kadmiri@atdmt[2].txt Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Mehdi Kadmiri\Cookies\mehdi kadmiri@mediaplex[1].txt Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Mehdi Kadmiri\Cookies\mehdi kadmiri@realmedia[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Mehdi Kadmiri\Cookies\mehdi kadmiri@xiti[1].txt Merci Requin

Salut et merci beaucoup por ton aide, J'ai suivi la procédure a la lettre mais je n'ai pas trouvé les fichiers suivants ds mon C: stvxcpgyizv.exe ati2vid.exe Après avoir redémarrer il me semble que l'ordi est plus lent et en plus Kaspersky m'a donné un avertissement comme koi une attaque venant de internet venait d'etre bloquée, apres ca ewido a buggé et du s'eteindre (peut en conflit avce kaspersky??!!!)). Anyway, je pense que mon ordi est encore infecté, voici les rapports que tu m'a demandé, entre temps je vais aller faire unscan online de panda: Voici le nouveau rapport HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 14:54:40, on 06/07/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\ati2evxx.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\Atiptaxx.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Documents and Settings\Mehdi Kadmiri\Bureau\bin\iPodService.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Documents and Settings\Mehdi Kadmiri\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sympatico.ca R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Service Internet Sympatico R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ATIPTA] Atiptaxx.exe O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Documents and Settings\Mehdi Kadmiri\Bureau\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [WindowsReg% update] stvxcpgyizv.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ATI VIDEO REGKEY] ati2vid.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128193355934 O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/upl...ileUploader.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Documents and Settings\Mehdi Kadmiri\Bureau\bin\iPodService.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Documents and Settings\Mehdi Kadmiri\Bureau\Kaspersky Anti-Virus Personal\kavsvc.exe Et le rapport Ewido: --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 14:26:26 06/07/2006 + Scan result: C:\Program Files\Altnet -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\bzip2.xmd.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.ivd.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.rvd.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.xmd.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cran.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cran.cvd.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.ivd.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\gzip.xmd.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\java.cvd.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx_97.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx_97.ivd.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx_x95.cvd.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mime.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mime.xmd.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\na.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\na.cvd.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\nelf.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\nelf.cvd.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\rup.cvd.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\rup.xmd.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\sdx.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\sdx.ivd.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\tar.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\tar.xmd.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\unpack.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\unpack.ivd.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\update.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\update.txt.cab -> Adware.Altnet : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014381.CAB/CMEIIAPI.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014381.CAB/CMESys.exe -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014381.CAB/GAppMgr.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014381.CAB/GController.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014381.CAB/GDwldEng.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014381.CAB/GIocl.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014381.CAB/GIoclClient.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014381.CAB/GMTProxy.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014381.CAB/GObjs.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014381.CAB/GStore.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014381.CAB/GStoreServer.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014381.CAB/Gtools.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014801.CAB/CMEIIAPI.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014801.CAB/CMESys.exe -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014801.CAB/GAppMgr.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014801.CAB/GController.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014801.CAB/GDwldEng.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014801.CAB/GIocl.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014801.CAB/GIoclClient.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014801.CAB/GMTProxy.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014801.CAB/GObjs.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014801.CAB/GStore.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014801.CAB/GStoreServer.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00014801.CAB/Gtools.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00015250.CAB/CMEIIAPI.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00015250.CAB/CMESys.exe -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00015250.CAB/GAppMgr.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00015250.CAB/GController.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00015250.CAB/GDwldEng.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00015250.CAB/GIocl.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00015250.CAB/GIoclClient.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00015250.CAB/GMTProxy.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00015250.CAB/GObjs.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00015250.CAB/GStore.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00015250.CAB/GStoreServer.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00015250.CAB/Gtools.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00017743.CAB/CMEIIAPI.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00017743.CAB/CMESys.exe -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00017743.CAB/GAppMgr.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00017743.CAB/GController.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00017743.CAB/GDwldEng.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00017743.CAB/GIocl.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00017743.CAB/GIoclClient.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00017743.CAB/GMTProxy.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00017743.CAB/GObjs.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00017743.CAB/GStore.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00017743.CAB/GStoreServer.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\RECYCLER\NPROTECT\00017743.CAB/Gtools.dll -> Adware.Gator : Cleaned with backup (quarantined). C:\Documents and Settings\Mehdi Kadmiri\Bureau\backups\backup-20060706-125826-519.dll -> Adware.SpywareStorm : Cleaned with backup (quarantined). C:\Program Files\Fichiers communs\Synacast\SynaLive\EvID4226Patch.exe -> Backdoor.Virkel.A : Cleaned with backup (quarantined). C:\RECYCLER\S-1-5-21-343818398-706699826-1060284298-1003\Dc761.txt -> TrackingCookie.Bluestreak : Cleaned. C:\RECYCLER\S-1-5-21-343818398-706699826-1060284298-1003\Dc805.txt -> TrackingCookie.Doubleclick : Cleaned. C:\RECYCLER\S-1-5-21-343818398-706699826-1060284298-1003\Dc766.txt -> TrackingCookie.Gator : Cleaned. C:\RECYCLER\S-1-5-21-343818398-706699826-1060284298-1003\Dc809.txt -> TrackingCookie.Mediaplex : Cleaned. C:\RECYCLER\S-1-5-21-343818398-706699826-1060284298-1003\Dc549.txt -> TrackingCookie.Serving-sys : Cleaned. ::Report end MERCI BEAUCOUP POUR TON AIDE!!!! Requin

Bonjour, J'ai un ordinateur portable qui est tres lent, je sais c un pentium 3 mais bon j'ai suivi la procedure de nettoyage et g fait un scan avec antivir en mode sans echec et ca a trouve une bonne dizaine de worms etc.. G redemarré en mode normal et g fais le rapport hijackthis, le voici: Logfile of HijackThis v1.99.1 Scan saved at 13:30:35, on 05/07/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\CMEII\CMESys.exe C:\WINDOWS\System32\Atiptaxx.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\WINDOWS\System32\ati2evxx.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\GMT\GMT.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Mehdi Kadmiri\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sympatico.ca R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Service Internet Sympatico R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [WindowsReg% update] stvxcpgyizv.exe O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Fichiers communs\CMEII\CMESys.exe" O4 - HKLM\..\Run: [ATIPTA] Atiptaxx.exe O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Documents and Settings\Mehdi Kadmiri\Bureau\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\RunServices: [WindowsReg% update] stvxcpgyizv.exe O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128193355934 O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/upl...ileUploader.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Documents and Settings\Mehdi Kadmiri\Bureau\bin\iPodService.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Documents and Settings\Mehdi Kadmiri\Bureau\Kaspersky Anti-Virus Personal\kavsvc.exe SVP si qq1 pouvait m'aider a l'analyser. Merci beaucoup d'avance. Requin