galahad

Bonjour Bruce, Non, apparamment tout baigne. Je ne remarque rien de suspect. Encore merci pour ton aide. A+

Bonjour, J'ai tout fait sans problème et c'est nickel maintenant. Merci champion , respect et admiration pour ta patience. Bon week end et encore merci

Oui "outlook express6"

Il n'y a rien après........... le message s'ouvre directement. Alors j'espère qu'il n'y avait vraiment rien dedans...... Mais je n'y comprends toujours rien. A+

Comme je ne me rappelai plus exactement les options exactes j'ai renvoyé un mail mais en faisant "éléments dejà envoyés", j'ai selectionné le meme mail dans outloock et j'ai utiliser "tranferé". Resultat le mail passe normalement avast. J'en ai donc refait un nouveauen passant par "créer un nouveau message" et le resultat ---->alerte avast et..... Les options sont : supprimer Continuer

Bonjour Bruce lee J'ai donc réinstaller avast refait le test et toujours le meme message "avast heuristique avertissement message suspect" A+

Bonjour, Merci beaucoup pour toutes ces informations. Je fais le necessaire pour avast + essai et je vous tiens au courant. Bonne journée A+

bien vu il n'a rien trouvé! avast a peut etre du me mettre sur "une liste noir" quand j'étais infecté. Reste les messages de norton Dois je autoriser l'acces de ces fichier a Internet A+ Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1 File to upload & scan: Service Service load: 0% 100% File: fichier_a_scanner.eml Status: OK MD5 61cca516a52d6b21ab4712ba144d491d Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VirusBuster Found nothing VBA32 Found nothing Powered by Disclaimer This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service. Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita. Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware. Virus definitions are updated every hour. There is a 15Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample. Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all. Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, James Love, Gideon Pertzov, Malcolm Murray, Nigel Thomas, Wendy Dickerson, Anthony Midmore, "ethereal", Mark Rubins, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, and some people who prefer to remain anonymous... many thanks to all! Statistics Last file scanned at least one scanner reported something about: Project1.exe, detected by: Scanner Malware name AntiVir Heuristic/Malware ArcaVir X Avast X AVG Antivirus X BitDefender BehavesLike:Win32.Keylogger ClamAV X Dr.Web DLOADER.Trojan F-Prot Antivirus X Fortinet X Kaspersky Anti-Virus X NOD32 X Norman Virus Control X UNA X VirusBuster X VBA32 Malware.Delf.49 You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives We are not affiliated with any third parties that conduct tests using this service. Frequently asked questions - Feedback - Privacy policy Page generated by JTPL Copyright © 2004-2005 Jordi Bosveld <jotti@jotti.org>

Bonjour, j'ai fait le test avec deux messages, un identique au precedent et un different : résultat avast alerte sur l'autre pc "message suspect" supprimé ou non. A noté que mon norton scan le courrier avant de l'envoyé. A part cela et les messages de norton continnuels de norton rien de spécial, le pc se comporte plutot mieux. A+

Bonjour, J'ai fait windows update. Pas de mise à jour disponible. Le pc est au niveau. Ce matin on a envoyé un courrier avec une piece jointe , de mon ordinateur sur l'ordinateur sur celui de ma femme. Lorsqu'elle l'a reçue ,via internet, avast à signaler que le fichier etait peut etre infecté. Donc il y aurait bien encore une cochonnerie dans mon pc. A+

J'ai toujours le message de norton me disant que "generic host process for win32 services "qui veut accéder au net ainsi que "composant du noyau de l'interface utilisateur windows" comme je ne maitrise pas cela, je dis non et ça roule apparamment sans problème. Mais bon je voudrai savoir si c'est normal! En tout cas , je suis vraiement super content de vous avoir reconter et je n'oublierai pas d'en parler autour de moi. C'est vraiement chouette ce que vous faite vis à vis de cet envahissement viral et trojin. Que la force reste avec vous. Merci et A++++++++

Bonjour Bruce lee, J'ai fais tout ce qui était noté sans probleme et voici le dernier rapport de kapersky KASPERSKY ON-LINE SCANNER REPORT Saturday, September 16, 2006 6:36:32 PM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 16/09/2006 Enregistrements dans la base antivirus Kaspersky : 210819 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail A:\ C:\ D:\ Statistiques de l'analyse Total d'objets analysés 53539 Nombre de virus trouvés 4 Nombre d'objets infectés 23 / 0 Nombre d'objets suspects 0 Durée de l'analyse 01:37:01 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\pat\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\pat\Local Settings\Application Data\Identities\{802D50B1-4AE6-48EA-93A4-44C608C73C9D}\Microsoft\Outlook Express\Boîte de réception.dbx L'objet est verrouillé ignoré C:\Documents and Settings\pat\Local Settings\Application Data\Identities\{802D50B1-4AE6-48EA-93A4-44C608C73C9D}\Microsoft\Outlook Express\Folders.dbx L'objet est verrouillé ignoré C:\Documents and Settings\pat\Local Settings\Application Data\Identities\{802D50B1-4AE6-48EA-93A4-44C608C73C9D}\Microsoft\Outlook Express\Offline.dbx L'objet est verrouillé ignoré C:\Documents and Settings\pat\Local Settings\Application Data\Identities\{802D50B1-4AE6-48EA-93A4-44C608C73C9D}\Microsoft\Outlook Express\Pop3uidl.dbx L'objet est verrouillé ignoré C:\Documents and Settings\pat\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\pat\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\pat\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\pat\Local Settings\Historique\History.IE5\MSHist012006091620060917\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\pat\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\pat\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\pat\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Norton AntiVirus\Quarantine\03135B33.exe Infecté : Trojan-Proxy.Win32.Horst.jf ignoré C:\Program Files\Norton AntiVirus\Quarantine\2D6D4E0F.exe Infecté : Trojan-Proxy.Win32.Horst.iz ignoré C:\Program Files\Norton AntiVirus\Quarantine\2D7A7601.exe Infecté : Trojan-Proxy.Win32.Horst.iz ignoré C:\Program Files\Norton AntiVirus\Quarantine\2D7D1FFD.exe Infecté : Trojan-Downloader.Win32.Horst.e ignoré C:\Program Files\Norton AntiVirus\Quarantine\2D8149FA.exe Infecté : Trojan-Proxy.Win32.Horst.iz ignoré C:\Program Files\Norton AntiVirus\Quarantine\2D8473F6.exe Infecté : Trojan-Proxy.Win32.Horst.iz ignoré C:\Program Files\Norton AntiVirus\Quarantine\2D871DF2.exe Infecté : Trojan-Downloader.Win32.Zlob.ajl ignoré C:\Program Files\Norton AntiVirus\Quarantine\2D8A47EF.exe Infecté : Trojan-Proxy.Win32.Horst.iz ignoré C:\Program Files\Norton AntiVirus\Quarantine\2D8E71EB.exe Infecté : Trojan-Downloader.Win32.Zlob.ajl ignoré C:\Program Files\Norton AntiVirus\Quarantine\2D911BE8.exe Infecté : Trojan-Proxy.Win32.Horst.iz ignoré C:\Program Files\Norton AntiVirus\Quarantine\2D9445E4.exe Infecté : Trojan-Proxy.Win32.Horst.iz ignoré C:\Program Files\Norton AntiVirus\Quarantine\2D976FE0.exe Infecté : Trojan-Proxy.Win32.Horst.iz ignoré C:\Program Files\Norton AntiVirus\Quarantine\2D9E43D9.exe Infecté : Trojan-Proxy.Win32.Horst.iz ignoré C:\Program Files\Norton AntiVirus\Quarantine\2DA16DD6.exe Infecté : Trojan-Proxy.Win32.Horst.iz ignoré C:\Program Files\Norton AntiVirus\Quarantine\2DA417D2.exe Infecté : Trojan-Downloader.Win32.Horst.e ignoré C:\Program Files\Norton AntiVirus\Quarantine\2DA841CF.exe Infecté : Trojan-Proxy.Win32.Horst.iz ignoré C:\Program Files\Norton AntiVirus\Quarantine\2DAB6BCB.exe Infecté : Trojan-Proxy.Win32.Horst.jf ignoré C:\Program Files\Norton AntiVirus\Quarantine\2F87154B.exe Infecté : Trojan-Proxy.Win32.Horst.iz ignoré C:\Program Files\Norton AntiVirus\Quarantine\3221373C.exe Infecté : Trojan-Proxy.Win32.Horst.iz ignoré C:\Program Files\Norton AntiVirus\Quarantine\54D26B38.exe Infecté : Trojan-Proxy.Win32.Horst.iz ignoré C:\Program Files\Norton AntiVirus\Quarantine\60622737.exe Infecté : Trojan-Downloader.Win32.Zlob.ajl ignoré C:\Program Files\Norton AntiVirus\Quarantine\6BF26335.exe Infecté : Trojan-Proxy.Win32.Horst.iz ignoré C:\Program Files\Norton AntiVirus\Quarantine\77831F34.exe Infecté : Trojan-Downloader.Win32.Horst.e ignoré C:\Program Files\Norton Internet Security\iamadblk.rel L'objet est verrouillé ignoré C:\Program Files\Norton Internet Security\iamalert.rel L'objet est verrouillé ignoré C:\Program Files\Norton Internet Security\iamfw.rel L'objet est verrouillé ignoré C:\Program Files\Norton Internet Security\iampriv.rel L'objet est verrouillé ignoré C:\Program Files\Norton Internet Security\iamrstct.rel L'objet est verrouillé ignoré C:\Program Files\Norton Internet Security\iamsys.rel L'objet est verrouillé ignoré C:\Program Files\Norton Internet Security\iamtcp.rel L'objet est verrouillé ignoré C:\Program Files\Norton Internet Security\iamtdi.rel L'objet est verrouillé ignoré C:\Program Files\Norton Internet Security\iamwebh.rel L'objet est verrouillé ignoré C:\Program Files\Norton Internet Security\nisum.dat L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{0E146069-ED9D-439E-9989-CCF268F6A6C3}\RP154\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré Analyse terminée.

Je dois ajouter aussi a ce rapport que lorsque je me connecte a internet norton m'averti que "generic host process for win 32 srevices veux accedé à internet. Voilà je pense avoir été complet et que vu l'ampleur de l'infection, je suis vraiment "KO". Norton n'a pas vu tout ces virus et fichiers infectés c'est vraiment décevant. En tout cas merci a vous pour votre aide sérieuse et compétante. A+++

salut j'ai eu pas mal de probleme . alors j'ai change d'antivirus. Il m'a nettoyé pas mal de trojanhorse et trojan lotseek av. je ne sais pas si tout est ok alors voilà le dernier test de hijackthis Logfile of HijackThis v1.99.1 Scan saved at 15:27:37, on 15/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\SymProxySvc.exe C:\Program Files\Norton Internet Security\NISSERV.EXE C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\atiptaxx.exe C:\Program Files\Compaq\EAB\EabServr.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Norton Internet Security\IAMAPP.EXE C:\PROGRA~1\NORTON~1\navapw32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\Program Files\Palm\HOTSYNC.EXE C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\pat\Mes documents\pat.graveron\VIRUS\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...;lc=040c&ac R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirec...rch&ap=b204 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...rch&ap=b204 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...rch&ap=b204 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redire...;lc=040c&ac R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ub4TrayApp] "C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe" /start O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing) O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136998744736 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Merci compte rendu tout va bien jusqu'a 4) Là il n'y a pas de fichier en gras ensuite j'ai lance le scan de ewido je pense qu'il a planté car après 20' il etait toujours au 31 objet dont l'adresse doit etre [120] vm_7ffe0000 voilà ensuite impossible d'eteindre le pc, grosse lenteur.... Pas de fichier hijackthis ni ewido A+

Je comprends votre attitude, mais je ne connais pas trop le fonctionnement de votre site, alors encore mes excuses+++++ et si vous croyez vraiment que je m'amuse, vous avez tout faux et rien compris. NB tout le monde n'a pas la siences infuse et les erreurs que je fais ici vous les feriez sans doute si vous aviez à pratiquer sur mon domaine

merci de vos lumieres Donc voici le fameux rapport Logfile of HijackThis v1.99.1 Scan saved at 16:27:31, on 14/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\atiptaxx.exe C:\Program Files\Compaq\EAB\EabServr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Palm\HOTSYNC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LVComsX.exe C:\Documents and Settings\pat\Mes documents\pat.graveron\VIRUS\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...;lc=040c&ac R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirec...rch&ap=b204 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...rch&ap=b204 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...rch&ap=b204 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redire...;lc=040c&ac R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ub4TrayApp] "C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe" /start O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing) O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136998744736 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Merci d'abLogfile of HijackThis v1.99.1 Scan saved at 16:27:31, on 14/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\atiptaxx.exe C:\Program Files\Compaq\EAB\EabServr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Palm\HOTSYNC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LVComsX.exe C:\Documents and Settings\pat\Mes documents\pat.graveron\VIRUS\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...;lc=040c&ac R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirec...rch&ap=b204 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...rch&ap=b204 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...rch&ap=b204 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redire...;lc=040c&ac R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ub4TrayApp] "C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe" /start O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing) O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136998744736 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) ord pour votre aide. Voici ce que j'ai trouvé

Bonjour, je suis galahad, j'ai suivi le tutoriel de nettoyage de pc car j'ai un "truc" qui envoie des mails tout azimut. Merci de m'aider. * HijackThis v1.99.1 * Written by Merijn - merijn@spywareinfo.com http://www.merijn.org/files/hijackthis.zip http://www.merijn.org/index.html See bottom for version history. The different sections of hijacking possibilities have been separated into the following groups. You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'. R - Registry, StartPage/SearchPage changes R0 - Changed registry value R1 - Created registry value R2 - Created registry key R3 - Created extra registry value where only one should be F - IniFiles, autoloading entries F0 - Changed inifile value F1 - Created inifile value F2 - Changed inifile value, mapped to Registry F3 - Created inifile value, mapped to Registry N - Netscape/Mozilla StartPage/SearchPage changes N1 - Change in prefs.js of Netscape 4.x N2 - Change in prefs.js of Netscape 6 N3 - Change in prefs.js of Netscape 7 N4 - Change in prefs.js of Mozilla O - Other, several sections which represent: O1 - Hijack of auto.search.msn.com with Hosts file O2 - Enumeration of existing MSIE BHO's O3 - Enumeration of existing MSIE toolbars O4 - Enumeration of suspicious autoloading Registry entries O5 - Blocking of loading Internet Options in Control Panel O6 - Disabling of 'Internet Options' Main tab with Policies O7 - Disabling of Regedit with Policies O8 - Extra MSIE context menu items O9 - Extra 'Tools' menuitems and buttons O10 - Breaking of Internet access by New.Net or WebHancer O11 - Extra options in MSIE 'Advanced' settings tab O12 - MSIE plugins for file extensions or MIME types O13 - Hijack of default URL prefixes O14 - Changing of IERESET.INF O15 - Trusted Zone Autoadd O16 - Download Program Files item O17 - Domain hijack O18 - Enumeration of existing protocols and filters O19 - User stylesheet hijack O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key O22 - SharedTaskScheduler autorun Registry key O23 - Enumeration of NT Services Command-line parameters: * /autolog - Automatically scan the system, save a logfile and open it * /ihatewhitelists - ignore all internal whitelists * /uninstall - remove all HijackThis Registry entries, backups and quit * Version history * [v1.99.1] * Added Winlogon Notify keys to O20 listing * Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing * Fixed lots and lots of 'unexpected error' bugs * Fixed lots of inproper functioning bugs (i.e. stuff that didn't work) * Added 'Delete NT Service' function in Misc Tools section * Added ProtocolDefaults to O15 listing * Fixed MD5 hashing not working * Fixed 'ISTSVC' autorun entries with garbage data not being fixed * Fixed HijackThis uninstall entry not being updated/created on new versions * Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list * Added option to scan the system at startup, then show results or quit if nothing found [v1.99] * Added O23 (NT Services) in light of newer trojans * Integrated ADS Spy into Misc Tools section * Added 'Action taken' to info in 'More info on this item' [v1.98] * Definitive support for Japanese/Chinese/Korean systems * Added O20 (AppInit_DLLs) in light of newer trojans * Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans * Added O22 (SharedTaskScheduler) in light of newer trojans * Backups of fixed items are now saved in separate folder * HijackThis now checks if it was started from a temp folder * Added a small process manager (Misc Tools section) [v1.96] * Lots of bugfixes and small enhancements! Among others: * Fix for Japanese IE toolbars * Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's * Attributes on Hosts file will now be restored when scanning/fixing/restoring it. * Added several files to the LSP whitelist * Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart * All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list [v1.95] * Added a new regval to check for from Whazit hijack (Start Page_bak). * Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap). * New in logfile: Running processes at time of scan. * Checkmarks for running StartupList with /full and /complete in HijackThis UI. * New O19 method to check for Datanotary hijack of user stylesheet. * Google.com IP added to whitelist for Hosts file check. [v1.94] * Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems. * Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!). * Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist. * Fixed a bug where DPF could not be deleted. * Fixed a stupid bug in enumeration of autostarting shortcuts. * Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops). * Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered. * Added support for backing up F0 and F1 items (d'oh!). [v1.93] * Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist. * Fixed a bug in LSP routine for Win95. * Made taborder nicer. * Fixed a bug in backup/restore of IE plugins. * Added UltimateSearch hijack in O17 method (I think). * Fixed a bug with detecting/removing BHO's disabled by BHODemon. * Also fixed a bug in StartupList (now version 1.52.1). [v1.92] * Fixed two stupid bugs in backup restore function. * Added DiamondCS file to LSP files safelist. * Added a few more items to the protocol safelist. * Log is now opened immediately after saving. * Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow). * Updated integrated StartupList to v1.52. * In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted. * Rudimentary proxy support for the Check for Updates function. [v1.91] * Added rd.yahoo.com to the Nonstandard But Safe Domains list. * Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18). * Added listing of programs/links in Startup folders (O4). * Fixed 'Check for Update' not detecting new versions. [v1.9] * Added check for Lop.com 'Domain' hijack (O17). * Bugfix in URLSearchHook (R3) fix. * Improved O1 (Hosts file) check. * Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys. * Added AutoConfigURL and proxyserver checks (R1). * IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected. * Added check for extra protocols (O18). [v1.81] * Added 'ignore non-standard but safe domains' option. * Improved Winsock LSP hijackers detection. * Integrated StartupList updated to v1.4. [v1.8] * Fixed a few bugs. * Adds detecting of free.aol.com in Trusted Zone. * Adds checking of URLSearchHooks key, which should have only one value. * Adds listing/deleting of Download Program Files. * Integrated StartupList into the new 'Misc Tools' section of the Config screen! [v1.71] * Improves detecting of O6. * Some internal changes/improvements. [v1.7] * Adds backup function! Yay! * Added check for default URL prefix * Added check for changing of IERESET.INF * Added check for changing of Netscape/Mozilla homepage and default search engine. [v1.61] * Fixes Runtime Error when Hosts file is empty. [v1.6] * Added enumerating of MSIE plugins * Added check for extra options in 'Advanced' tab of 'Internet Options'. [v1.5] * Adds 'Uninstall & Exit' and 'Check for update online' functions. * Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service) [v1.4] * Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer * A few bugfixes/enhancements [v1.3] * Adds detecting of extra MSIE context menu items * Added detecting of extra 'Tools' menu items and extra buttons * Added 'Confirm deleting/ignoring items' checkbox [v1.2] * Adds 'Ignorelist' and 'Info' functions [v1.1] * Supports BHO's, some default URL changes [v1.0] * Original release A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.