Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

pop-ups


Messages recommandés

bonjour,

j'ai déjà eu des problèmes avec un autre ordinateur et je l'ai réglé en venant ici. maintenant j'ai des problèmes sur cet ordinateur alors je viens ici. j'ai des pop-ups et mon pc est très lent.

 

voici mon rapport hijackthis :

 

Logfile of HijackThis v1.99.1

Scan saved at 13:38:51, on 2006-08-18

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\System32\gearsec.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Xfire\Xfire.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\VentriloMIX\Ventrilo 2.3.0.exe

C:\Program Files\AntiVir PersonalEdition Classic\avscan.exe

C:\Program Files\Opera\Opera.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Documents and Settings\Alexis\Mes documents\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\prefs.js)

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll

O2 - BHO: (no name) - {40D20724-5D3A-43C8-9FF5-2B6F209DBD27} - C:\WINDOWS\system32\bhrw.dll (file missing)

O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll (file missing)

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

Lien vers le commentaire
Partager sur d’autres sites

Bonjour a beluga,

 

1/telecharge silent runners http://www.silentrunners.org/Silent%20Runners.vbs

(fait clique droit sur le lien, puis enregistrer la cible sous)

 

2/déconnecte toi du net et ferme toutes les applications en cours.

 

3/lance silent runners laisse le travailler quand il aura finit de scanner tu en sauras averti par un message et un nouveau fichier texte sera crée ouvre ce fichier texte et colle la totalité du rapport.

Lien vers le commentaire
Partager sur d’autres sites

voici le log :

 

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}

"homepage.monitor.exe" = "C:\Program Files\IntCodec\isamonitor.exe" [null data]

"pmsngr.exe" = "C:\Program Files\IntCodec\pmsngr.exe" [null data]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"avgnt" = ""C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}

"SpybotSnD" = ""C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck" ["Safer Networking Limited"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{202a961f-23ae-42b1-9505-ffe3c818d717}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\IntCodec\isaddon.dll" [null data]

{40D20724-5D3A-43C8-9FF5-2B6F209DBD27}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\bhrw.dll" [file not found]

{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}\(Default) = (no title provided)

-> {HKLM...CLSID} = "VMN Toolbar"

\InProcServer32\(Default) = "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [empty string]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{58F07DD3-924D-4141-BC74-299F523A95F1}\(Default) = (no title provided)

-> {HKLM...CLSID} = "CInterfaceObj Object"

\InProcServer32\(Default) = "C:\WINDOWS\pxwma.dll" [null data]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"

-> {HKLM...CLSID} = "VpshellEx Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]

"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"

-> {HKLM...CLSID} = "Microsoft Office Binder Unbind"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\1036\UNBIND.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {HKLM...CLSID} = "Portable Media Devices"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{C38C9EFF-166C-11D4-98D6-204C4F4F5020}" = "Piky Basket"

-> {HKLM...CLSID} = "Basket Class"

\InProcServer32\(Default) = "C:\Program Files\Conceptworld\Piky\Piky.dll" ["Conceptworld Corporation"]

"{6B19FEC2-A45B-11CF-9045-00A0C9039735}" = "Registered ActiveX Controls"

-> {HKLM...CLSID} = "Registered ActiveX Controls"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [file not found]

"{D545EBD1-BD92-11CF-8772-00A0C9039735}" = "Developer Studio Components"

-> {HKLM...CLSID} = "Developer Studio Components"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [file not found]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"

-> {HKLM...CLSID} = "Shell Extension for Malware scanning"

\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]

"{1EBC3533-B289-409F-9924-B84B3F0717D2}" = "AceFTP Context Menu Shell Extension"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\VISICO~1\FTPEXP~1\ftpcntxt.dll" ["Visicom Media Inc."]

 

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

"load" = (value not set)

"run" = (value not set)

 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

"AppInit_DLLs" = (value not set)

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! ckpNotify\DLLName = "ckpNotify.dll" ["Check Point Software Technologies"]

INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\System32\NavLogon.dll" [null data]

INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

FTP Expert\(Default) = "{1EBC3533-B289-409F-9924-B84B3F0717D2}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\VISICO~1\FTPEXP~1\ftpcntxt.dll" ["Visicom Media Inc."]

LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"

-> {HKLM...CLSID} = "VpshellEx Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]

Piky\(Default) = "{C38C9EFF-166C-11D4-98D6-204C4F4F5020}"

-> {HKLM...CLSID} = "Basket Class"

\InProcServer32\(Default) = "C:\Program Files\Conceptworld\Piky\Piky.dll" ["Conceptworld Corporation"]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"

-> {HKLM...CLSID} = "Shell Extension for Malware scanning"

\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

FTP Expert\(Default) = "{1EBC3533-B289-409F-9924-B84B3F0717D2}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\VISICO~1\FTPEXP~1\ftpcntxt.dll" ["Visicom Media Inc."]

Piky\(Default) = "{C38C9EFF-166C-11D4-98D6-204C4F4F5020}"

-> {HKLM...CLSID} = "Basket Class"

\InProcServer32\(Default) = "C:\Program Files\Conceptworld\Piky\Piky.dll" ["Conceptworld Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"

-> {HKLM...CLSID} = "VpshellEx Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]

Piky\(Default) = "{C38C9EFF-166C-11D4-98D6-204C4F4F5020}"

-> {HKLM...CLSID} = "Basket Class"

\InProcServer32\(Default) = "C:\Program Files\Conceptworld\Piky\Piky.dll" ["Conceptworld Corporation"]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"

-> {HKLM...CLSID} = "Shell Extension for Malware scanning"

\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Alexis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]

 

 

Startup items in "Alexis" & "All Users" startup folders:

--------------------------------------------------------

 

C:\Documents and Settings\Alexis\Menu Démarrer\Programmes\Démarrage

"Xfire" -> shortcut to: "C:\Program Files\Xfire\Xfire.exe" ["Xfire Inc."]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "C:\WINDOWS\System32\Hummingbird\Connectivity\7.00\Socks\\hclsock5.dll" ["Hummingbird Ltd."]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINDOWS\System32\Hummingbird\Connectivity\7.00\Socks\\hclsock5.dll ["Hummingbird Ltd."], 01 - 02, 08

%SystemRoot%\system32\mswsock.dll [MS], 03 - 05, 09 - 18

%SystemRoot%\system32\rsvpsp.dll [MS], 06 - 07

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]

"{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}"

-> {HKLM...CLSID} = "VMN Toolbar"

\InProcServer32\(Default) = "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [empty string]

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}" = (no title provided)

-> {HKLM...CLSID} = "VMN Toolbar"

\InProcServer32\(Default) = "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [empty string]

"{A2595F37-48D0-46A1-9B51-478591A97764}" = (no title provided)

-> {HKLM...CLSID} = "Protection Bar"

\InProcServer32\(Default) = "C:\Program Files\IntCodec\iesplugin.dll" [file not found]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Console Java (Sun)"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

 

 

Miscellaneous IE Hijack Points

------------------------------

 

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

 

Added lines (compared with English-language version):

[strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

 

Missing lines (compared with English-language version):

[strings]: 1 line

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

AntiVir PersonalEdition Classic Guard, AntiVirService, "C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe" ["AVIRA GmbH"]

AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, "C:\Program Files\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"]

Check Point SecuRemote Service, SR_Service, ""C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"" ["Check Point Software Technologies"]

Check Point SecuRemote WatchDog, SR_WatchDog, ""C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe"" ["Check Point Software Technologies"]

HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}

LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Service de sécurité matérielle, GEARSecurity, "C:\WINDOWS\System32\gearsec.exe" ["GEAR Software"]

Symantec AntiVirus Client, Norton AntiVirus Server, "C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe" ["Symantec Corporation"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]

 

 

----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 52 seconds, including 14 seconds for message boxes)

Lien vers le commentaire
Partager sur d’autres sites

Bonjour,

 

1/Télécharger http://siri.urz.free.fr/Fix/SmitfraudFix.zip

 

2/ Dézipper la totalité de l'archive sur ton bureau.

 

Double cliquer sur smitfraudfix.cmd

Sélectionner 1 dans le menu pour créer un rapport des fichiers responsables de l'infection.

sauvegarde ce rapport et poste le

Lien vers le commentaire
Partager sur d’autres sites

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alexis\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Alexis\Favoris

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

C:\Program Files\IntCodec\ PRESENT !

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Ma page d'accueil"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Lien vers le commentaire
Partager sur d’autres sites

Bonjour,

 

3/* Redemarrer l'ordinateur en mode sans echec http://www.sosordi.net/Faq/Faq.2.html

* Double cliquer sur smitfraudfix.cmd

* Sélectionner 2 dans le menu pour supprimer les fichiers respondables de l'infection.

* A la question: Voulez-vous nettoyer le registre ? répondre O (oui)

sauvegarde le rapport.

 

redemarre en mode normal et post aussi le nouveau rapport ainsi qu'un nouveau log hijackthis

Lien vers le commentaire
Partager sur d’autres sites

bonjour,

voici le rapport de smitfraudfix :

 

SmitFraudFix v2.81

 

Rapport fait à 22:30:51,73, 2006-08-20

Executé à partir de C:\Documents and Settings\Alexis\Bureau\smitfraud\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Fix executé en mode sans echec

 

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

 

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé

C:\Program Files\IntCodec\ supprimé

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

 

Nettoyage terminé.

 

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

voici celui de hijackthis :

 

Logfile of HijackThis v1.99.1

Scan saved at 22:35:13, on 2006-08-20

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\System32\gearsec.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

C:\Program Files\Xfire\Xfire.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Alexis\Mes documents\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\prefs.js)

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll (file missing)

O2 - BHO: (no name) - {40D20724-5D3A-43C8-9FF5-2B6F209DBD27} - C:\WINDOWS\system32\bhrw.dll (file missing)

O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

 

 

 

p.s. j'habite au québec alors je répond très en retard, à cause du décalage horaire :P

Lien vers le commentaire
Partager sur d’autres sites

bonjour,

 

 

Dans ton rapport il n'y a pas de firewall, telecharge en un tel zone alarm:

 

_zone alarm que tu peux télecharger ici http://www.zonelabs.com/store/content/cata...&lid=nav_za

_tuto pour zone alarm ici http://forum.telecharger.01net.com/microhe...messages-1.html

 

Installe le et met le a jour si il ne l'ait pas.

 

 

Te sers tu encore de norton antivirus?

 

 

Si durant la procedure ci bas, il y a des etapes que tu n'as pas reussi a faire, merci de

continuer la procedure jusqu'au bout et de les signaler dans ta prochaine reponse.

 

 

1/Télécharge http://www.ewido.net/en/download/ Ewido anti-spyware

 

Lance Ewido et clique sur le bouton Update (barre d'outils - au haut). Sous Manual Update clique Start update.

 

Tu verras ceci juste au bas, lorsque la mise à jour sera complétée : "Update successful"

 

Ferme Ewido. Ne pas le lancer tout de suite.

 

 

 

2/demarre en mode sans echec http://www.sosordi.net/Faq/Faq.2.html

 

3/

demarrer/panneau de configuration/ajouts et suppresions de programmes et verifie la presence de:

 

VMN Toolbar

 

si ce programme est present desinstalle le.

 

 

4/lance hijackthis en cliquant sur do a scan system only coche ces lignes:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O2 - BHO: (no name) - {40D20724-5D3A-43C8-9FF5-2B6F209DBD27} - C:\WINDOWS\system32\bhrw.dll (file missing)

O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll

O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

 

 

Ferme toutes les fenêtres ouvertes sauf Hijackthis et clique sur fix checked

 

 

5/pour supprimer les fichiers nefastes on va tous les afficher en faisant comme ceci:

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Cocher la case : Afficher les fichiers et dossiers cachés

Décocher la case : Masquer les extensions des fichiers dont le type est connu

Décocher la case : Masquer les fichiers protégés du système d'exploitation

cliquer sur "Appliquer"

cliquer sur le bouton "Appliquer à tous les dossiers" / OK

 

 

6/supprime ce qui est en gras:

 

C:\program files\ vmntoolbar<== tout le dossier

C:\WINDOWS\ pxwma.dll<== le fichier

 

 

7/ Du mode Sans Échec, lance Ewido et clique sur le bouton Scanner (de la barre d'outils) et ensuite clique sur Complete System Scan. Le scan prendra un certain temps, donc sois patient.

 

Ewido affichera une liste des fichiers détectés, sur la gauche. En fin de scan, l'outil appliquera les "Actions" à appliquer automatiquement. Clique sur le bouton Apply all actions. Ewido affichera "All actions have been applied" du côté droit.

 

Clique sur "Save Report", puis "Save Report As". Ceci génère un rapport en fichier texte. Assure-toi de le sauvegarder dans un endroit sûr (sur ton Bureau, par exemple).

 

 

8/redemarre en mode normal

 

9/poste le rapport d'ewido ainsi qu'un nouveau log hijackthis.

 

bon courage, et si tu as la moindre question n'hesite surtout pas :P

 

@+

Lien vers le commentaire
Partager sur d’autres sites

bonjour,

non je n'utilise plus norton.

et il n'y avait pas ces lignes dans hijackthis :

O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL et

O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~

 

aussi il n'y avait pas ce fichier : pxwma.dll

 

 

voici le rapport ewido :

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 13:43:00 2006-08-21

 

+ Scan result:

 

 

 

C:\WINDOWS\Downloaded Program Files\valent.inf -> Adware.BetterInternet : Cleaned with backup (quarantined).

C:\RECYCLER\S-1-5-21-1960408961-1801674531-725345543-1004\Dc21\vmntoolbar.dll -> Adware.BHO : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\VisualStudio\Analyzer\Events\{6C736D71-BCBF-11D0-8A23-00AA00B58E10} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).

HKU\S-1-5-21-1960408961-1801674531-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2595F37-48D0-46A1-9B51-478591A97764} -> Adware.Generic : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Adware.HotBar : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.IntCodec : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Cleaned with backup (quarantined).

HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned with backup (quarantined).

C:\Downloads\AquabbleQuestSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).

C:\Downloads\AseaSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).

C:\Downloads\AtlantisSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).

C:\Downloads\Chainz2_Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).

C:\Downloads\FortuneTiles-WinSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).

C:\Downloads\GaminoSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).

C:\Downloads\PiratesOfTreasureIsland-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).

C:\Downloads\SuperSwapDeluxeSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).

C:\Downloads\VortHexSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).

C:\Downloads\Wonders_Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).

C:\Downloads\aquabblesSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).

C:\Downloads\geomsetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).

C:\Documents and Settings\Alexis\Local Settings\Temp\uninstall.exe -> Adware.VMN : Cleaned with backup (quarantined).

C:\RECYCLER\S-1-5-21-1960408961-1801674531-725345543-1004\Dc21\uninstall.exe -> Adware.VMN : Cleaned with backup (quarantined).

C:\Documents and Settings\Alexis\Mes documents\hijackthis\backups\backup-20060821-121601-625.dll -> Adware.Webdir : Cleaned with backup (quarantined).

HKU\S-1-5-21-1960408961-1801674531-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58F07DD3-924D-4141-BC74-299F523A95F1} -> Adware.WebDir : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\VacPro.canada_ver3 -> Dialer.Generic : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\VacPro.canada_ver3\Clsid -> Dialer.Generic : Cleaned with backup (quarantined).

:mozilla.10:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.247realmedia : Cleaned.

:mozilla.7:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.247realmedia : Cleaned.

:mozilla.8:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.247realmedia : Cleaned.

:mozilla.9:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.247realmedia : Cleaned.

:mozilla.11:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.123:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.127:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.140:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.6:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Alexis\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.14:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.15:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.16:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.6:C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\cookies.txt -> TrackingCookie.Addynamix : Cleaned.

:mozilla.65:C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.

:mozilla.66:C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.

:mozilla.67:C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.

:mozilla.19:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.20:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Adtech : Cleaned.

C:\Documents and Settings\Marie-Hélène\Cookies\marie-hélène@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.267:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.64:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Clickzs : Cleaned.

:mozilla.65:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Clickzs : Cleaned.

:mozilla.66:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Clickzs : Cleaned.

:mozilla.67:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Clickzs : Cleaned.

:mozilla.47:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Com : Cleaned.

:mozilla.228:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.

:mozilla.76:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Estat : Cleaned.

:mozilla.7:C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.15:C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\cookies.txt -> TrackingCookie.Gator : Cleaned.

:mozilla.242:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Masterstats : Cleaned.

:mozilla.76:C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\cookies.txt -> TrackingCookie.Masterstats : Cleaned.

:mozilla.250:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Onestat : Cleaned.

:mozilla.251:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Onestat : Cleaned.

:mozilla.153:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.52:C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.68:C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned.

:mozilla.69:C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned.

:mozilla.166:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.167:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.168:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.169:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.40:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\Alexis\Cookies\alexis@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.50:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.51:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.52:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.53:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.54:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.55:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.56:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.57:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.58:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.59:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.54:C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\cookies.txt -> TrackingCookie.Starware : Cleaned.

:mozilla.55:C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\cookies.txt -> TrackingCookie.Starware : Cleaned.

:mozilla.179:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.182:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.183:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.184:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.189:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.

:mozilla.190:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.

:mozilla.58:C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.59:C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.60:C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.61:C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.191:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.192:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.62:C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.206:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

:mozilla.207:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

:mozilla.208:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

:mozilla.203:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Weborama : Cleaned.

:mozilla.204:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Weborama : Cleaned.

:mozilla.229:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.230:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.222:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.223:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.224:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.41:C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\mp8bpj4v.Alexis\cookies.txt -> TrackingCookie.Zedo : Cleaned.

C:\Documents and Settings\Alexis\Cookies\alexis@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.

 

 

::Report end

 

et le rapport hijackthis :

 

Logfile of HijackThis v1.99.1

Scan saved at 13:52:58, on 2006-08-21

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\System32\gearsec.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Xfire\Xfire.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Opera\Opera.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Documents and Settings\Alexis\Mes documents\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Alexis\Application Data\Mozilla\Profiles\default\xucp7z0o.slt\prefs.js)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Lien vers le commentaire
Partager sur d’autres sites

re,

 

Ton rapport est propre, beau travail :P

 

On va supprimer le service de norton qui ne sers a rien vu que tu ne l'utilises plus.

 

 

1/fais:

demarer executer services.msc repere Symantec AntiVirus Client

 

Double clic dessus :dans le champs Statut du service met le sur arrêté

dans le champs Type de démarrage met le sur désactivé puis

Appliquer puis ok .

 

 

2/maintenant on supprimer le service:

 

demarrer/executer/ cmd

 

execute cette commande qui est en citation sans le mot citation:

 

sc delete Norton AntiVirus Server

 

 

 

3/supprime ce qui est en gras:

 

C:\program files\ Symantec<== tout le dossier

 

 

4/Fais un scan en ligne avec http://webscanner.kaspersky.fr/

 

Sous Démonstration en ligne , on t'explique la marche à suivre , et pour lancer le scan il faut sélectionner Exécuter l'analyse en ligne .Le scan ne marche que sous Internet Explorer.

On va te demander de télécharger un contôle active x, accepte .

Dans le menu Choisissez la cible de l'analyse , sélectionne Poste de travail .

Le scan va commencer.Poste le rapport qui sera généré stp.

 

Si il y a un problème, assure toi que les contrôles active x sont bien configurés dans les options internet comme

 

décrit sur ce lien=> http://www.inoculer.com/activex.php3

 

NOTE: le scan est a faire avec Internet Explorer

 

 

 

@+

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...