Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Messages recommandés

Posté(e)

0 - Désinstallation de Norton effectuée.

 

 

1 - Ewido téléchargé et installé. Par contre, mise à jour impossible car je n'ai plus de connexion internet sur le PC infecté !

 

 

2 - HijackThis : ligne supprimée et "fix checked".

 

 

3 - Fichier HP100.TMP supprimé. Par contre, ce fichier est recréé lorsque je reboot en mode normal.

 

 

4 - Scan Ewido en mode sans échec, dont voici le rapport :

 

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 15:41:23 02/07/2006

 

+ Scan result:

 

:mozilla.162:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.

:mozilla.337:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.

:mozilla.119:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.121:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.196:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.35:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.36:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.80:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.81:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.23:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.24:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.25:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.77:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.78:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.79:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.143:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.66:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.260:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.

:mozilla.111:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.

:mozilla.36:C:\Documents and Settings\Parents\Application Data\Mozilla\Firefox\Profiles\e86mk02f.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.

:mozilla.38:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.

:mozilla.116:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.117:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.118:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.293:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.294:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.295:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.288:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.

:mozilla.289:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.

:mozilla.84:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.

:mozilla.85:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.

:mozilla.86:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.

:mozilla.88:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.

:mozilla.89:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.

:mozilla.90:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.

:mozilla.65:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.96:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.22:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Estat : Cleaned.

:mozilla.6:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Estat : Cleaned.

:mozilla.265:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.266:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.267:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.268:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.341:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.261:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.262:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.80:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.81:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.135:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.137:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.138:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.313:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.314:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.315:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.388:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.37:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

:mozilla.82:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

:mozilla.117:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.118:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.120:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.139:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.60:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.61:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.62:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.63:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.64:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.90:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.91:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.92:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.93:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.105:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.

:mozilla.106:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.

:mozilla.14:C:\Documents and Settings\Parents\Application Data\Mozilla\Firefox\Profiles\e86mk02f.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.

:mozilla.15:C:\Documents and Settings\Parents\Application Data\Mozilla\Firefox\Profiles\e86mk02f.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.

:mozilla.16:C:\Documents and Settings\Parents\Application Data\Mozilla\Firefox\Profiles\e86mk02f.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.

:mozilla.38:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.

:mozilla.39:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.

:mozilla.39:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.

:mozilla.40:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.

:mozilla.40:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.

:mozilla.41:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.

:mozilla.306:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.

:mozilla.307:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.308:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.45:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.

:mozilla.46:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.

:mozilla.47:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.

:mozilla.85:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.

:mozilla.86:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.

:mozilla.132:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.299:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.167:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.

:mozilla.168:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.

:mozilla.53:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.

:mozilla.54:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.

:mozilla.112:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.

:mozilla.113:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.

:mozilla.114:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.

:mozilla.140:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.

:mozilla.141:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.

:mozilla.142:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.

C:\Documents and Settings\Kim\Cookies\kim@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.

:mozilla.179:C:\Documents and Settings\Lou\Application Data\Mozilla\Firefox\Profiles\r3j8hhlm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.282:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.283:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.284:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\Kim\Cookies\kim@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.168:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.169:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.170:C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\3190qfvq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

C:\Program Files\Media-Codec -> Trojan.Small : Cleaned with backup (quarantined).

C:\Program Files\Media-Codec\uninst.exe -> Trojan.Small : Cleaned with backup (quarantined).

C:\WINDOWS\system32\atmclk.exe -> Trojan.Small : Cleaned with backup (quarantined).

 

::Report end

 

 

5 - Rapport HijackThis en mode normal :

 

Logfile of HijackThis v1.99.1

Scan saved at 15:54:06, on 02/07/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\FileZilla Server\FileZilla Server.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dcomcfg.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\Program Files\LaCie\Backup Software\LaCieBackup.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Palm\HOTSYNC.EXE

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\acer\eRecovery\Monitor.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://atome.lemonde.fr/nortel_cacheable/iewiper.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

 

Honnêtement, y a-t-il un espoir de désinfecté le PC ? Dans un délai raisonnable ?

Sinon, je me résignerai à faire une grosse sauvegarde externe et à réinstaller la machine.

 

Merci pour ta collaboration.

Posté(e)

re,

 

Honnêtement, y a-t-il un espoir de désinfecté le PC ? Dans un délai raisonnable ?

 

oui, je pense savoir d'ou vient le probleme tu 'nas pas la derniere version du fix.

 

Supprime smitfraudfix de ton PC et:

 

1/Télécharger http://siri.urz.free.fr/Fix/SmitfraudFix.zip

 

2/ Dézipper la totalité de l'archive sur ton bureau.

 

Double cliquer sur smitfraudfix.cmd

Sélectionner 1 dans le menu pour créer un rapport des fichiers responsables de l'infection.

sauvegarde ce rapport et poste le

 

3/* Redemarrer l'ordinateur en mode sans echec http://www.sosordi.net/Faq/Faq.2.html

* Double cliquer sur smitfraudfix.cmd

* Sélectionner 2 dans le menu pour supprimer les fichiers respondables de l'infection.

* A la question: Voulez-vous nettoyer le registre ? répondre O (oui)

sauvegarde le rapport.

 

redemarre en mode normal et post aussi le nouveau rapport ainsi qu'un nouveau log hijackthis

Posté(e)

Bonjour,

 

Voilà, c'est fait.

 

 

1 - SmartfraudFix, option 1

 

SmitFraudFix v2.66

 

Rapport fait à 9:20:12,68, 03/07/2006

Executé à partir de C:\Documents and Settings\Parents\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\dcomcfg.exe PRESENT !

C:\WINDOWS\system32\hp???.tmp PRESENT !

C:\WINDOWS\system32\hp????.tmp PRESENT !

C:\WINDOWS\system32\regperf.exe PRESENT !

C:\WINDOWS\system32\simpole.tlb PRESENT !

C:\WINDOWS\system32\stdole3.tlb PRESENT !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Parents\Application Data

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PARENTS\FAVORIS

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{6af69c4d-420a-4c95-b34f-e4635f84f53b}"="forevouched"

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

 

 

2 - SmartfraudFix, option 2, mode sans échec

 

SmitFraudFix v2.66

 

Rapport fait à 9:22:02,54, 03/07/2006

Executé à partir de C:\Documents and Settings\Parents\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Fix executé en mode sans echec

 

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{6af69c4d-420a-4c95-b34f-e4635f84f53b}"="forevouched"

 

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

 

C:\WINDOWS\system32\dcomcfg.exe supprimé

C:\WINDOWS\system32\hp???.tmp supprimé

C:\WINDOWS\system32\regperf.exe supprimé

C:\WINDOWS\system32\simpole.tlb supprimé

C:\WINDOWS\system32\stdole3.tlb supprimé

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

 

Nettoyage terminé.

 

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

 

 

3 - HijackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 09:24:34, on 03/07/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\FileZilla Server\FileZilla Server.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\Program Files\LaCie\Backup Software\LaCieBackup.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Palm\HOTSYNC.EXE

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\acer\eRecovery\Monitor.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://atome.lemonde.fr/nortel_cacheable/iewiper.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Posté(e)

bonjour,

 

Ca marche tout de suite mieux quand on utilise la bonne version :P

 

Si tu n'utilises plus norton:

 

 

1/demarre en mode sans echec http://www.sosordi.net/Faq/Faq.2.html

 

 

2/lance hijackthis en cliquant sur do a scan system only coche cette ligne:

 

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

 

Ferme toutes les fenêtres ouvertes sauf Hijackthis et clique sur fix checked

 

 

3/redemarre en mode normal

 

4/poste un nouveau log hijackthis et dis moi ou en sont tes problemes.

 

bon courage, et si tu as la moindre question n'hesite surtout pas :P

 

@+

Posté(e)

Voici le rapport HijackThis en mode normal, après traitement de la ligne "020 - .. " en mode sans échec.

 

Le point après tout cela : les pop-up liés au virus OHPE ont disparu (depuis pas mal de temps) mais je n'ai aucun lient avec l'internet (navigation, messagerie, freeplayer) !

 

Logfile of HijackThis v1.99.1

Scan saved at 11:16:26, on 03/07/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\Program Files\LaCie\Backup Software\LaCieBackup.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Palm\HOTSYNC.EXE

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\FileZilla Server\FileZilla Server.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\acer\eRecovery\Monitor.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://atome.lemonde.fr/nortel_cacheable/iewiper.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Posté(e)

re,

 

mais je n'ai aucun lient avec l'internet (navigation, messagerie, freeplayer) !

 

Internet ne marche plus, si avant il fonctionnait bien:

 

Télécharge Winsockfix d'O^E ---> http://www.abcinformatique.ca/nouvelle/dow.../index.php?dl=7

 

ferme toutes les applications en cours.

 

Lance winsockfix, et cliques sur fix

 

redemarre ton PC et dis moi ce que ca donne.

Posté(e)

"Serveur introuvable" avec Mozilla Firefox

"Impossible d'afficher la page" avec IE

"la tâche pop3.free.fr a signalé une erreur : impossible de trouver le serveur" avec Outlook

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...