Quelqu'un pour analyser mon log hijack svp?

ds la mouise -  
 bernie61 -
Bonjour

gros pb de trojans qui se logent dans le répertoire windows sous divers noms des que j'ouvre internet explorer.
j'ai essayé plusieurs programmes mais sans succes. si une bonne ame peut m'analyser mon log hijackthis je lui en serait tres reconnaissant. merci d'avance!

Logfile of HijackThis v1.99.0
Scan saved at 20:45:38, on 20/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
C:\WINDOWS\System32\tp4mon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ewjcb.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ewjcb.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ewjcb.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ewjcb.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ewjcb.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ewjcb.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ewjcb.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {3ADF6E21-B4FD-8BC8-10C3-A9846D3FEC69} - C:\WINDOWS\system32\appar.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [4AE4.tmp] C:\DOCUME~1\antoine\LOCALS~1\Temp\4AE4.tmp.exe 0 28129
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Conexant DSL Wizard.LNK = C:\Program Files\Olitec\DSL Wizard\Setup.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer ce serveur... - C:\PROGRA~1\AVANTB~1\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\PROGRA~1\AVANTB~1\AddToADBlackList.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\PROGRA~1\AVANTB~1\OpenAllLinks.htm
O8 - Extra context menu item: Rechercher avec Google... - C:\PROGRA~1\AVANTB~1\Search.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\PROGRA~1\AVANTB~1\Highlight.htm
O8 - Extra context menu item: Té&lécharger tous les éléments avec ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Télécharger avec Re&Get Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: SEARCH - {FE5A1910-F121-11d2-BE9E-01C04A7936B1} - http://www.zapros.com/find.htm (file missing)
O9 - Extra button: ENTERTAINMENT - {FE5A1910-F121-11d2-BE9E-01C04A7936B2} - http://www.zapros.com/av.htm (file missing)
O9 - Extra button: PILLS - {FE5A1910-F121-11d2-BE9E-01C04A7936B3} - http://www.zapros.com/med.htm (file missing)
O9 - Extra button: SECURITY - {FE5A1910-F121-11d2-BE9E-01C04A7936B4} - http://www.zapros.com/check.htm (file missing)
O9 - Extra button: SEARCH - {FE5A1910-F121-11d2-BE9E-01C04A7936B5} - http://www.zapros.com (file missing)
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093244904949
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/144000s/download.opistat.com/opistat/activex/opinstall_fr_4.0.0.17_c.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-3.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_1_0.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6604EEA6-FCD8-473F-B928-FE7344B07174}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: IBM PM Service - Unknown - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Service Framework McAfee - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

6 réponses

  1. bernie61
     
    salut
    Celui-ci à vérifier
    C:\WINDOWS\system32\appar.dll >> vérifie si inconnu efface après avoir fait un ZIP de ce fichier
    C:\DOCUME~1\antoine\LOCALS~1\Temp\4AE4.tmp.exe 0 28129 >>bizar à vérifier
    C:\PROGRA~1\AVANTB~1\AddAllToADBlackList.htm >> vérifie
    C:\PROGRA~1\AVANTB~1\AddToADBlackList.htm >>vérifier
    C:\PROGRA~1\AVANTB~1\OpenAllLinks.htm >vérifier
    C:\PROGRA~1\AVANTB~1\Highlight.htm >>vérifier

    Relances HijackThis et cocher toutes ces lignes, puis FIX :
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ewjcb.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ewjcb.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ewjcb.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ewjcb.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ewjcb.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ewjcb.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ewjcb.dll/sp.html#28129
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {3ADF6E21-B4FD-8BC8-10C3-A9846D3FEC69} - C:\WINDOWS\system32\appar.dll >> vérifie si inconnu coche
    O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe >> coche si inconnu
    O4 - HKLM\..\Run: [4AE4.tmp] C:\DOCUME~1\antoine\LOCALS~1\Temp\4AE4.tmp.exe 0 28129 >>bizar à cocher
    O4 - Global Startup: Conexant DSL Wizard.LNK = C:\Program Files\Olitec\DSL Wizard\Setup.exe >>inutile
    O8 - Extra context menu item: Bloquer ce serveur... - C:\PROGRA~1\AVANTB~1\AddAllToADBlackList.htm >> coche si inconnu
    O8 - Extra context menu item: Bloquer cette publicité... - C:\PROGRA~1\AVANTB~1\AddToADBlackList.htm >>idem
    O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\PROGRA~1\AVANTB~1\OpenAllLinks.htm
    O8 - Extra context menu item: Surligner - C:\PROGRA~1\AVANTB~1\Highlight.htm
    O9 - Extra button: SEARCH - {FE5A1910-F121-11d2-BE9E-01C04A7936B1} - http://www.zapros.com/find.htm (file missing)
    O9 - Extra button: ENTERTAINMENT - {FE5A1910-F121-11d2-BE9E-01C04A7936B2} - http://www.zapros.com/av.htm (file missing)
    O9 - Extra button: PILLS - {FE5A1910-F121-11d2-BE9E-01C04A7936B3} - http://www.zapros.com/med.htm (file missing)
    O9 - Extra button: SECURITY - {FE5A1910-F121-11d2-BE9E-01C04A7936B4} - http://www.zapros.com/check.htm (file missing)
    O9 - Extra button: SEARCH - {FE5A1910-F121-11d2-BE9E-01C04A7936B5} - http://www.zapros.com (file missing)
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

    O15 - Trusted IP range: 206.161.125.149 >> cocher si tu connais pas

    O15 - Trusted IP range: (HKLM)

    O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/144000s/download.opistat.com/opistat/activex/o pinstall_fr_4.0.0.17_c.cab

    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab >>inutile

    a+
    0
  2. ds la mouise
     
    merci mille fois pour la réponse

    pour ces lignes
    C:\DOCUME~1\antoine\LOCALS~1\Temp\4AE4.tmp.exe 0 28129 >>bizar à vérifier
    O2 - BHO: (no name) - {3ADF6E21-B4FD-8BC8-10C3-A9846D3FEC69} - C:\WINDOWS\system32\appar.dll >> vérifie si inconnu coche

    je ne sais pas comment verifier si elles sont à virer

    ces lignes
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

    n'ont pas été virées

    mon nouveau log

    Logfile of HijackThis v1.99.0
    Scan saved at 22:23:01, on 20/12/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
    C:\WINDOWS\System32\tp4mon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\WINDOWS\System32\Tablet.exe
    C:\Program Files\Grisoft\AVG Free\avgwb.dat
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\hijackthis\HijackThis.exe

    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {3ADF6E21-B4FD-8BC8-10C3-A9846D3FEC69} - C:\WINDOWS\system32\appar.dll
    O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
    O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [4AE4.tmp] C:\DOCUME~1\antoine\LOCALS~1\Temp\4AE4.tmp.exe 0 28129
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Conexant DSL Wizard.LNK = C:\Program Files\Olitec\DSL Wizard\Setup.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Bloquer ce serveur... - C:\PROGRA~1\AVANTB~1\AddAllToADBlackList.htm
    O8 - Extra context menu item: Bloquer cette publicité... - C:\PROGRA~1\AVANTB~1\AddToADBlackList.htm
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\PROGRA~1\AVANTB~1\OpenAllLinks.htm
    O8 - Extra context menu item: Rechercher avec Google... - C:\PROGRA~1\AVANTB~1\Search.htm
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O8 - Extra context menu item: Surligner - C:\PROGRA~1\AVANTB~1\Highlight.htm
    O8 - Extra context menu item: Té&lécharger tous les éléments avec ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
    O8 - Extra context menu item: Télécharger avec Re&Get Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093244904949
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-3.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_1_0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6604EEA6-FCD8-473F-B928-FE7344B07174}: NameServer = 192.168.1.1
    O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: IBM PM Service - Unknown - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: Service Framework McAfee - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
    0
  3. bernie61
     
    re
    nettoie tous les temps, vide la corbeille manuellement ou ceci
    *Pour vider le cache et dossier temp
    tu cliques sur Démarrer/PanneauConfiguration/OptionsInternet/ onglet « Général » /supprimer les fichiers/ cocher effacer hors connexion
    et aussi onglet « Avancé » et là cocher Vider dossier TemporaryInternet…
    et vider la Corbeille (« Recycler »)
    *Pour nettoyer ordi, faire Démarrer/TousLesProgrammes/Accessoires/OutilsSystèmes/nettoyerSystème/ et là choisir directory à nettoyer généralement C :\
    a+
    0
  4. bernie61
     
    re
    Tu as 2 antivirus ? ils tournent pas en même temps j’espère !! sinon conflit, reconfigure AVG7 ou MacAfee

    Tu fais RECHERCHER avec nom « tp4mon.exe »
    et effaces (mode sans échec si récalcitrant)

    Celui là fais en un ZIP de sauvegarde et effaces le .dll
    C:\WINDOWS\system32\appar.dll > inconnu sur goggle

    Relances HijackThis et cocher toutes ces lignes, puis FIX :
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {3ADF6E21-B4FD-8BC8-10C3-A9846D3FEC69} - C:\WINDOWS\system32\appar.dll
    O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
    O4 - HKLM\..\Run: [4AE4.tmp] C:\DOCUME~1\antoine\LOCALS~1\Temp\4AE4.tmp.exe 0 28129
    O8 - Extra context menu item: Bloquer ce serveur... - C:\PROGRA~1\AVANTB~1\AddAllToADBlackList.htm > c’est toi qui a bloqué sinon coche
    O8 - Extra context menu item: Bloquer cette publicité... - C:\PROGRA~1\AVANTB~1\AddToADBlackList.htm >>idem
    O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\PROGRA~1\AVANTB~1\OpenAllLinks.htm >> idem
    O15 - Trusted Zone: *.frame.crazywinnings.com > cocher
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) > cocher

    a+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ds la mouise
     
    SLT

    tout est rentré ds l'ordre apparemment! le pb venait de "appar.dll" et de 4AE4.tmp.exe 0 28129! Une fois effacés plus de pb au demarrage de IE!
    tp4mon.exe c pour le trackpoint (sorte de souris) pour mon portable!
    Et les lignes du type:
    C:\PROGRA~1\AVANTB~1
    c pour avant browser je crois...

    Un merci MONUMENTAL à ceux qui m'ont aidé à virer ce virus de m... Heureusement que vous etes la les gars!
    0