Infecté par adware/cws.aboutblank

dan -  
 Utilisateur anonyme -
salut à tous et bonne année
Quand je lance internet explorer j'arrive toujours à la meme page : GOGGLE avec adresse aboutblank et impossible de la changer et quand je lance unerecherche ca m'amène toujours a la meme page

Si un pro peut me donner la solution à mon problème car je ne suis pas terrible en informatique

système exploitation : WINDOWS PROESSIONNEL

A bientot
Configuration: compaq nx9030

17 réponses

  1. Utilisateur anonyme
     
    salut dan

    télécharge HijackThis ici:
    http://www.hijackthis.de/downloads/hijackthis_199.zip

    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum

    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    Bon courage

    A+
    0
    1. dan
       
      ci-dessous log entier de HIJACKYHIS

      Logfile of HijackThis v1.99.1
      Scan saved at 08:06:02, on 05/01/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
      C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
      C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
      C:\WINDOWS\LogWatNT.exe
      C:\Program Files\Spyware Doctor\sdhelp.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\RealVNC\VNC4\WinVNC4.exe
      c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      C:\WINDOWS\system32\hphmon05.exe
      C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
      C:\PROGRA~1\CA\eTrust\INOCUL~1\realmon.exe
      C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe
      C:\Program Files\Spyware Doctor\swdoctor.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\WINDOWS\appby32.exe
      C:\WINDOWS\system32\wisptis.exe
      C:\WINDOWS\system32\mswt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\DOCUME~1\LOCQUE~2\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mdpqf.dll/sp.html#93256%resultposition.net
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mdpqf.dll/sp.html#93256%resultposition.net
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\mdpqf.dll/sp.html#93256%resultposition.net
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mdpqf.dll/sp.html#93256%resultposition.net
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mdpqf.dll/sp.html#93256%resultposition.net
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mdpqf.dll/sp.html#93256%resultposition.net
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mdpqf.dll/sp.html#93256%resultposition.net
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - Default URLSearchHook is missing
      O2 - BHO: Class - {2C7E705B-4A73-210D-462B-DF73711A4905} - C:\WINDOWS\system32\apijo.dll (file missing)
      O2 - BHO: Class - {49C93116-9ED5-850D-A22A-44D58ADE0597} - C:\WINDOWS\system32\ipdk32.dll
      O2 - BHO: Class - {5A4824E0-5A23-EC06-7AE6-26005682148F} - C:\WINDOWS\system32\netru32.dll
      O2 - BHO: Class - {5C446BFC-02E1-6598-6240-0D9B1BE10C2F} - C:\WINDOWS\system32\appqf32.dll (file missing)
      O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
      O2 - BHO: Class - {5EC2D84A-6626-8AF1-C8EB-B573423538B1} - C:\WINDOWS\adduu32.dll
      O2 - BHO: Class - {6D6F824E-4876-24B2-D11B-49F9A8DF9F1B} - C:\WINDOWS\system32\winal.dll
      O2 - BHO: Class - {9FA51816-BD9F-7A8E-1737-44978508516A} - C:\WINDOWS\system32\addlr.dll (file missing)
      O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O2 - BHO: Class - {B7BC0E45-0934-E912-E44C-E17957FA46C7} - C:\WINDOWS\mfcgh32.dll (file missing)
      O2 - BHO: Class - {C375C5F0-8EFF-D29E-DE44-2AF7AF3C141B} - C:\WINDOWS\apihk32.dll
      O2 - BHO: Class - {D4A99041-BBC8-A963-8327-6E17563E936B} - C:\WINDOWS\system32\atlhl32.dll (file missing)
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
      O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
      O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
      O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
      O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
      O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\eTrust\INOCUL~1\realmon.exe
      O4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"
      O4 - HKLM\..\Run: [crdd32.exe] C:\WINDOWS\crdd32.exe
      O4 - HKLM\..\Run: [msrt32.exe] C:\WINDOWS\system32\msrt32.exe
      O4 - HKLM\..\Run: [msog.exe] C:\WINDOWS\msog.exe
      O4 - HKLM\..\Run: [d3lr.exe] C:\WINDOWS\d3lr.exe
      O4 - HKLM\..\Run: [sdkpy.exe] C:\WINDOWS\system32\sdkpy.exe
      O4 - HKLM\..\Run: [addqw.exe] C:\WINDOWS\addqw.exe
      O4 - HKLM\..\Run: [appby32.exe] C:\WINDOWS\appby32.exe
      O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
      O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135151591195
      O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/11731/FanBeatrice.exe
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = carillion.fr
      O17 - HKLM\Software\..\Telephony: DomainName = carillion.fr
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = carillion.fr
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = carillion.fr
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\mswt.exe
      O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
      O23 - Service: eTrust InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
      O23 - Service: eTrust InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
      O23 - Service: eTrust InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
      O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
      O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)


      Si tu pe me donner la suite merci

      DAN
      0
  2. Utilisateur anonyme
     
    salut

    telecharge ceci et passe le 5 fois

    About Buster:
    http://www.majorgeeks.com/download4289.html

    Clique "Check for updates".
    Télécharge les mises à jour
    et lance un scan

    puis remet un hijack this

    a+
    0
    1. dan
       
      Sur le site que tu m'a indiqué je me retrouve à charger SPYDOCTOR est-ce que c'est ça que je dois charger et lancer 5 fois.

      merci à plus
      0
  3. dan
     
    merci jess15

    j'ai lancé l'adresse et j'ai sauvegardé et lancé 5 fois aboutbuster.exe
    est-ce ça et ci-dessous l'hisjack

    Logfile of HijackThis v1.99.1
    Scan saved at 14:49:29, on 05/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
    C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
    C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
    C:\WINDOWS\LogWatNT.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\PROGRA~1\CA\eTrust\INOCUL~1\realmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\DOCUME~1\LOCQUE~2\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis_199.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {2C7E705B-4A73-210D-462B-DF73711A4905} - C:\WINDOWS\system32\apijo.dll (file missing)
    O2 - BHO: Class - {49C93116-9ED5-850D-A22A-44D58ADE0597} - C:\WINDOWS\system32\ipdk32.dll (file missing)
    O2 - BHO: Class - {5A4824E0-5A23-EC06-7AE6-26005682148F} - C:\WINDOWS\system32\netru32.dll (file missing)
    O2 - BHO: Class - {5C446BFC-02E1-6598-6240-0D9B1BE10C2F} - C:\WINDOWS\system32\appqf32.dll (file missing)
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: Class - {5EC2D84A-6626-8AF1-C8EB-B573423538B1} - C:\WINDOWS\adduu32.dll (file missing)
    O2 - BHO: Class - {6D6F824E-4876-24B2-D11B-49F9A8DF9F1B} - C:\WINDOWS\system32\winal.dll (file missing)
    O2 - BHO: Class - {9FA51816-BD9F-7A8E-1737-44978508516A} - C:\WINDOWS\system32\addlr.dll (file missing)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: Class - {B7BC0E45-0934-E912-E44C-E17957FA46C7} - C:\WINDOWS\mfcgh32.dll (file missing)
    O2 - BHO: Class - {C375C5F0-8EFF-D29E-DE44-2AF7AF3C141B} - C:\WINDOWS\apihk32.dll (file missing)
    O2 - BHO: Class - {D4A99041-BBC8-A963-8327-6E17563E936B} - C:\WINDOWS\system32\atlhl32.dll (file missing)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\eTrust\INOCUL~1\realmon.exe
    O4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"
    O4 - HKLM\..\Run: [crdd32.exe] C:\WINDOWS\crdd32.exe
    O4 - HKLM\..\Run: [msrt32.exe] C:\WINDOWS\system32\msrt32.exe
    O4 - HKLM\..\Run: [msog.exe] C:\WINDOWS\msog.exe
    O4 - HKLM\..\Run: [d3lr.exe] C:\WINDOWS\d3lr.exe
    O4 - HKLM\..\Run: [sdkpy.exe] C:\WINDOWS\system32\sdkpy.exe
    O4 - HKLM\..\Run: [addqw.exe] C:\WINDOWS\addqw.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135151591195
    O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/11731/FanBeatrice.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = carillion.fr
    O17 - HKLM\Software\..\Telephony: DomainName = carillion.fr
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = carillion.fr
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = carillion.fr
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: eTrust InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
    O23 - Service: eTrust InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
    O23 - Service: eTrust InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
    O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

    merci a +
    dan
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. Utilisateur anonyme
     
    salut ton log est plus propre maintenant

    coche et fix ceci avec hijack

    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {2C7E705B-4A73-210D-462B-DF73711A4905} - C:\WINDOWS\system32\apijo.dll (file missing)
    O2 - BHO: Class - {49C93116-9ED5-850D-A22A-44D58ADE0597} - C:\WINDOWS\system32\ipdk32.dll (file missing)
    O2 - BHO: Class - {5A4824E0-5A23-EC06-7AE6-26005682148F} - C:\WINDOWS\system32\netru32.dll (file missing
    O2 - BHO: Class - {5C446BFC-02E1-6598-6240-0D9B1BE10C2F} - C:\WINDOWS\system32\appqf32.dll (file missing)
    O2 - BHO: Class - {5EC2D84A-6626-8AF1-C8EB-B573423538B1} - C:\WINDOWS\adduu32.dll (file missing)
    O2 - BHO: Class - {6D6F824E-4876-24B2-D11B-49F9A8DF9F1B} - C:\WINDOWS\system32\winal.dll (file missing)
    O2 - BHO: Class - {6D6F824E-4876-24B2-D11B-49F9A8DF9F1B} - C:\WINDOWS\system32\winal.dll (file missing)
    O2 - BHO: Class - {B7BC0E45-0934-E912-E44C-E17957FA46C7} - C:\WINDOWS\mfcgh32.dll (file missing
    O2 - BHO: Class - {C375C5F0-8EFF-D29E-DE44-2AF7AF3C141B} - C:\WINDOWS\apihk32.dll (file missing
    O2 - BHO: Class - {D4A99041-BBC8-A963-8327-6E17563E936B} - C:\WINDOWS\system32\atlhl32.dll (file missing)

    O4 - HKLM\..\Run: [crdd32.exe] C:\WINDOWS\crdd32.exe
    O4 - HKLM\..\Run: [msrt32.exe] C:\WINDOWS\system32\msrt32.exe
    O4 - HKLM\..\Run: [msog.exe] C:\WINDOWS\msog.exe
    O4 - HKLM\..\Run: [d3lr.exe] C:\WINDOWS\d3lr.exe
    O4 - HKLM\..\Run: [sdkpy.exe] C:\WINDOWS\system32\sdkpy.exe
    O4 - HKLM\..\Run: [addqw.exe] C:\WINDOWS\addqw.exe

    O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/11731/FanBeatrice.exe

    j'ai un doute sur ces lignes si tu connais pas le domaine tu fix

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = carillion.fr
    O17 - HKLM\Software\..\Telephony: DomainName = carillion.fr
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = carillion.fr
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = carillion.fr

    desactive ta restauration (pour win xp ) comme ceci :
    clike droit sur post de travaille/proprietes/restauration system et la tu coche desactiver la restauration du systeme tu applique

    ensuite cherche et supprime ce qui est en gras ( si tu ne les trouve pâs ca veut dire que aboutbuster les a supprimer :)

    C:\WINDOWS\crdd32.exe
    C:\WINDOWS\system32\msrt32.exe
    C:\WINDOWS\msog.exe
    C:\WINDOWS\d3lr.exe
    C:\WINDOWS\system32\sdkpy.exe
    C:\WINDOWS\addqw.exe

    vide la corbeille

    reactive la restauration en suivant le meme chemin

    refait un hijack et colle le resultat ici

    @++++++++++
    0
  6. dan
     
    re,

    j'ai fixé ce ke tu m'as dit sauf les lignes "17" car c'est l'ancien nom de ma boite donc je suppose ke c'est bon
    Par contre je n'ai pas trouvé ce qui est en gras ni dans le poste de travail ni dans la corbeille sauf c:\windows\addqw.exe.0.avb : dois-je le supprimer .
    Ci-dessous le dernier hijack
    A+

    Logfile of HijackThis v1.99.1
    Scan saved at 16:01:05, on 05/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
    C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
    C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
    C:\WINDOWS\LogWatNT.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\PROGRA~1\CA\eTrust\INOCUL~1\realmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\DOCUME~1\LOCQUE~2\LOCALS~1\Temp\Répertoire temporaire 5 pour hijackthis_199.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: Class - {9FA51816-BD9F-7A8E-1737-44978508516A} - C:\WINDOWS\system32\addlr.dll (file missing)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\eTrust\INOCUL~1\realmon.exe
    O4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135151591195
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = carillion.fr
    O17 - HKLM\Software\..\Telephony: DomainName = carillion.fr
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = carillion.fr
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = carillion.fr
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: eTrust InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
    O23 - Service: eTrust InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
    O23 - Service: eTrust InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
    O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
    0
  7. Utilisateur anonyme
     
    salut tu peu supprimer addqw.exe.0.avb c'est surement un residu du trojan

    fix ceci avec hijack

    O2 - BHO: Class - {9FA51816-BD9F-7A8E-1737-44978508516A} - C:\WINDOWS\system32\addlr.dll (file missing)

    sinon apart ca ton log est propre . tes problemes sont il resolu??
    @++++++++
    0
  8. dan
     
    bonjour le 06/01

    j'ai fait ce que tu as dis et à priori le IE fonctionne bien par contre j'ai relancé 1 scan et voici ce que spydoctor a trouvé :
    -TROJAN.DNS CHANGER
    -CARPEDIEM
    -COMMON COMPONENTS FOT ABOUT BLANK
    -TROJAN.POPUPER
    -CWS
    -KNOW BAD SITES
    -TROJAN.SMALL RELATED
    -CWS.HOME SEARCH ASSISTANT
    -TRACKING COOKIES(S)
    ADVERTISSING

    peux-tu me dire si problème ou pas
    sinon merci beaucoup à JESS15 et REGIS59

    A+
    0
  9. dan
     
    re,
    ci-joint rapport de scan
    ewido anti-malware - Rapport de scan
    ---------------------------------------------------------

    + Créé le: 14:46:51, 06/01/2006
    + Somme de contrôle: 33B00299

    + Résultats du scan:

    HKLM\SOFTWARE\Classes\CLSID\{19909ED9-FBD8-EB91-C381-7E3707902938} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{1E9299A9-BF6A-EDA4-8182-44CC97B4CE96} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{2C874D56-A88C-3E88-B23F-99BEE8C67943} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{34008A69-BA68-8165-F6D2-77FCBCE7DCC4} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{349366F7-B553-EC81-B4CC-483E36CBA5BA} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{3F81823D-B4B4-C3D2-CE8E-E8BB4EF4D52F} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{58A38705-CB9F-7B61-F5FA-A70899B04378} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{705339A9-706D-B4BE-5A24-DBE10DE51732} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{7C2072C8-1E58-2B57-338C-B07B618D3520} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{7D070854-E058-6CF4-D6A2-C2D80E5B5124} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{8138EE4F-2AC5-6CBF-E88D-A0A94EE71F0C} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{8A457F99-ED79-A514-B791-FCEC37E50B28} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{8EA257CF-EDDF-09CA-1536-29E313C464B0} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{9633E7CB-D24D-2353-E8EC-FCF820661F42} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{9A8F5394-C42E-426F-B539-E4F44D9C9347} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{A66A7703-9E5D-D32F-B86A-2B0EE436B436} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{AE9146BD-F3E6-13D0-911B-0CF28B2B624B} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{B279D474-B064-DCC7-5638-6B0E0A96537C} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{B6A141A0-7C37-BFD5-BB25-3B2FEC5086FB} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{B756513C-B2A5-1805-60FF-E40570DBC936} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{C1CC71FF-8764-ADFB-036B-BD513D9AB830} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{C4912723-2E04-C5E4-E084-96EE91C51798} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{CA47840F-F0A5-FD59-E438-C8C411C710F0} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{D3E5D124-D9B7-84AB-815D-1BC94BD013BE} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{D6036847-0CE9-CD98-8490-CBE09650BB49} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\CLSID\{EFFA5234-1603-4600-4D31-8FE60DB658FB} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    HKU\S-1-5-21-2008942951-803080233-48716514-5879\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC2D84A-6626-8AF1-C8EB-B573423538B1} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
    C:\Documents and Settings\Locqueneux\Cookies\locqueneux@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
    C:\Documents and Settings\Locqueneux\Cookies\locqueneux@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder
    C:\Documents and Settings\Locqueneux\Cookies\locqueneux@counter6.sextracker[2].txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder
    C:\Documents and Settings\Locqueneux\Cookies\locqueneux@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Nettoyer et sauvegarder
    C:\Documents and Settings\Locqueneux\Cookies\locqueneux@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
    C:\Documents and Settings\Locqueneux\Cookies\locqueneux@sextracker[2].txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder
    C:\Documents and Settings\Locqueneux\Cookies\locqueneux@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Nettoyer et sauvegarder
    C:\Documents and Settings\Locqueneux\Cookies\locqueneux@www.smartadserver[2].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
    C:\Documents and Settings\Locqueneux\Local Settings\Temporary Internet Files\Content.IE5\YXDQ7U1W\new[1].htm -> Downloader.Agent.i : Nettoyer et sauvegarder
    C:\Program Files\RealVNC\VNC4\vncconfig.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4 : Nettoyer et sauvegarder

    ::Fin du rapport

    a+
    0
  10. Utilisateur anonyme
     
    Re,

    relance spydoctor, et donne nous le rapport entier, c est a dire les emplacements ou il te trouves ces infections

    a+
    0
  11. dan
     
    re,
    ci-joint ce ke tu m'a demandé

    Scans (basic information only):

    Scan Results:
    scan start: 06/01/2006 15:21:36
    scan stop: 06/01/2006 15:21:42
    scanned items: 1
    found items: 0
    found and ignored: 0
    tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner

    Infection Name Location Risk

    Scan Results:
    scan start: 06/01/2006 15:21:54
    scan stop: 06/01/2006 15:36:40
    scanned items: 81760
    found items: 51
    found and ignored: 0
    tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner

    Infection Name Location Risk
    Carpe Diem HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\EC77857721E7DFB88A5881AA4BB23151D82DE208 High
    Carpe Diem HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\EC77857721E7DFB88A5881AA4BB23151D82DE208## High
    Carpe Diem HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\EC77857721E7DFB88A5881AA4BB23151D82DE208##Blob High
    Common Components for About Blank HKCU\Software\Microsoft\Internet Explorer\Main##HomeOldSP High
    Common Components for About Blank HKLM\Software\Microsoft\Internet Explorer\Main##HomeOldSP High
    Trojan.Popuper HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta High
    Trojan.Popuper HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta## High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\ab scissor.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\broadband comparison.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\credit counseling.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\credit report.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\crm software.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\debt credit card.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\escorts.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\fha.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\health insurance.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\help desk software.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\insurance home.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\loan for debt consolidation.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\loan for people with bad credit.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\marketing email.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\mortgage insurance.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\mortgage life insurance.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\nevada corporations.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\online betting site.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\online gambling casino.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\online instant loan.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\order phentermine.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\payroll advance.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\personal loans online.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\personal loans with bad credit.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\prescription drugs rx online.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\refinancing my mortgage.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\tahoe vacation rental.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\unsecured bad credit loans.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\videos.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\sites about\what is hydrocodone.url High
    CWS C:\Documents and Settings\Locqueneux\Favoris\search the web.url High
    Known Bad Sites C:\Documents and Settings\Locqueneux\Favoris\seven days of free porn.url High
    Known Bad Sites C:\Documents and Settings\Locqueneux\Favoris\only sex website.url High
    Trojan.Small related C:\Documents and Settings\Locqueneux\Favoris\only sex website.url High
    CWS.Home Search Assistant C:\Documents and Settings\Locqueneux\Local Settings\Temporary Internet Files\Content.IE5\0TCX2385\cchrslib_t[1].js High
    CWS.Home Search Assistant C:\Documents and Settings\Locqueneux\Local Settings\Temporary Internet Files\Content.IE5\A58R2XYP\xpb[1].gif High
    CWS.Home Search Assistant C:\Documents and Settings\Locqueneux\Local Settings\Temporary Internet Files\Content.IE5\A58R2XYP\mbimg[1].gif High
    Trojan.DNS Changer C:\Documents and Settings\Locqueneux\Local Settings\Temporary Internet Files\Content.IE5\W39BEQZ1\tdieter[1].htm High
    Trojan.DNS Changer C:\Documents and Settings\Locqueneux\Local Settings\Temporary Internet Files\Content.IE5\YXDQ7U1W\new[1].htm High
    Trojan.DNS Changer C:\Documents and Settings\Locqueneux\Local Settings\Temporary Internet Files\Content.IE5\YXDQ7U1W\nan34[1].htm High
    Advertising C:\Documents and Settings\Locqueneux\Cookies\locqueneux@doubleclick[2].txt Low
    Tracking Cookie(s) C:\Documents and Settings\Locqueneux\Cookies\locqueneux@xiti[1].txt Medium
    Tracking Cookie(s) C:\Documents and Settings\Locqueneux\Cookies\locqueneux@cs.sexcounter[2].txt Medium
    Tracking Cookie(s) C:\Documents and Settings\Locqueneux\Cookies\locqueneux@247realmedia[1].txt Medium

    Other Sections:

    a de suite
    0
  12. Utilisateur anonyme
     
    Re,

    Oula, evite les sites X !

    1/Telecharge et execute ceci

    Clean Up 40:
    http://pageperso.aol.fr/balltrap34/CleanUp40.exe
    -aide en image:(merci à Balltrap34).
    http://pageperso.aol.fr/balltrap34/democleanup.htm

    2/Demarer < panneau de configuration
    option internet, onglet general
    supprime les cookies

    3/Télécharge ceci: (merci a S!RI pour ce petit programme).
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option3.

    4/Ouvre le bloc note et copie colle ceci entre les étoiles

    **********
    REGEDIT4

    [-HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\EC77857721E7DFB88A5881AA4BB23151D82DE208]

    [-HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\EC77857721E7DFB88A5881AA4BB23151D82DE208##]

    [-HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\EC77857721E7DFB88A5881AA4BB23151D82DE208##Blob]

    [-HKLM\Software\Microsoft\Internet Explorer\Main##HomeOldSP]

    [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta]

    [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta##]

    ************
    enregistre le sur ton bureau et nomme le www.reg
    et dans la case en dessous type met sur tous fichiers

    la vas sur ton bureau et double click sur se fichier que tu vient de faire et accepte la fusion avec le registre.

    5/Relance un scan et remet de nouveau le rapport

    a+
    0
  13. dan
     
    re,
    gros problème il me demande d'insérer le CD du service pack2 aprés avoir lancé cleanup
    a +
    dan
    0
  14. Utilisateur anonyme
     
    Re,

    tu peux donner le message exact?
    Tu l as pas? lol

    a+
    0
  15. dan
     
    re

    message exact:
    "
    des fichiers nécessaires au fonctionnement de windows ont été remplacés par des fichiers d'une version on reconnue. Pour maintenir la stabilité du système, WINDOWS doit restaurer la version originale de ces fichiers.
    Insérez votre CD du service pack2 pour WINDOWS XP"
    A+
    0
  16. Utilisateur anonyme
     
    Grrrrrr,
    Jamais vu cela

    Le mieux a faire, c est de desinstaller le sp2 et de laisser le sp1, tu reinstallera le sp2 apres

    a+
    0