Unisntalling Whensearch

Résolu
davidounet Messages postés 46 Statut Membre -  
 boulepate -
Bien à vous,

Pourquoi ce message d'erreur apparaît pratiquement au trois secondes sur mon ordinateur UNINSTALLING WHENSEARCH!!!

Merci de m'éclairer s.v.p.

Davidounet

35 réponses

  • 1
  • 2
Résumé de la discussion

L'apparition d'un message d'erreur récurrent lié à Whensearch sur l'ordinateur indique une infection potentielle et conduit à examiner les causes et les solutions proposées publiées ci-dessous.
Plusieurs contributeurs identifient une infection par des composants publicitaires et des barres d'outils indésirables, avec un log HijackThis détaillant des BHO, barres d'outils et services suspects.
Les conseils essentiels proposent soit une suppression manuelle des entrées via regedit et des nettoyages de registre, soit un nettoyage avec des outils et des procédures pour bloquer les composants malveillants.
En cas de persistance, d'autres interventions suggèrent de vérifier les lignes O16 et de déployer des protections supplémentaires, telles que SpywareBlaster ou des configurations de pare-feu, sans conclure sur l'issue.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. jmp59 Messages postés 29286 Date d'inscription   Statut Contributeur Dernière intervention   6 349
     
    Bonjour,

    D'après ceci http://whensearch.com/ Whensearch serait un moteur de recherche.
    Mais ce serait également un adware.

    A ta place je supprimerais.

    Bye.
    0
  2. davidounet Messages postés 46 Statut Membre
     
    Bonsoir,

    Merci pour la réponse mais je ne sais toujours pas comment faire pour supprimer ceci de mon ordinateur soit UNINSTALLING WHENSEARCH.

    J'attends de vos nouvelles!!!

    Merci!! Davidounet
    0
  3. jmp59 Messages postés 29286 Date d'inscription   Statut Contributeur Dernière intervention   6 349
     
    J'ai l'impression que tu n'es jamais effectué ce genre de manip. Alors, on va y aller pas à pas. Aprés chaque opération reviens dire ce qui se pase.

    Whensearching apparaît-il quand tu vas dans Démarrer/Panneau de Config/Ajout/Suppression de programmes ? Si oui, supprimes.
    Si non, ... dans c:\Program Files ?
    0
  4. davidounet Messages postés 46 Statut Membre
     
    Bonsoir,

    Malheureusement non, Whensearching n' apparaît pas dans ma liste de programme que je peux supprimer. Par contre, When U Save y est inscrit.

    J' attends votre retour de réponse impatiemment.

    Merci,

    Davidounet
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jmp59 Messages postés 29286 Date d'inscription   Statut Contributeur Dernière intervention   6 349
     
    Salut,

    Tu fais Démarrer/Exécuter, tu tapes regedit + OK
    Tu vas te trouver dans l'Editeur de Registre.
    Edition/Rechercher. Tu tapes Whensearch et tu coches les 3 cases.
    Click sur Suivant. Si la recherche s'arrête parce qu'elle a trouvé Whensearch, tu supprimes. Puis tu tapes sur F3 pour continuer , et ainsi de suite jusqu'à ce qu'un pop-up annonce que la recherche est terminée.
    Si la recherche a détecté un ou des "Whensearch", tu rebootes pour voir ce que ça donne.
    Si rien n'a ètè détecté, ou si le problème persiste, tu passes à la méthode préconisée par boulepate. Ce sera bcp plus long, mais il y aura forcément une solution.

    Bye.
    0
  7. davidounet Messages postés 46 Statut Membre
     
    Bonjour,

    Mon problème n'est toujours pas régler. Je crois que je devrai passé par la méthode préconisée de boulepate. J' espère seulement que ça ne "plantera pas" mon système. Je garde confiance.

    Merci de toujours m'aider!!!

    Davidounet
    0
    1. boulepate
       
      Salut,

      oui utilise HijackThis ça ne va pas faire planter ton systeme ;-)

      A+
      0
  8. davidounet Messages postés 46 Statut Membre
     
    Bonjour,

    Tout se déroule bien lorsque j'utilise HijackThis, mais je ne sais pas vraiment comment faire pour Copier et Coller le Rapport que vous me demander de vous transmettre.

    S.V.P. j'ai toujours besoin de votre aide. Je me sens vraiment nul dans ce genre de chose. J' attend votre réponse.

    Merci!!! Davidounet
    0
  9. davidounet Messages postés 46 Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 21:50:21, on 2006-01-24
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Aisxbio\Ybcra.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Zzrxk\Glop.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MSNMES~1\msnmsgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\unzipped\hijackthis_199[1]\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)
    O2 - BHO: ReplaceSearchCtl Class - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - C:\WINDOWS\System32\replaceSearch.dll (file missing)
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Cas Class - {B5F3970B-745E-46AC-B890-E08F69777D80} - C:\WINDOWS\system32\ca2.dll (file missing)
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)
    O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\System32\SYSsfitb.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [Rofqp] C:\Program Files\Vemep\Trxtp.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [Zzobndvb] C:\Program Files\Ccfk\Nhpu.exe
    O4 - HKLM\..\Run: [Zpmzz] C:\Program Files\Shtzu\Jbxnrs.exe
    O4 - HKLM\..\Run: [Zmdootob] C:\Program Files\Vszf\Jbloixv.exe
    O4 - HKLM\..\Run: [Zbculsj] C:\Program Files\Qgddcm\Tpzoc.exe
    O4 - HKLM\..\Run: [Ykarz] C:\Program Files\Frdex\Ixlxj.exe
    O4 - HKLM\..\Run: [Wuxaty] C:\Program Files\Ytswsrk\Avbpo.exe
    O4 - HKLM\..\Run: [Wjvqbpbg] C:\Program Files\Ywxj\Qrcylm.exe
    O4 - HKLM\..\Run: [Vtteflda] C:\Program Files\Yazonoo\Iknc.exe
    O4 - HKLM\..\Run: [Uokxumz] C:\Program Files\Psyohv\Nfser.exe
    O4 - HKLM\..\Run: [Toqsuc] C:\Program Files\Aisxbio\Ybcra.exe
    O4 - HKLM\..\Run: [Tcbsrrm] C:\Program Files\Xyhvzif\Qimvoa.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Rguybldf] C:\Program Files\Iftpfd\Npqnu.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [Pidwdh] C:\Program Files\Bckn\Hrgf.exe
    O4 - HKLM\..\Run: [Odnyugff] C:\Program Files\Frtjp\Mfet.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [Mrdcs] C:\Program Files\Xlwttmy\Pqeo.exe
    O4 - HKLM\..\Run: [Lwprei] C:\Program Files\Lxvnw\Joamxoo.exe
    O4 - HKLM\..\Run: [Ljcupv] C:\Program Files\Ibgro\Fidd.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Gwoeeg] C:\Program Files\Rcrh\Fuor.exe
    O4 - HKLM\..\Run: [Gknkh] C:\Program Files\Dvgor\Fvjanzp.exe
    O4 - HKLM\..\Run: [Ggkjklhe] C:\Program Files\Ocxvqs\Qugfu.exe
    O4 - HKLM\..\Run: [Fpdhb] C:\Program Files\Mzqyuf\Hzmtqb.exe
    O4 - HKLM\..\Run: [Fmrsx] C:\Program Files\Gjfjog\Nddecgu.exe
    O4 - HKLM\..\Run: [Efzsse] C:\Program Files\Xqht\Cweiax.exe
    O4 - HKLM\..\Run: [Drrjdx] C:\Program Files\Qcsafp\Wztbrkz.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [Cplble] C:\Program Files\Kzbc\Aodghx.exe
    O4 - HKLM\..\Run: [Chqnhj] C:\Program Files\Zzrxk\Glop.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [BeClean Agent] C:\Program Files\BeClean\bca.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb035
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://kit.carpediem.fr/10062/loftgay.exe
    O16 - DPF: {01BE5BD7-B2DD-48B3-A759-59265A91E787} -
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1016_FR_XP.cab
    O16 - DPF: {0873478E-E67A-4876-B0A9-9A36D3AB3602} (vviewer control) - http://www.thepaymentcentre.com/build/vviewer.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
    O16 - DPF: {3AEA6239-7D97-4B70-A342-A824B55E5A5B} (Adam Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Eve.cab
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/221457b606ff2cef1905/netzip/RdxIE601_fr.cab
    O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121289871150
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.edipole.fr/kits/WebInstall.dll
    O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://kit.carpediem.fr/10062/jeunemec.exe
    O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
    O16 - DPF: {92ABACFE-EF6E-42C7-A824-D50A914B5B70} (MastaCash Loader Class) - http://dx.mastacash.com/loader.cab
    O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1009_1035_FR_pack_XP.cab
    O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} (Loader Class) - http://dialup.carpediem.fr/CABS/cd/1,0,3,8/fr/AccesMembre.cab
    O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} - http://xbs.sea.mtree.com/mt/dialers/fc/UniDistIO.CAB
    O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_FR_XP.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{84316CFB-7095-48F9-9C0E-6763D9942511}: NameServer = 206.47.244.79 206.47.244.14
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C1317526-BE8B-4885-8EC1-65BD0797138B}: Domain = sympatico.ca
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    Bonjour à vous,

    Enfin, j'ai enfin réussi à vous transmettre mon RAPPORT. J' attends de vos nouvelles avec impatience. Merci beaucoup, beaucoup et beaucoup.

    Davidounet
    0
    1. davidounet Messages postés 46 Statut Membre
       
      ---------------------------------------------------------
      ewido anti-malware - Rapport de démarrage
      ---------------------------------------------------------

      + Créé le: 00:52:13, 2006-01-26
      + Somme de contrôle: B0B16753

      Reg\HKLM\Run Lwprei C:\Program Files\Lxvnw\Joamxoo.exe
      Reg\HKLM\Run Ljcupv C:\Program Files\Ibgro\Fidd.exe
      Reg\HKLM\Run Rofqp C:\Program Files\Vemep\Trxtp.exe
      Reg\HKLM\Run IMJPMIG8.1 "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      Reg\HKLM\Run CARPService carpserv.exe
      Reg\HKLM\Run ATIModeChange Ati2mdxx.exe
      Reg\HKLM\Run HP Software Update C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      Reg\HKLM\Run Adobe Photo Downloader "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
      Reg\HKLM\Run HPHUPD05 c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
      Reg\HKLM\Run Ykarz C:\Program Files\Frdex\Ixlxj.exe
      Reg\HKLM\Run SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      Reg\HKLM\Run SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      Reg\HKLM\Run Zzobndvb C:\Program Files\Ccfk\Nhpu.exe
      Reg\HKLM\Run Zpmzz C:\Program Files\Shtzu\Jbxnrs.exe
      Reg\HKLM\Run Zmdootob C:\Program Files\Vszf\Jbloixv.exe
      Reg\HKLM\Run Zbculsj C:\Program Files\Qgddcm\Tpzoc.exe
      Reg\HKLM\Run BeClean Agent C:\Program Files\BeClean\bca.exe
      Reg\HKLM\Run Wuxaty C:\Program Files\Ytswsrk\Avbpo.exe
      Reg\HKLM\Run mmtask c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
      Reg\HKLM\Run Vtteflda C:\Program Files\Yazonoo\Iknc.exe
      Reg\HKLM\Run MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
      Reg\HKLM\Run Toqsuc C:\Program Files\Aisxbio\Ybcra.exe
      Reg\HKLM\Run Tcbsrrm C:\Program Files\Xyhvzif\Qimvoa.exe
      Reg\HKCU\Run ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
      Reg\HKLM\Run Rguybldf C:\Program Files\Iftpfd\Npqnu.exe
      Reg\HKCU\Run msnmsgr "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
      Reg\HKLM\Run QT4HPOT C:\Program Files\HPQ\One-Touch\OneTouch.EXE
      Reg\HKLM\Run Odnyugff C:\Program Files\Frtjp\Mfet.exe
      Reg\HKLM\Run MyWebSearch Email Plugin C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
      Reg\HKLM\Run Mrdcs C:\Program Files\Xlwttmy\Pqeo.exe
      Reg\HKLM\Run HPHmon05 C:\WINDOWS\System32\hphmon05.exe
      Reg\HKLM\Run HP Component Manager "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      Reg\HKLM\Run Gwoeeg C:\Program Files\Rcrh\Fuor.exe
      Reg\HKLM\Run Gknkh C:\Program Files\Dvgor\Fvjanzp.exe
      Reg\HKLM\Run Ggkjklhe C:\Program Files\Ocxvqs\Qugfu.exe
      Reg\HKLM\Run Fpdhb C:\Program Files\Mzqyuf\Hzmtqb.exe
      Reg\HKLM\Run Fmrsx C:\Program Files\Gjfjog\Nddecgu.exe
      Reg\HKLM\Run Efzsse C:\Program Files\Xqht\Cweiax.exe
      Reg\HKLM\Run Drrjdx C:\Program Files\Qcsafp\Wztbrkz.exe
      Reg\HKLM\Run Display Settings C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
      Reg\HKLM\Run Cpqset C:\Program Files\HPQ\Default Settings\cpqset.exe
      Reg\HKLM\Run Cplble C:\Program Files\Kzbc\Aodghx.exe
      Reg\HKLM\Run Chqnhj C:\Program Files\Zzrxk\Glop.exe
      Reg\HKLM\Run ccApp "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      Reg\HKLM\Run ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      Reg\HKLM\Run Wjvqbpbg C:\Program Files\Ywxj\Qrcylm.exe
      Reg\HKLM\Run Uokxumz C:\Program Files\Psyohv\Nfser.exe
      Reg\HKLM\Run Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
      Reg\HKLM\Run Pidwdh C:\Program Files\Bckn\Hrgf.exe
      Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
      Reg\HKLM\Run NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
      Shell\CommonStartup Lancement rapide d'Adobe Reader.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
      Shell\CommonStartup Microsoft Office.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
      Shell\CommonStartup MyWebSearch Email Plugin.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
      Shell\CommonStartup WinZip Quick Pick.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
      Shell\UserStartup MyWebSearch Email Plugin.lnk C:\Documents and Settings\David\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
      Shell\CommonStartup HP Digital Imaging Monitor.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk


      Bonjour boulepate,


      Voici le rapport tel que demandé!!! J' espère seulement pouvoir régler tout ça sans problème. Effectivement, je n'étais pas muni d'un "firewall" pour mon système. Celui que vous m'avez fait téléchargé est valide pour 14 jours seulement et je ne sais pas vraiment s' il est bien configurer. J'étais par contre, muni d'un Antivirus "Northern".

      J'attends de vos nouvelles avec impatience en espérant que je ne suis pas un cas trop lourd à aider. Tout ce que je souhaite, c'est de pouvoir nettoyer mon système à fond le plus rapidement possible.

      Pour ce qui est de "ewido anti-malware" et de "kerio", me conseillez-vous de les gardés??


      Merci encore pour votre aide si précieuse!!!


      Davidounet
      0
  10. davidounet Messages postés 46 Statut Membre
     
    Bonjour boulepate,

    Voici encore 3 rapports:

    ---------------------------------------------------------
    ewido anti-malware - Rapport des processus
    ---------------------------------------------------------

    + Créé le: 01:58:08, 2006-01-26
    + Somme de contrôle: 9C8250DA

    0: System Process
    4: System Process
    108: C:\Program Files\QuickTime\qttask.exe
    240: C:\Program Files\Norton AntiVirus\navapsvc.exe
    420: C:\PROGRA~1\MSNMES~1\msnmsgr.exe
    484: C:\WINDOWS\Explorer.EXE
    672: C:\Program Files\Norton AntiVirus\SAVScan.exe
    696: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    708: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    808: \SystemRoot\System32\smss.exe
    840: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    844: C:\WINDOWS\System32\snmp.exe
    880: \??\C:\WINDOWS\system32\csrss.exe
    912: \??\C:\WINDOWS\system32\winlogon.exe
    956: C:\WINDOWS\system32\services.exe
    968: C:\WINDOWS\system32\lsass.exe
    976: C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    1060: C:\WINDOWS\system32\NOTEPAD.EXE
    1140: C:\WINDOWS\System32\Ati2evxx.exe
    1160: C:\WINDOWS\system32\svchost.exe
    1184: C:\WINDOWS\System32\svchost.exe
    1192: C:\Program Files\WinZip\WZQKPICK.EXE
    1228: C:\WINDOWS\system32\svchost.exe
    1240: C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    1304: C:\WINDOWS\System32\hphmon05.exe
    1312: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    1392: C:\WINDOWS\System32\cisvc.exe
    1408: C:\WINDOWS\System32\svchost.exe
    1472: C:\Program Files\Zzrxk\Glop.exe
    1480: C:\WINDOWS\System32\svchost.exe
    1488: C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    1500: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    1568: C:\WINDOWS\system32\HPConfig.exe
    1596: C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    1632: C:\Program Files\ewido anti-malware\ewidoctrl.exe
    1664: C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    1676: C:\WINDOWS\System32\svchost.exe
    1740: C:\WINDOWS\system32\NOTEPAD.EXE
    1752: C:\WINDOWS\system32\carpserv.exe
    1820: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    1852: C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    1936: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    1956: C:\WINDOWS\system32\spoolsv.exe
    2016: C:\WINDOWS\system32\ctfmon.exe
    2132: C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    2172: C:\Program Files\Outlook Express\msimn.exe
    2208: C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    2252: C:\Program Files\Messenger\msmsgs.exe
    2544: C:\WINDOWS\system32\cidaemon.exe
    2936: C:\Program Files\ewido anti-malware\ewidoguard.exe
    3016: C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    3388: C:\Program Files\Internet Explorer\iexplore.exe
    3776: C:\WINDOWS\System32\alg.exe
    3912: C:\Program Files\ewido anti-malware\securitysuite.exe
    ---------------------------------------------------------
    ewido anti-malware - Rapport de connexion
    ---------------------------------------------------------

    + Créé le: 01:57:29, 2006-01-26
    + Somme de contrôle: 4EC534CB

    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1033 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:44334 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:44501 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1025 127.0.0.1:44334 ESTABLISHED
    TCP 127.0.0.1:1027 127.0.0.1:1029 ESTABLISHED
    TCP 127.0.0.1:1029 127.0.0.1:1027 ESTABLISHED
    TCP 127.0.0.1:1031 127.0.0.1:44334 ESTABLISHED
    TCP 127.0.0.1:1033 127.0.0.1:1035 ESTABLISHED
    TCP 127.0.0.1:1035 127.0.0.1:1033 ESTABLISHED
    TCP 127.0.0.1:1036 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1036 127.0.0.1:1745 TIME_WAIT
    TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:44334 127.0.0.1:1025 ESTABLISHED
    TCP 127.0.0.1:44334 127.0.0.1:1031 ESTABLISHED
    TCP 169.254.66.157:139 0.0.0.0:0 LISTENING
    UDP 0.0.0.0:161
    UDP 0.0.0.0:445
    UDP 0.0.0.0:500
    UDP 0.0.0.0:1026
    UDP 0.0.0.0:1028
    UDP 0.0.0.0:1032
    UDP 0.0.0.0:1034
    UDP 0.0.0.0:1062
    UDP 0.0.0.0:1225
    UDP 0.0.0.0:1228
    UDP 0.0.0.0:1231
    UDP 0.0.0.0:1403
    UDP 0.0.0.0:4500
    UDP 0.0.0.0:44334
    UDP 69.156.163.42:123
    UDP 69.156.163.42:1900
    UDP 127.0.0.1:123
    UDP 127.0.0.1:1061
    UDP 127.0.0.1:1900
    UDP 169.254.66.157:123
    UDP 169.254.66.157:137
    UDP 169.254.66.157:138
    UDP 169.254.66.157:1900
    ---------------------------------------------------------
    ewido anti-malware - Rapport de démarrage
    ---------------------------------------------------------

    + Créé le: 01:54:42, 2006-01-26
    + Somme de contrôle: 5D921952

    Reg\HKLM\Run Lwprei C:\Program Files\Lxvnw\Joamxoo.exe
    Reg\HKLM\Run Ljcupv C:\Program Files\Ibgro\Fidd.exe
    Reg\HKLM\Run Rofqp C:\Program Files\Vemep\Trxtp.exe
    Reg\HKLM\Run IMJPMIG8.1 "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    Reg\HKLM\Run CARPService carpserv.exe
    Reg\HKLM\Run ATIModeChange Ati2mdxx.exe
    Reg\HKLM\Run HP Software Update C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    Reg\HKLM\Run Adobe Photo Downloader "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    Reg\HKLM\Run HPHUPD05 c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    Reg\HKLM\Run Ykarz C:\Program Files\Frdex\Ixlxj.exe
    Reg\HKLM\Run SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    Reg\HKLM\Run SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    Reg\HKLM\Run Zzobndvb C:\Program Files\Ccfk\Nhpu.exe
    Reg\HKLM\Run Zpmzz C:\Program Files\Shtzu\Jbxnrs.exe
    Reg\HKLM\Run Zmdootob C:\Program Files\Vszf\Jbloixv.exe
    Reg\HKLM\Run Zbculsj C:\Program Files\Qgddcm\Tpzoc.exe
    Reg\HKLM\Run BeClean Agent C:\Program Files\BeClean\bca.exe
    Reg\HKLM\Run Wuxaty C:\Program Files\Ytswsrk\Avbpo.exe
    Reg\HKLM\Run mmtask c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    Reg\HKLM\Run Vtteflda C:\Program Files\Yazonoo\Iknc.exe
    Reg\HKLM\Run MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    Reg\HKLM\Run Toqsuc C:\Program Files\Aisxbio\Ybcra.exe
    Reg\HKLM\Run Tcbsrrm C:\Program Files\Xyhvzif\Qimvoa.exe
    Reg\HKCU\Run ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
    Reg\HKLM\Run Rguybldf C:\Program Files\Iftpfd\Npqnu.exe
    Reg\HKCU\Run msnmsgr "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
    Reg\HKLM\Run QT4HPOT C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    Reg\HKLM\Run Odnyugff C:\Program Files\Frtjp\Mfet.exe
    Reg\HKLM\Run MyWebSearch Email Plugin C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    Reg\HKLM\Run Mrdcs C:\Program Files\Xlwttmy\Pqeo.exe
    Reg\HKLM\Run HPHmon05 C:\WINDOWS\System32\hphmon05.exe
    Reg\HKLM\Run HP Component Manager "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    Reg\HKLM\Run Gwoeeg C:\Program Files\Rcrh\Fuor.exe
    Reg\HKLM\Run Gknkh C:\Program Files\Dvgor\Fvjanzp.exe
    Reg\HKLM\Run Ggkjklhe C:\Program Files\Ocxvqs\Qugfu.exe
    Reg\HKLM\Run Fpdhb C:\Program Files\Mzqyuf\Hzmtqb.exe
    Reg\HKLM\Run Fmrsx C:\Program Files\Gjfjog\Nddecgu.exe
    Reg\HKLM\Run Efzsse C:\Program Files\Xqht\Cweiax.exe
    Reg\HKLM\Run Drrjdx C:\Program Files\Qcsafp\Wztbrkz.exe
    Reg\HKLM\Run Display Settings C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    Reg\HKLM\Run Cpqset C:\Program Files\HPQ\Default Settings\cpqset.exe
    Reg\HKLM\Run Cplble C:\Program Files\Kzbc\Aodghx.exe
    Reg\HKLM\Run Chqnhj C:\Program Files\Zzrxk\Glop.exe
    Reg\HKLM\Run ccApp "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    Reg\HKLM\Run ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    Reg\HKLM\Run Wjvqbpbg C:\Program Files\Ywxj\Qrcylm.exe
    Reg\HKLM\Run Uokxumz C:\Program Files\Psyohv\Nfser.exe
    Reg\HKLM\Run Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    Reg\HKLM\Run Pidwdh C:\Program Files\Bckn\Hrgf.exe
    Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
    Reg\HKLM\Run NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
    Shell\CommonStartup Lancement rapide d'Adobe Reader.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    Shell\CommonStartup Microsoft Office.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    Shell\CommonStartup MyWebSearch Email Plugin.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
    Shell\CommonStartup WinZip Quick Pick.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
    Shell\UserStartup MyWebSearch Email Plugin.lnk C:\Documents and Settings\David\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
    Shell\CommonStartup HP Digital Imaging Monitor.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

    J'espère que ça aidera!!! J'attends de vos nouvelles!!

    Davidounet
    0
    1. boulepate
       
      Salut,

      bah dit donc ..

      Gardee ewido parcontre ton anti-virus c'est une passoire à virus vire le puis installe avast .. pour ce qui est de kerio, il est valable 15jours puis apres c'est la version gratuite donc pas de soucis tu peux le garder.

      Peux tu remettre un rapport HijackThis stp
      0
  11. davidounet Messages postés 46 Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 09:24:01, on 2006-01-26
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Zzrxk\Glop.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\unzipped\hijackthis_199[1]\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)
    O2 - BHO: ReplaceSearchCtl Class - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - C:\WINDOWS\System32\replaceSearch.dll (file missing)
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Cas Class - {B5F3970B-745E-46AC-B890-E08F69777D80} - C:\WINDOWS\system32\ca2.dll (file missing)
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)
    O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\System32\SYSsfitb.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [Rofqp] C:\Program Files\Vemep\Trxtp.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [Zzobndvb] C:\Program Files\Ccfk\Nhpu.exe
    O4 - HKLM\..\Run: [Zpmzz] C:\Program Files\Shtzu\Jbxnrs.exe
    O4 - HKLM\..\Run: [Zmdootob] C:\Program Files\Vszf\Jbloixv.exe
    O4 - HKLM\..\Run: [Zbculsj] C:\Program Files\Qgddcm\Tpzoc.exe
    O4 - HKLM\..\Run: [Ykarz] C:\Program Files\Frdex\Ixlxj.exe
    O4 - HKLM\..\Run: [Wuxaty] C:\Program Files\Ytswsrk\Avbpo.exe
    O4 - HKLM\..\Run: [Wjvqbpbg] C:\Program Files\Ywxj\Qrcylm.exe
    O4 - HKLM\..\Run: [Vtteflda] C:\Program Files\Yazonoo\Iknc.exe
    O4 - HKLM\..\Run: [Uokxumz] C:\Program Files\Psyohv\Nfser.exe
    O4 - HKLM\..\Run: [Toqsuc] C:\Program Files\Aisxbio\Ybcra.exe
    O4 - HKLM\..\Run: [Tcbsrrm] C:\Program Files\Xyhvzif\Qimvoa.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Rguybldf] C:\Program Files\Iftpfd\Npqnu.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [Pidwdh] C:\Program Files\Bckn\Hrgf.exe
    O4 - HKLM\..\Run: [Odnyugff] C:\Program Files\Frtjp\Mfet.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [Mrdcs] C:\Program Files\Xlwttmy\Pqeo.exe
    O4 - HKLM\..\Run: [Lwprei] C:\Program Files\Lxvnw\Joamxoo.exe
    O4 - HKLM\..\Run: [Ljcupv] C:\Program Files\Ibgro\Fidd.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Gwoeeg] C:\Program Files\Rcrh\Fuor.exe
    O4 - HKLM\..\Run: [Gknkh] C:\Program Files\Dvgor\Fvjanzp.exe
    O4 - HKLM\..\Run: [Ggkjklhe] C:\Program Files\Ocxvqs\Qugfu.exe
    O4 - HKLM\..\Run: [Fpdhb] C:\Program Files\Mzqyuf\Hzmtqb.exe
    O4 - HKLM\..\Run: [Fmrsx] C:\Program Files\Gjfjog\Nddecgu.exe
    O4 - HKLM\..\Run: [Efzsse] C:\Program Files\Xqht\Cweiax.exe
    O4 - HKLM\..\Run: [Drrjdx] C:\Program Files\Qcsafp\Wztbrkz.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [Cplble] C:\Program Files\Kzbc\Aodghx.exe
    O4 - HKLM\..\Run: [Chqnhj] C:\Program Files\Zzrxk\Glop.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [BeClean Agent] C:\Program Files\BeClean\bca.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\__delete_on_reboot__mwsoemon.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb035
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://kit.carpediem.fr/10062/loftgay.exe
    O16 - DPF: {01BE5BD7-B2DD-48B3-A759-59265A91E787} -
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1016_FR_XP.cab
    O16 - DPF: {0873478E-E67A-4876-B0A9-9A36D3AB3602} (vviewer control) - http://www.thepaymentcentre.com/build/vviewer.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
    O16 - DPF: {3AEA6239-7D97-4B70-A342-A824B55E5A5B} (Adam Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Eve.cab
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/221457b606ff2cef1905/netzip/RdxIE601_fr.cab
    O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121289871150
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.edipole.fr/kits/WebInstall.dll
    O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://kit.carpediem.fr/10062/jeunemec.exe
    O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
    O16 - DPF: {92ABACFE-EF6E-42C7-A824-D50A914B5B70} (MastaCash Loader Class) - http://dx.mastacash.com/loader.cab
    O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1009_1035_FR_pack_XP.cab
    O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} (Loader Class) - http://dialup.carpediem.fr/CABS/cd/1,0,3,8/fr/AccesMembre.cab
    O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} - http://xbs.sea.mtree.com/mt/dialers/fc/UniDistIO.CAB
    O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_FR_XP.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{84316CFB-7095-48F9-9C0E-6763D9942511}: NameServer = 206.47.244.79 206.47.244.14
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C1317526-BE8B-4885-8EC1-65BD0797138B}: Domain = sympatico.ca
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    Bonjour,

    Voilà pour le rapport demandé. J'attends de vos nouvelles!!!
    Une autre petite question, l'autre utilisateur de mon ordinateur, n'arrive pas à récupérer ces messages dans "mail.lycos.com". Je ne dois pas avoir configurer correctement KERIO. Est-ce que vous pourriez m'aider à le faire si ce n'est pas trop vous demander.

    Merci!!! Davidounet
    0
    1. boulepate
       
      Salut,

      Pour kerio, je t'ai mit un liens pour le configurer tu l'as suivit?!
      Si tu y arrives toujours pas vire le puis installe celui ci:

      ZoneAlarm:
      http://www.01net.com/telecharger/windows/Internet/internet_utlitaire/fiches/18128.html

      Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

      R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
      O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
      O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
      O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
      O4 - HKLM\..\Run: [Zzobndvb] C:\Program Files\Ccfk\Nhpu.exe
      O4 - HKLM\..\Run: [Zpmzz] C:\Program Files\Shtzu\Jbxnrs.exe
      O4 - HKLM\..\Run: [Zmdootob] C:\Program Files\Vszf\Jbloixv.exe
      O4 - HKLM\..\Run: [Zbculsj] C:\Program Files\Qgddcm\Tpzoc.exe
      O4 - HKLM\..\Run: [Ykarz] C:\Program Files\Frdex\Ixlxj.exe
      O4 - HKLM\..\Run: [Wuxaty] C:\Program Files\Ytswsrk\Avbpo.exe
      O4 - HKLM\..\Run: [Wjvqbpbg] C:\Program Files\Ywxj\Qrcylm.exe
      O4 - HKLM\..\Run: [Vtteflda] C:\Program Files\Yazonoo\Iknc.exe
      O4 - HKLM\..\Run: [Uokxumz] C:\Program Files\Psyohv\Nfser.exe
      O4 - HKLM\..\Run: [Toqsuc] C:\Program Files\Aisxbio\Ybcra.exe
      O4 - HKLM\..\Run: [Tcbsrrm] C:\Program Files\Xyhvzif\Qimvoa.exe
      O4 - HKLM\..\Run: [Rguybldf] C:\Program Files\Iftpfd\Npqnu.exe
      O4 - HKLM\..\Run: [Odnyugff] C:\Program Files\Frtjp\Mfet.exe
      O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
      O4 - HKLM\..\Run: [Mrdcs] C:\Program Files\Xlwttmy\Pqeo.exe
      O4 - HKLM\..\Run: [Lwprei] C:\Program Files\Lxvnw\Joamxoo.exe
      O4 - HKLM\..\Run: [Ljcupv] C:\Program Files\Ibgro\Fidd.exe
      O4 - HKLM\..\Run: [Gwoeeg] C:\Program Files\Rcrh\Fuor.exe
      O4 - HKLM\..\Run: [Gknkh] C:\Program Files\Dvgor\Fvjanzp.exe
      O4 - HKLM\..\Run: [Ggkjklhe] C:\Program Files\Ocxvqs\Qugfu.exe
      O4 - HKLM\..\Run: [Fpdhb] C:\Program Files\Mzqyuf\Hzmtqb.exe
      O4 - HKLM\..\Run: [Fmrsx] C:\Program Files\Gjfjog\Nddecgu.exe
      O4 - HKLM\..\Run: [Efzsse] C:\Program Files\Xqht\Cweiax.exe
      O4 - HKLM\..\Run: [Drrjdx] C:\Program Files\Qcsafp\Wztbrkz.ex
      O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
      O4 - HKLM\..\Run: [Cplble] C:\Program Files\Kzbc\Aodghx.exe
      O4 - HKLM\..\Run: [Chqnhj] C:\Program Files\Zzrxk\Glop.exe
      O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\__delete_on_reboot__mwsoemon.exe
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb035
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1016_FR_XP.cab
      O16 - DPF: {0873478E-E67A-4876-B0A9-9A36D3AB3602} (vviewer control) - http://www.thepaymentcentre.com/build/vviewer.cab
      O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
      O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
      O16 - DPF: {3AEA6239-7D97-4B70-A342-A824B55E5A5B} (Adam Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Eve.cab
      O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
      O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/221457b606ff2cef1905/netzip/RdxIE601_fr.cab
      O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121289871150
      O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
      O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.edipole.fr/kits/WebInstall.dll
      O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://kit.carpediem.fr/10062/jeunemec.exe
      O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
      O16 - DPF: {92ABACFE-EF6E-42C7-A824-D50A914B5B70} (MastaCash Loader Class) - http://dx.mastacash.com/loader.cab
      O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1009_1035_FR_pack_XP.cab
      O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} (Loader Class) - http://dialup.carpediem.fr/CABS/cd/1,0,3,8/fr/AccesMembre.cab
      O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} - http://xbs.sea.mtree.com/mt/dialers/fc/UniDistIO.CAB
      O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_FR_XP.cab
      O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab

      Clique sur demarrer, rechercher, cherche un par un ces fichiers et supprime si present:

      Nhpu.exe
      Jbxnrs.exe
      Jbloixv.exe
      Tpzoc.exe
      Ixlxj.exe
      Avbpo.exe
      Qrcylm.exe
      Iknc.exe
      Nfser.exe
      Ybcra.exe
      Qimvoa.exe
      Npqnu.exe
      Mfet.exe
      Pqeo.exe
      Joamxoo.exe
      Fidd.exe
      Fuor.exe
      Fvjanzp.exe
      Qugfu.exe
      Hzmtqb.exe
      Nddecgu.exe
      Cweiax.exe
      Wztbrkz.ex
      Aodghx.exe
      Glop.exe
      MWSOEMON.EXE
      __delete_on_reboot__mwsoemon.exe
      loftgay.exe
      jeunemec.exe

      Clique sur demarrer, poste de travail, C:, program files, cherche et supprime ces dossiers:

      Nhpu.exe
      Shtzu
      Vszf
      Qgddcm
      Frdex
      Ytswsrk
      Ywxj
      Yazonoo
      Psyohv
      Aisxbio
      Xyhvzif
      Iftpfd
      Frtjp
      Xlwttmy
      Lxvnw
      Ibgro
      Rcrh
      Dvgor
      Ocxvqs
      Mzqyuf
      Gjfjog
      Xqht
      Qcsafp
      Kzbc
      Zzrxk
      MyWebSearch


      Vide ta corbeille, redemarre normalement et remet un rapport HijackThis stp
      0
  12. davidounet Messages postés 46 Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 02:43:57, on 2006-01-27
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\unzipped\hijackthis_199[1]\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)
    O2 - BHO: ReplaceSearchCtl Class - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - C:\WINDOWS\System32\replaceSearch.dll (file missing)
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Cas Class - {B5F3970B-745E-46AC-B890-E08F69777D80} - C:\WINDOWS\system32\ca2.dll (file missing)
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)
    O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\System32\SYSsfitb.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [Rofqp] C:\Program Files\Vemep\Trxtp.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [Pidwdh] C:\Program Files\Bckn\Hrgf.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [BeClean Agent] C:\Program Files\BeClean\bca.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://kit.carpediem.fr/10062/loftgay.exe
    O16 - DPF: {01BE5BD7-B2DD-48B3-A759-59265A91E787} -
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1016_FR_XP.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{84316CFB-7095-48F9-9C0E-6763D9942511}: NameServer = 206.47.244.79 206.47.244.14
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C1317526-BE8B-4885-8EC1-65BD0797138B}: Domain = sympatico.ca
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    Bonjour boulepate,

    Voilà le rapport tel que demandé!!! J'attends de vos nouvelles sous peu.

    Merci!! Davidounet
    0
    1. boulepate
       
      Re,

      oki c'est deja mieux :-)

      fait ceci maintenant

      Affiche tous les fichiers et dossiers :
      Clique sur démarrer, panneau de configuration, outi,option des dossiers, affichage

      Coche: afficher les fichiers et dossiers cachés

      Décoche la case:
      -masquer les fichiers protégés du système d'exploitation (recommandé)
      -masquer les extensions dont le type est connu

      Appliquer, puis ok


      Puis accepte l'active x pou rfaire le scan, scan ton pc et une fois finit colle le rapport ici

      http://www.bitdefender.fr/scan/license.php

      Ou celui la si l'autre ne fonctionne pas

      http://www.bitdefender.com/scan8/ie.html

      Ou encore ( on sait jamais)

      http://www.pandasoftware.com/activescan/fr/activescan_principal.htm


      A++

      0
  13. davidounet Messages postés 46 Statut Membre
     
    Incident Statut Analyse

    Dialer:dialer.b No Désinfecté C:\WINDOWS\SYSTEM32\eglivecam_1027.dll
    Adware:adware/ezula No Désinfecté C:\WINDOWS\SYSTEM32\ezStub.exe
    Outil indésirable:application/mywebsearch No Désinfecté C:\WINDOWS\SYSTEM32\f3pssavr.scr
    Adware:adware/navipromo No Désinfecté C:\WINDOWS\SYSTEM32\hwuekzcq_nav.dat
    Dialer:dialer.ags No Désinfecté C:\PROGRAM FILES\Carpe Diem
    Dialer:dialer generic No Désinfecté C:\PROGRAM FILES\dialers
    Outil indésirable:application/funweb No Désinfecté C:\PROGRAM FILES\FunWebProducts
    Adware:adware/dyfuca No Désinfecté C:\PROGRAM FILES\Internet Optimizer
    Adware:adware/whenusearch No Désinfecté C:\PROGRAM FILES\WhenUSearch
    Adware:adware/slagent No Désinfecté C:\WINDOWS\mslagent
    Adware:adware/searchforit No Désinfecté Registre Windows
    Dialer:dialer.ap No Désinfecté HKEY_CURRENT_USER\SOFTWARE\HOLISTYC
    Dialer:dialer.yc No Désinfecté HKEY_CLASSES_ROOT\UNIDIST.UNIDISTCTRL.1
    Adware:adware/sqwire No Désinfecté Registre Windows
    Outil indésirable:application/myway No Désinfecté HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Adware:adware/ncase No Désinfecté Registre Windows
    Spyware:Cookie/24/7 Realmedia No Désinfecté C:\Documents and Settings\David\Cookies\david@247realmedia[1].txt
    Spyware:Cookie/2o7.net No Désinfecté C:\Documents and Settings\David\Cookies\david@2o7[2].txt
    Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\David\Cookies\david@atdmt[2].txt
    Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\David\Cookies\david@realmedia[2].txt
    Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\David\Cookies\david@statcounter[2].txt
    Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\David\Cookies\david@xiti[1].txt
    Virus:Exploit/ByteVerify Désinfecté C:\Documents and Settings\Anthony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2a251b3-718e055e.zip[Gummy.class]
    Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Anthony\Cookies\anthony@atdmt[2].txt
    Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Anthony\Cookies\anthony@realmedia[2].txt
    Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\Anthony\Cookies\anthony@statcounter[2].txt
    Spyware:Cookie/2o7.net No Désinfecté C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\anthony@2o7[1].txt
    Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\anthony@atdmt[2].txt
    Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\anthony@realmedia[2].txt
    Adware:Adware/IST.ISTBar No Désinfecté C:\Documents and Settings\Anthony\Mes documents\Ma musique\[new release] mary margaret o hara.zip[YSB_toolBar.exe]
    Spyware:Cookie/24/7 Realmedia No Désinfecté C:\Documents and Settings\David\Cookies\david@247realmedia[1].txt
    Spyware:Cookie/2o7.net No Désinfecté C:\Documents and Settings\David\Cookies\david@2o7[2].txt
    Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\David\Cookies\david@atdmt[2].txt
    Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\David\Cookies\david@realmedia[2].txt
    Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\David\Cookies\david@statcounter[2].txt
    Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\David\Cookies\david@xiti[1].txt
    Dialer:Dialer.EZJ No Désinfecté C:\grexe.exe
    Adware:Adware/eZula No Désinfecté C:\Program Files\eZula\eabh.dll
    Adware:Adware/NaviPromo No Désinfecté C:\Program Files\MailSkinner\OESkinner.dll
    Dialer:Dialer.DYL No Désinfecté C:\unzipped\hijackthis_199[1]\backups\backup-20060127-023525-632.dll
    Dialer:Dialer.B No Désinfecté C:\WINDOWS\mslagent\8_1,0,0,2_mslagent.dll
    Dialer:Dialer.OY No Désinfecté C:\WINDOWS\system32\dialx.exe
    Dialer:Dialer.FO No Désinfecté C:\WINDOWS\system32\EGCOMLIB_1035.dll
    Adware:Adware/eZula No Désinfecté C:\WINDOWS\system32\ezStub.exe
    Virus:W32/Sdbot.ftp Désinfecté C:\WINDOWS\system32\i
    Adware:Adware/NaviPromo No Désinfecté C:\WINDOWS\system32\msclock32.dll
    Adware:Adware/NaviPromo No Désinfecté C:\WINDOWS\system32\msplock32.dll
    Dialer:Dialer.B No Désinfecté C:\WINDOWS\system32\P2EClient.exe

    Bonjour boulepate,

    Voici le RAPPORT tel que demandé!!! J' attends de vos nouvelles le plus vite possible. J'ai vraiment l'impression que mon ordi va "PLANTÉ"...

    Tous les téléchargements que vous m'avez fait faire, je dois tous les gardés??? J' ai du supprmé mon premier antivirus Nortern pour maintenant celui de Avast. Je devrai gardé celui-ci?? Je ne sais même pas s'il est fonctionnel à 100% et s'il est bien configurer pour mon ordi... Revenez-moi là-dessus s.v.p.

    Merci! Davidounet
    0
  14. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    bjr
    j utilise tous ces programmes gratos en plus du pare-feu et de l'antivirus
    c est une necessité
    -----------
    nettoyer réguliérement avec

    Ad-Aware (gratuit) :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html
    Le patch en Français pour Ad-Aware (gratuit) :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html

    Spybot (gratuit) :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
    a-squared
    http://www.emsisoft.net/fr/software/download/

    ewido (dowload)
    http://www.ewido.net/fr/download/

    spycatcher express free
    http://www.tenebril.com/downloads/

    regcleaner ( nettoyeur de registre)
    http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html

    - et cleanup40 (nettoyeur de cookies+temps+tempos+prefetch+historique+etc..)
    http://pageperso.aol.fr/balltrap34/democleanup.htm
    ¤Télécharger CleanUp40 (qui élimine les fichiers temporaires) sur ce lien : http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
    ---------
    ya du boulot à faire chez toi en profondeur

    tout d'abord un pré-nettoyage
    - fais fonctionner Ewido et COLLE rapport ici , stp
    - ensuite cleanup40
    - nettoye ton registre avec RegCleaner
    - remets un hijack à la suite de ces actions
    ---------
    tu gardes bien entendu l'excellent couple formé par Kerio & Avast
    ------------

    0
    1. davidounet Messages postés 46 Statut Membre
       
      ---------------------------------------------------------
      ewido anti-malware - Rapport de démarrage
      ---------------------------------------------------------

      + Créé le: 00:30:55, 2006-01-28
      + Somme de contrôle: F9075051

      Reg\HKLM\Run HPHUPD05 c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
      Reg\HKLM\Run Rofqp C:\Program Files\Vemep\Trxtp.exe
      Reg\HKLM\Run SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      Reg\HKLM\Run SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      Reg\HKLM\Run Pidwdh C:\Program Files\Bckn\Hrgf.exe
      Reg\HKLM\Run QT4HPOT C:\Program Files\HPQ\One-Touch\OneTouch.EXE
      Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
      Reg\HKLM\Run NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
      Reg\HKLM\Run HPHmon05 C:\WINDOWS\System32\hphmon05.exe
      Reg\HKLM\Run HP Component Manager "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      Reg\HKLM\Run Display Settings C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
      Reg\HKLM\Run ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      Reg\HKLM\Run IMJPMIG8.1 "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      Reg\HKLM\Run CARPService carpserv.exe
      Reg\HKLM\Run ATIModeChange Ati2mdxx.exe
      Reg\HKLM\Run HP Software Update C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      Reg\HKLM\Run Adobe Photo Downloader "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
      Reg\HKLM\Run BeClean Agent C:\Program Files\BeClean\bca.exe
      Reg\HKLM\Run mmtask c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
      Reg\HKLM\Run MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
      Reg\HKLM\Run avast! C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      Reg\HKLM\Run SpyCatcher Reminder
      Reg\HKCU\Run ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
      Reg\HKCU\Run msnmsgr "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
      Reg\HKCU\Run a-squared "C:\Program Files\a-squared\a2guard.exe"
      Shell\CommonStartup SpyCatcher Protector.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SpyCatcher Protector.lnk
      ---------------------------------------------------------
      ewido anti-malware - Rapport de connexion
      ---------------------------------------------------------

      + Créé le: 00:31:23, 2006-01-28
      + Somme de contrôle: DDE044EE

      TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
      TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
      TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
      TCP 0.0.0.0:1034 0.0.0.0:0 LISTENING
      TCP 0.0.0.0:44334 0.0.0.0:0 LISTENING
      TCP 0.0.0.0:44501 0.0.0.0:0 LISTENING
      TCP 127.0.0.1:1025 127.0.0.1:44334 ESTABLISHED
      TCP 127.0.0.1:1027 127.0.0.1:1029 ESTABLISHED
      TCP 127.0.0.1:1029 127.0.0.1:1027 ESTABLISHED
      TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
      TCP 127.0.0.1:1032 127.0.0.1:44334 ESTABLISHED
      TCP 127.0.0.1:1034 127.0.0.1:1036 ESTABLISHED
      TCP 127.0.0.1:1036 127.0.0.1:1034 ESTABLISHED
      TCP 127.0.0.1:1494 127.0.0.1:12110 TIME_WAIT
      TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING
      TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING
      TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING
      TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING
      TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING
      TCP 127.0.0.1:44334 127.0.0.1:1025 ESTABLISHED
      TCP 127.0.0.1:44334 127.0.0.1:1032 ESTABLISHED
      TCP 169.254.66.157:139 0.0.0.0:0 LISTENING
      UDP 0.0.0.0:161
      UDP 0.0.0.0:445
      UDP 0.0.0.0:500
      UDP 0.0.0.0:1026
      UDP 0.0.0.0:1028
      UDP 0.0.0.0:1033
      UDP 0.0.0.0:1035
      UDP 0.0.0.0:1050
      UDP 0.0.0.0:1124
      UDP 0.0.0.0:4500
      UDP 0.0.0.0:44334
      UDP 64.229.109.201:123
      UDP 64.229.109.201:1900
      UDP 127.0.0.1:123
      UDP 127.0.0.1:1900
      UDP 169.254.66.157:123
      UDP 169.254.66.157:137
      UDP 169.254.66.157:138
      UDP 169.254.66.157:1900
      ---------------------------------------------------------
      ewido anti-malware - Rapport des processus
      ---------------------------------------------------------

      + Créé le: 00:31:40, 2006-01-28
      + Somme de contrôle: 41AC7344

      0: System Process
      4: System Process
      408: C:\Program Files\Outlook Express\msimn.exe
      552: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      572: C:\Program Files\Alwil Software\Avast4\ashServ.exe
      604: C:\WINDOWS\System32\cisvc.exe
      644: C:\Program Files\ewido anti-malware\ewidoctrl.exe
      672: C:\Program Files\ewido anti-malware\ewidoguard.exe
      708: C:\WINDOWS\system32\HPConfig.exe
      728: C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
      756: C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
      836: \SystemRoot\System32\smss.exe
      876: C:\WINDOWS\system32\cidaemon.exe
      884: \??\C:\WINDOWS\system32\csrss.exe
      908: \??\C:\WINDOWS\system32\winlogon.exe
      960: C:\WINDOWS\system32\services.exe
      972: C:\WINDOWS\system32\lsass.exe
      1152: C:\WINDOWS\System32\Ati2evxx.exe
      1176: C:\WINDOWS\system32\svchost.exe
      1256: C:\WINDOWS\system32\svchost.exe
      1340: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      1380: C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
      1404: C:\WINDOWS\System32\svchost.exe
      1476: C:\WINDOWS\System32\svchost.exe
      1584: C:\WINDOWS\System32\svchost.exe
      1624: C:\Program Files\Outlook Express\msimn.exe
      1728: C:\WINDOWS\System32\snmp.exe
      1760: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      1808: C:\WINDOWS\System32\svchost.exe
      1996: C:\WINDOWS\system32\spoolsv.exe
      2072: C:\WINDOWS\System32\hphmon05.exe
      2112: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      2228: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      2272: C:\WINDOWS\system32\carpserv.exe
      2484: C:\WINDOWS\system32\ctfmon.exe
      2504: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      2560: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      2624: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      2700: C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
      2800: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      2944: C:\WINDOWS\System32\alg.exe
      3100: C:\WINDOWS\explorer.exe
      3680: C:\Program Files\ewido anti-malware\securitysuite.exe
      3768: C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
      CleanUp! started on 01/28/06 00:32:55.
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\CleanUp40[1].exe - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk49.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk4B.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk4D.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk4F.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk51.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk53.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk55.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk57.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk59.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk5B.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk5D.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk5F.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk61.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk63.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk65.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk67.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk69.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk6B.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk6D.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk6F.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk71.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk73.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk75.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk77.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk79.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk7B.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk7D.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk7F.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk81.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk83.tmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[10] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[11] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[12] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[13] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[14] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[15] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[16] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[17] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[18] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[19] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[1] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[20] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[21] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[22] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[23] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[24] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[25] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[26] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[27] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[28] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[29] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[2] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[30] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[3] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[4] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[5] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[6] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[7] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[8] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[9] - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\adsWrapper[1].js - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\arrow_green_normal[1].bmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\Behaviors[2].css - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\Common[1].js - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\Common[2].js - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\Context[1].htm - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\democleanup[1].htm - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\democleanup[1].swf - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\firstpage[1].htm - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\NavBar[1].htm - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\NavBar[1].xml - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\promos[1].js - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\shared[1].css - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\shared[2].css - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\shared[3].css - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\L7J35PGE\adsEnd[1].js - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\L7J35PGE\aol_fr_branding_background_image.gif.122482.1[1].gif - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\L7J35PGE\blank[1].htm - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\L7J35PGE\HHWRAPPER[1].htm - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\L7J35PGE\logo[1].bmp - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\L7J35PGE\pixel[1].gif - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\L7J35PGE\shared[1].css - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\L7J35PGE\shared[2].css - deleted
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
      hcp://system/panels/HHWRAPPER.htm - deleted
      http://pageperso.aol.fr/balltrap34/democleanup.swf - deleted
      hcp://system/panels/firstpage.htm - deleted
      http://pageperso.aol.fr/balltrap34/democleanup.htm - deleted
      hcp://system/css/Behaviors.css - deleted
      http://ar.atwola.com/file/adsWrapper.js - deleted
      http://pageperso.aol.fr/Balltrap34/CleanUp40.exe - deleted
      hcp://system/panels/Context.htm - deleted
      hcp://system/panels/NavBar.htm - deleted
      hcp://system/panels/NavBar.xml - deleted
      http://ar.atwola.com/file/adsEnd.js - deleted
      hcp://system/images/24x24/arrow_green_normal.bmp - deleted
      http://hometown-art.aol.com/main/pixel.gif - deleted
      hcp://system/images/32x32/logo.bmp - deleted
      hcp://system/panels/blank.htm - deleted
      http://ht-brands.aol.com/PromoArt/aol_fr_branding_background_image.gif.122482.1.gif - deleted
      C:\Documents and Settings\David\Local Settings\Historique\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
      C:\Documents and Settings\David\Local Settings\Historique\History.IE5\MSHist012006012720060128\index.dat - deleted
      C:\Documents and Settings\David\Local Settings\Historique\History.IE5\MSHist012006012720060128\ - deleted
      C:\Documents and Settings\David\Local Settings\Historique\History.IE5\MSHist012006012820060129\index.dat currently in use. Will be deleted when Windows is restarted.
      'Typed URLs' (Internet Explorer) - removed from the registry.
      Visited: David@hcp://system/panels/blank.htm - deleted
      Visited: David@hcp://system/panels/HHWRAPPER.htm - deleted
      Visited: David@hcp://system/panels/Context.htm - deleted
      Visited: David@hcp://system/panels/firstpage.htm - deleted
      Visited: David@http://pageperso.aol.fr/balltrap34/democleanup.htm - deleted
      Visited: David@file:///C:/Documents%20and%20Settings/David/Mes%20documents/Rapport%20de%20connexion_20060128.txt - deleted
      Visited: David@ms-its:C:\WINDOWS\Help\apps_sp.chm::/idh_w2_30012_40c.htm - deleted
      Visited: David@file:///C:/Documents%20and%20Settings/David/Mes%20documents/Rapport%20de%20d%E9marrage_20060128.txt - deleted
      Visited: David@file:///C:/Documents%20and%20Settings/David/Mes%20documents/Rapport%20des%20processus_20060128.txt - deleted
      Visited: David@http://pageperso.aol.fr/Balltrap34/CleanUp40.exe - deleted
      C:\Documents and Settings\David\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
      C:\Documents and Settings\David\Recent\Rapport de connexion_20060128.txt.lnk - deleted
      C:\Documents and Settings\David\Recent\Rapport de démarrage_20060128.txt.lnk - deleted
      C:\Documents and Settings\David\Recent\Rapport des processus_20060128.txt.lnk - deleted
      C:\DOCUME~1\David\LOCALS~1\Temp\ mon010.log currently in use. Will be deleted when Windows is restarted.
      C:\DOCUME~1\David\LOCALS~1\Temp\ mon010.log currently in use. Will be deleted when Windows is restarted.
      C:\WINDOWS\temp\JETC422.tmp currently in use. Will be deleted when Windows is restarted.
      C:\WINDOWS\temp\Perflib_Perfdata_23c.dat currently in use. Will be deleted when Windows is restarted.
      C:\WINDOWS\temp\Perflib_Perfdata_6c0.dat currently in use. Will be deleted when Windows is restarted.
      C:\WINDOWS\temp\_avast4_\Webshlock.txt currently in use. Will be deleted when Windows is restarted.
      C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
      C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
      C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
      C:\Documents and Settings\David\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
      C:\Documents and Settings\David\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
      C:\Documents and Settings\David\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
      C:\Documents and Settings\David\Local Settings\Temp\ mon010.log currently in use. Will be deleted when Windows is restarted.
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
      C:\WINDOWS\Prefetch\AHUI.EXE-10CE5D84.pf - deleted
      C:\WINDOWS\Prefetch\CLEANUP.EXE-3438663A.pf - deleted
      C:\WINDOWS\Prefetch\CLEANUP40[1].EXE-17DBA470.pf - deleted
      C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf - deleted
      C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf - deleted
      C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf - deleted
      C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted
      C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted
      C:\WINDOWS\Prefetch\MSIMN.EXE-38BA891D.pf - deleted
      C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
      C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf - deleted
      C:\WINDOWS\Prefetch\SECURITYSUITE.EXE-278F473B.pf - deleted
      C:\WINDOWS\Prefetch\SETUP.EXE-393E66AE.pf - deleted
      C:\WINDOWS\Prefetch\SSMYPICS.SCR-01C62024.pf - deleted
      C:\WINDOWS\Prefetch\WINHLP32.EXE-2C18E975.pf - deleted
      C:\WINDOWS\Prefetch\WINNT32.EXE-07CE5394.pf - deleted
      C:\Documents and Settings\David\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
      C:\Documents and Settings\David\Local Settings\Historique\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
      C:\Documents and Settings\David\Local Settings\Historique\History.IE5\MSHist012006012820060129\index.dat currently in use. Will be deleted when Windows is restarted.
      C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
      C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
      C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
      C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Personal_32_1036.dat.bak - deleted
      C:\WINDOWS\system32\CatRoot2\edb.chk - deleted
      C:\WINDOWS\Temp\JETC422.tmp currently in use. Will be deleted when Windows is restarted.
      Emptied Recycle Bin on drive C:
      'Run MRU' list - removed from the registry.
      Paint Recent File List - removed from the registry.
      Telnet's MRU list - removed from the registry.
      WinZip Extract MRU list - removed from the registry.
      WinZip File MRU list - removed from the registry.
      CleanUp! 4.0 recovered 36.5 MB of disk space from 138 files.
      CleanUp! finished on 01/28/06 00:34:08.


      Je ne sais pas quoi faire pour nettoyer mon registre avec RegCleaner???


      Davidounet
      0
    2. davidounet Messages postés 46 Statut Membre
       
      Bonjour,


      Voilà mon rapport tel que demandé!!! Je vous reviens avec la suite....

      Merci! Davidounet
      0
  15. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    re
    salut
    1.redemarre en mode sans echec (redemarage + tapotte sans arret sur F8 desque l'ordi s'allume)

    3. affiche les fichier cacher comme ceci :
    clicker sur demarrer/panneau de configuration/option des dossiers/affichage
    Cocher afficher les dossiers cacher
    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
    Puis fais «Ok» pour valider les changements.
    Decocher masquer les extentions dont le type est connues

    4.ensuite va dans demarrer/rechercher les derniers termes des lignes suivantes et supprime

    exemple:
    C:\WINDOWS\SYSTEM32\eglivecam_1027.dll
    supprime "eglivecam_1027.dll ''
    et ainsi de suite

    C:\WINDOWS\SYSTEM32\eglivecam_1027.dll
    C:\WINDOWS\SYSTEM32\ezStub.exe
    C:\WINDOWS\SYSTEM32\f3pssavr.scr
    C:\WINDOWS\SYSTEM32\hwuekzcq_nav.dat
    C:\PROGRAM FILES\Carpe Diem
    C:\PROGRAM FILES\dialers
    C:\PROGRAM FILES\FunWebProducts
    C:\PROGRAM FILES\Internet Optimizer
    C:\PROGRAM FILES\WhenUSearch
    C:\WINDOWS\mslagent
    C:\Program Files\eZula\eabh.dll
    C:\Program Files\MailSkinner\OESkinner.dll
    C:\WINDOWS\mslagent\8_1,0,0,2_mslagent.dll
    C:\WINDOWS\system32\dialx.exe
    C:\WINDOWS\system32\EGCOMLIB_1035.dll
    C:\WINDOWS\system32\ezStub.exe
    C:\WINDOWS\system32\i
    C:\WINDOWS\system32\msclock32.dll
    C:\WINDOWS\system32\msplock32.dll
    C:\WINDOWS\system32\P2EClient.exe

    5- fais fonctionner Spybot+Ad-aware+Ewido
    vide les sauvegardes et quarantaines
    vide corbeille

    6 -masque les fichiers cachés en suivant le meme chemin en sens inverse du paragraphe 3

    7 - redemarre en mode normal

    8 - remets un hijack
    ----

    je pense en avoir oublié mais suis fatigué
    0
  16. davidounet Messages postés 46 Statut Membre
     
    Salut boulepate,

    Je n'ai pas encore exécuté les dernières tâches que tu m'as demandé de faire, mais sous peu. Par contre je ne sais pas comment faire fonctionner RegCleaner pour nettoyer mes registres. Peux-tu m'aider là-dessus s.v.p.

    Davidounet
    0
  17. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    bjr
    pour RegCleaner
    1 - menu outils+nettoyage registre+tout faire+coche tout+supprimer
    2 - types de fichiers+coche tous les N/A+supprimer

    tout sera mis en sauvegarde au cas où
    0
  18. davidounet Messages postés 46 Statut Membre
     
    Bonjour,

    Voilà le dernier RAPPORT de hijack!!!! J' ai suivi les étapes à la lettre comme indiqué sur mon message envoyé le 28 janvier 2006 à 03hres26 a.m.

    J' attends les prochains détails à faire!!!

    Merci!!! Davidounet
    0
  19. davidounet Messages postés 46 Statut Membre
     
    Bonjour,

    Désolé, j'avais oublié de vous soumettre le rapport demandé.

    Logfile of HijackThis v1.99.1
    Scan saved at 01:24:58, on 2006-01-30
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\unzipped\hijackthis_199[1]\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [BeClean Agent] C:\Program Files\BeClean\bca.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
    O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01BE5BD7-B2DD-48B3-A759-59265A91E787} -
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1016_FR_XP.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{84316CFB-7095-48F9-9C0E-6763D9942511}: NameServer = 206.47.244.79 206.47.244.14
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C1317526-BE8B-4885-8EC1-65BD0797138B}: Domain = sympatico.ca
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: interceptor.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    Merci!!! Davidounet
    0
  20. davidounet Messages postés 46 Statut Membre
     
    Bonjour,

    J'attends toujours des nouvelles de vous concernant ce message. Merci de me revenir bientôt!!!

    Davidounet
    0
    1. boulepate
       
      Salut,

      ton rapport me semble correct ou en est ton probléme?

      a+
      0
  21. davidounet Messages postés 46 Statut Membre
     
    Bonjour,

    C'est juste que quand je pars ewido, il m'indique que j'ai encore des fichiers d'infectés.

    Je voulais simplement savoir s'il y avait moyen de régler aussi ce problème. Dites-moi aussi, tous les programmes que vous m'avez fait installé comme ewido,regcleaner, ad-ware, spybot, spycatcher et asquared, se sont des programmes qu'il est bon de garder ou vous me conseiller de les supprimés.

    J'attends de vos nouvelles.

    Bonne journée!!! Davidounet
    0
  • 1
  • 2