[virus] comment voir si son pc est contaminé?
Résolu
funky_maestro
Messages postés
9
Statut
Membre
-
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
bonjour à tous, je suis nouveau sur ce site et je pensse avoir quelques problemes types virus ou trojans.Par exemple je n arrive plus a fair l analyse live update sous norton et des pages internet ne s affichent plus,bref je pensse avoir attrapé quelque chose.Ayant cherché des informations sur votre forum j ai donc dl HijackThis;cliqué sur "do a system scan and save logfile"le copier coller donne:
Logfile of HijackThis v1.99.1
Scan saved at 12:45:21, on 13/05/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Zilla Popup Killer\ZillaPop.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\PICHER\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0894FF00-F6F5-430a-8915-2327EE763E88} - (no file)
O2 - BHO: CookieHlprObj Class - {4DF1DB24-A57C-11d3-A180-00A0C90AE44B} - C:\Program Files\Zilla Popup Killer\ZillaBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: - {6CA368D6-5A1C-4D10-87ED-697877A28D6D} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\DOCUME~1\PICHER\LOCALS~1\Temp\~AceTemp\msconfig\msconfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Program Files\Zilla Popup Killer\ZillaPop.exe
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {2A57772A-D963-4533-A999-A4D66B7EF424} - http://sexprovider.com/video/exit/install.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F026985-9835-45E3-91A1-C50B29F7A9B4}: NameServer = 194.117.200.10,194.117.200.15
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: xcdmfree - C:\WINNT\SYSTEM32\xcdmfree.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: RadClock - Unknown owner - C:\WINNT\system32\RadClock.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
que fair désormais?comment savoir si je suis infecter?
merci d'avance pour votre aide.
system widows 2000
Logfile of HijackThis v1.99.1
Scan saved at 12:45:21, on 13/05/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Zilla Popup Killer\ZillaPop.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\PICHER\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0894FF00-F6F5-430a-8915-2327EE763E88} - (no file)
O2 - BHO: CookieHlprObj Class - {4DF1DB24-A57C-11d3-A180-00A0C90AE44B} - C:\Program Files\Zilla Popup Killer\ZillaBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: - {6CA368D6-5A1C-4D10-87ED-697877A28D6D} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\DOCUME~1\PICHER\LOCALS~1\Temp\~AceTemp\msconfig\msconfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Program Files\Zilla Popup Killer\ZillaPop.exe
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {2A57772A-D963-4533-A999-A4D66B7EF424} - http://sexprovider.com/video/exit/install.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F026985-9835-45E3-91A1-C50B29F7A9B4}: NameServer = 194.117.200.10,194.117.200.15
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: xcdmfree - C:\WINNT\SYSTEM32\xcdmfree.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: RadClock - Unknown owner - C:\WINNT\system32\RadClock.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
que fair désormais?comment savoir si je suis infecter?
merci d'avance pour votre aide.
system widows 2000
A voir également:
- [virus] comment voir si son pc est contaminé?
- Comment réinitialiser un pc - Guide
- Audacity enregistrer son pc - Guide
- Mon pc est lent - Guide
- Optimiser son pc - Accueil - Utilitaires
- Comment voir qui regarde mon profil facebook - Guide
13 réponses
de plus des l ouverture de windows club internet génere des erreurs(lanceur.exe a généré des erreurs) mais aussi il est desormais impossible de lancer live update via norton...
Que faire?
Que faire?
Salut
fais le 1/ et 2/ de ce lien stp :
https://www.commentcamarche.net/faq/2490-supprimer-les-adwares-publicites-intempestives-pop-up-etc
++
fais le 1/ et 2/ de ce lien stp :
https://www.commentcamarche.net/faq/2490-supprimer-les-adwares-publicites-intempestives-pop-up-etc
++
impossible d executer Ewido Security Suite EREUR DE PROGRAME...exactement comme pour le lanceur club internet...je perd espoir que fair?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
c bon j ai pu installer ewido anti-malware en mode sans échec j ai donc ouvert ewido anti-malware en mode normal et il ma trouver 3 fichier a suprimer! :)
je fais le scan et j le post
je fais le scan et j le post
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 19:32:53, 13/05/2006
+ Somme de contrôle: 4C4DCCCB
+ Résultats du scan:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RelevantKnowledge -> Adware.BroadCastPC : Ignoré
[200] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1068] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1108] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1228] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1304] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1332] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1380] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1620] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1640] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1776] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1824] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1240] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
C:\Documents and Settings\PICHER\Bureau\telechargement\amsn-0.95-windows-installer.exe -> Not-A-Virus.HackTool.Win32.Homac : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@adtech[2].txt -> TrackingCookie.Adtech : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@as1.falkag[1].txt -> TrackingCookie.Falkag : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@estat[2].txt -> TrackingCookie.Estat : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@image.masterstats[1].txt -> TrackingCookie.Masterstats : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@overture[1].txt -> TrackingCookie.Overture : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@tacoda[1].txt -> TrackingCookie.Tacoda : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@weborama[2].txt -> TrackingCookie.Weborama : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@yadro[2].txt -> TrackingCookie.Yadro : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@adtech[2].txt -> TrackingCookie.Adtech : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@advertising[1].txt -> TrackingCookie.Advertising : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@counter3.sextracker[2].txt -> TrackingCookie.Sextracker : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@counter8.sextracker[2].txt -> TrackingCookie.Sextracker : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@estat[1].txt -> TrackingCookie.Estat : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@fastclick[2].txt -> TrackingCookie.Fastclick : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@gator[1].txt -> TrackingCookie.Gator : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@paycounter[2].txt -> TrackingCookie.Paycounter : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@servedby.advertising[2].txt -> TrackingCookie.Advertising : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@sexlist[2].txt -> TrackingCookie.Sexlist : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@sextracker[2].txt -> TrackingCookie.Sextracker : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Ignoré
C:\Program Files\amsn\uninstall.exe -> Not-A-Virus.HackTool.Win32.Homac : Ignoré
C:\RECYCLER\NPROTECT\00845656.DLL -> Adware.NewDotNet : Ignoré
C:\WINNT\ndnuninstall5_48.exe -> Adware.NewDotNet : Ignoré
C:\WINNT\NDNuninstall7_22.exe -> Adware.NewDotNet : Ignoré
C:\WINNT\system32\__delete_on_reboot__xcdmfree.dll -> Logger.Goldun.jv : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Nettoyer et sauvegarder
::Fin du rapport
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 19:32:53, 13/05/2006
+ Somme de contrôle: 4C4DCCCB
+ Résultats du scan:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RelevantKnowledge -> Adware.BroadCastPC : Ignoré
[200] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1068] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1108] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1228] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1304] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1332] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1380] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1620] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1640] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1776] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1824] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
[1240] C:\WINNT\system32\xcdmfree.dll -> Logger.Goldun.jv : Ignoré
C:\Documents and Settings\PICHER\Bureau\telechargement\amsn-0.95-windows-installer.exe -> Not-A-Virus.HackTool.Win32.Homac : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@adtech[2].txt -> TrackingCookie.Adtech : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@as1.falkag[1].txt -> TrackingCookie.Falkag : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@estat[2].txt -> TrackingCookie.Estat : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@image.masterstats[1].txt -> TrackingCookie.Masterstats : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@overture[1].txt -> TrackingCookie.Overture : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@tacoda[1].txt -> TrackingCookie.Tacoda : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@weborama[2].txt -> TrackingCookie.Weborama : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Ignoré
C:\Documents and Settings\PICHER\Cookies\picher@yadro[2].txt -> TrackingCookie.Yadro : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@adtech[2].txt -> TrackingCookie.Adtech : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@advertising[1].txt -> TrackingCookie.Advertising : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@counter3.sextracker[2].txt -> TrackingCookie.Sextracker : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@counter8.sextracker[2].txt -> TrackingCookie.Sextracker : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@estat[1].txt -> TrackingCookie.Estat : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@fastclick[2].txt -> TrackingCookie.Fastclick : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@gator[1].txt -> TrackingCookie.Gator : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@paycounter[2].txt -> TrackingCookie.Paycounter : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@servedby.advertising[2].txt -> TrackingCookie.Advertising : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@sexlist[2].txt -> TrackingCookie.Sexlist : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@sextracker[2].txt -> TrackingCookie.Sextracker : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Ignoré
C:\Program Files\amsn\uninstall.exe -> Not-A-Virus.HackTool.Win32.Homac : Ignoré
C:\RECYCLER\NPROTECT\00845656.DLL -> Adware.NewDotNet : Ignoré
C:\WINNT\ndnuninstall5_48.exe -> Adware.NewDotNet : Ignoré
C:\WINNT\NDNuninstall7_22.exe -> Adware.NewDotNet : Ignoré
C:\WINNT\system32\__delete_on_reboot__xcdmfree.dll -> Logger.Goldun.jv : Ignoré
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\PICHER\Local Settings\Temp\Cookies\picher@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Nettoyer et sauvegarder
::Fin du rapport
re
oula, c'est pas jolie-jolie tout ça ...lol
Télécharger l2mfix.exe sur http://www.downloads.subratam.org/l2mfix.exe
- Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Dézipper l2mfix.exe sur le bureau ;
- Dans le dossier du programme, double-cliquer sur l2mfix.bat ;
- Choisir OPTION 1 (Run find log) et valider par la touche [Entrée] ;
=> Un rapport sera généré dans le Bloc-notes, se reconnecter pour le poster au forum.
++
***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
oula, c'est pas jolie-jolie tout ça ...lol
Télécharger l2mfix.exe sur http://www.downloads.subratam.org/l2mfix.exe
- Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Dézipper l2mfix.exe sur le bureau ;
- Dans le dossier du programme, double-cliquer sur l2mfix.bat ;
- Choisir OPTION 1 (Run find log) et valider par la touche [Entrée] ;
=> Un rapport sera généré dans le Bloc-notes, se reconnecter pour le poster au forum.
++
***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
c bon les virus on disparut je peu donc a nouveau fair live update sous norton plus de pages qui restent blanchent donc je ne c'est pas si j dois quand meme dl le prog l2mfix.exe ?
bonsoir à tous,
je ne vois pas de look2me dans ce rapport!
par contre une infection newdotnet.
regarde dans ajout/suppression de programme si tu vois un truc du genre netdomain ou newdotnet, tu désinstalles et ensuite, tu re postes un rapport hijackthis
a+
je ne vois pas de look2me dans ce rapport!
par contre une infection newdotnet.
regarde dans ajout/suppression de programme si tu vois un truc du genre netdomain ou newdotnet, tu désinstalles et ensuite, tu re postes un rapport hijackthis
a+
voila mon copier/coller hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 11:50:56, on 14/05/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Zilla Popup Killer\ZillaPop.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\PICHER\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: CookieHlprObj Class - {4DF1DB24-A57C-11d3-A180-00A0C90AE44B} - C:\Program Files\Zilla Popup Killer\ZillaBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\DOCUME~1\PICHER\LOCALS~1\Temp\~AceTemp\msconfig\msconfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Program Files\Zilla Popup Killer\ZillaPop.exe
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F026985-9835-45E3-91A1-C50B29F7A9B4}: NameServer = 194.117.200.10,194.117.200.15
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: xcdmfree - xcdmfree.dll (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: RadClock - Unknown owner - C:\WINNT\system32\RadClock.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Logfile of HijackThis v1.99.1
Scan saved at 11:50:56, on 14/05/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Zilla Popup Killer\ZillaPop.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\PICHER\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: CookieHlprObj Class - {4DF1DB24-A57C-11d3-A180-00A0C90AE44B} - C:\Program Files\Zilla Popup Killer\ZillaBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\DOCUME~1\PICHER\LOCALS~1\Temp\~AceTemp\msconfig\msconfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Program Files\Zilla Popup Killer\ZillaPop.exe
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F026985-9835-45E3-91A1-C50B29F7A9B4}: NameServer = 194.117.200.10,194.117.200.15
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: xcdmfree - xcdmfree.dll (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: RadClock - Unknown owner - C:\WINNT\system32\RadClock.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Redemarres ton pc, dès l'allumage de celui ci tapotes la touche f8, à l'ecran qui va apparaitre choisis "mode sans echec" attends un peu.. puis fait un scan complet de ton Pc avec Ewido
Puis redemarre norlament et fait ça:
Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X, pour le faire fonctionner,
une fois qu'il a terminé colle le rapport ici stp
_Online Scanner
_Kaspersky Online Scanner
_My Computer
https://www.kaspersky.fr/downloads
Puis redemarre norlament et fait ça:
Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X, pour le faire fonctionner,
une fois qu'il a terminé colle le rapport ici stp
_Online Scanner
_Kaspersky Online Scanner
_My Computer
https://www.kaspersky.fr/downloads
voila :
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, May 14, 2006 6:04:50 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 14/05/2006
Kaspersky Anti-Virus database records: 182015
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 69868
Number of viruses found: 11
Number of infected objects: 28
Number of suspicious objects: 1
Duration of the scan process: 02:40:27
Infected Object Name / Virus Name / Last Action
C:\igor.chm/on-line.exe Infected: Trojan.Win32.Dialer.by skipped
C:\igor.chm CHM: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\067E6D4A.exe Infected: Trojan-Dropper.Win32.VB.cd skipped
C:\Program Files\Norton AntiVirus\Quarantine\068E3F38.exe Infected: Trojan-Dropper.Win32.VB.cd skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CD83DD1.wsz/exploit.htm Infected: Trojan-Downloader.VBS.Psyme.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CD83DD1.wsz CHM: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CD83DD1.wsz CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\306C13AA.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\459655F2.zip/a.class Infected: Trojan.Java.ClassLoader.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\459655F2.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\459655F2.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton AntiVirus\Quarantine\459655F2.zip ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\459655F2.zip CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4EDD722D.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\55217C09.jar/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\55217C09.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\55217C09.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\55217C09.jar ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\55217C09.jar CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\6AAA6398.htm Suspicious: Exploit.HTML.DragDrop skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B6729E8.htm Infected: Exploit.HTML.ObjData skipped
C:\Program Files\Norton AntiVirus\Quarantine\7B3C3059.jar/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\7B3C3059.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\7B3C3059.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\7B3C3059.jar ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7B3C3059.jar CryptFF: infected - 3 skipped
C:\RECYCLER\NPROTECT\00848497.exe/ Infected: Trojan-Dropper.Win32.VB.cd skipped
C:\RECYCLER\NPROTECT\00848497.exe MS Expand: infected - 1 skipped
C:\RECYCLER\NPROTECT\00848497.exe Cexe: infected - 1 skipped
Scan process completed.
je suprimes tout les fichiers ?
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, May 14, 2006 6:04:50 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 14/05/2006
Kaspersky Anti-Virus database records: 182015
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 69868
Number of viruses found: 11
Number of infected objects: 28
Number of suspicious objects: 1
Duration of the scan process: 02:40:27
Infected Object Name / Virus Name / Last Action
C:\igor.chm/on-line.exe Infected: Trojan.Win32.Dialer.by skipped
C:\igor.chm CHM: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\067E6D4A.exe Infected: Trojan-Dropper.Win32.VB.cd skipped
C:\Program Files\Norton AntiVirus\Quarantine\068E3F38.exe Infected: Trojan-Dropper.Win32.VB.cd skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CD83DD1.wsz/exploit.htm Infected: Trojan-Downloader.VBS.Psyme.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CD83DD1.wsz CHM: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CD83DD1.wsz CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\306C13AA.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\459655F2.zip/a.class Infected: Trojan.Java.ClassLoader.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\459655F2.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\459655F2.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton AntiVirus\Quarantine\459655F2.zip ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\459655F2.zip CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4EDD722D.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\55217C09.jar/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\55217C09.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\55217C09.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\55217C09.jar ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\55217C09.jar CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\6AAA6398.htm Suspicious: Exploit.HTML.DragDrop skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B6729E8.htm Infected: Exploit.HTML.ObjData skipped
C:\Program Files\Norton AntiVirus\Quarantine\7B3C3059.jar/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\7B3C3059.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\7B3C3059.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\7B3C3059.jar ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7B3C3059.jar CryptFF: infected - 3 skipped
C:\RECYCLER\NPROTECT\00848497.exe/ Infected: Trojan-Dropper.Win32.VB.cd skipped
C:\RECYCLER\NPROTECT\00848497.exe MS Expand: infected - 1 skipped
C:\RECYCLER\NPROTECT\00848497.exe Cexe: infected - 1 skipped
Scan process completed.
je suprimes tout les fichiers ?
Kaspersky ne supprime rien obliger de faire manuellement
Ouvre Norton, clique sur "quarantaine" et supprime tous les fichiers qu'il a.
Puis fais ça:
Telecharges Killbox : https://www.generation-nt.com/killbox-telechargement-25430.html
Doubles clique sur killbox.exe (Pocket Killbox)
- coches: delete on reboot
dans la barre vide entre ceci: (exactement)
C:\RECYCLER\NPROTECT\00848497.exe
- cliques sur la croix rouge
- une fenetre va apparaitre pour confirmation cliques sur YES
- une seconde fenetre te demande si tu veux redemarrer cliques sur NO
Ensuite à nouveau dans la barre vide tu réentres ceci:
C:\igor.chm/on-line.exe
- cliques sur la croix rouge
- une fenetre va apparaitre pour confirmation cliques sur YES
- une seconde fenetre te demande si tu veux redemarrer cliques sur YES
Laisses le pc redemarrer puis met un nouveau rapport HijackThis
Puis fait un scan complet avec Ewido stp et colle le rapport ici
Ouvre Norton, clique sur "quarantaine" et supprime tous les fichiers qu'il a.
Puis fais ça:
Telecharges Killbox : https://www.generation-nt.com/killbox-telechargement-25430.html
Doubles clique sur killbox.exe (Pocket Killbox)
- coches: delete on reboot
dans la barre vide entre ceci: (exactement)
C:\RECYCLER\NPROTECT\00848497.exe
- cliques sur la croix rouge
- une fenetre va apparaitre pour confirmation cliques sur YES
- une seconde fenetre te demande si tu veux redemarrer cliques sur NO
Ensuite à nouveau dans la barre vide tu réentres ceci:
C:\igor.chm/on-line.exe
- cliques sur la croix rouge
- une fenetre va apparaitre pour confirmation cliques sur YES
- une seconde fenetre te demande si tu veux redemarrer cliques sur YES
Laisses le pc redemarrer puis met un nouveau rapport HijackThis
Puis fait un scan complet avec Ewido stp et colle le rapport ici
raport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 18:44:42, on 14/05/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Zilla Popup Killer\ZillaPop.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\PICHER\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: CookieHlprObj Class - {4DF1DB24-A57C-11d3-A180-00A0C90AE44B} - C:\Program Files\Zilla Popup Killer\ZillaBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\DOCUME~1\PICHER\LOCALS~1\Temp\~AceTemp\msconfig\msconfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Program Files\Zilla Popup Killer\ZillaPop.exe
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F026985-9835-45E3-91A1-C50B29F7A9B4}: NameServer = 194.117.200.10,194.117.200.15
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: xcdmfree - xcdmfree.dll (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: RadClock - Unknown owner - C:\WINNT\system32\RadClock.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
rapport de l analyze complette avec Ewido :
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 19:30:55, 14/05/2006
+ Somme de contrôle: 221F5161
+ Résultats du scan:
C:\Documents and Settings\PICHER\Cookies\picher@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\PICHER\Cookies\picher@adtech[1].txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
C:\Documents and Settings\PICHER\Cookies\picher@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\PICHER\Cookies\picher@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\PICHER\Cookies\picher@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\PICHER\Cookies\picher@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\PICHER\Cookies\picher@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Nettoyer et sauvegarder
::Fin du rapport
Logfile of HijackThis v1.99.1
Scan saved at 18:44:42, on 14/05/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Zilla Popup Killer\ZillaPop.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\PICHER\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: CookieHlprObj Class - {4DF1DB24-A57C-11d3-A180-00A0C90AE44B} - C:\Program Files\Zilla Popup Killer\ZillaBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\DOCUME~1\PICHER\LOCALS~1\Temp\~AceTemp\msconfig\msconfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Program Files\Zilla Popup Killer\ZillaPop.exe
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F026985-9835-45E3-91A1-C50B29F7A9B4}: NameServer = 194.117.200.10,194.117.200.15
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: xcdmfree - xcdmfree.dll (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: RadClock - Unknown owner - C:\WINNT\system32\RadClock.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
rapport de l analyze complette avec Ewido :
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 19:30:55, 14/05/2006
+ Somme de contrôle: 221F5161
+ Résultats du scan:
C:\Documents and Settings\PICHER\Cookies\picher@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\PICHER\Cookies\picher@adtech[1].txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
C:\Documents and Settings\PICHER\Cookies\picher@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\PICHER\Cookies\picher@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\PICHER\Cookies\picher@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\PICHER\Cookies\picher@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\PICHER\Cookies\picher@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Nettoyer et sauvegarder
::Fin du rapport
Salut à vous
as tu un parfeu ???
Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :
O4 - HKLM\..\Run: [MSConfig] C:\DOCUME~1\PICHER\LOCALS~1\Temp\~AceTemp\msconfig\msconfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O20 - Winlogon Notify: xcdmfree - xcdmfree.dll (file missing)
ensuite :
*Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .
*Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle
est cochée) puis clique sur "lancer le nettoyage"
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
precise tes soucis
++
***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
as tu un parfeu ???
Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :
O4 - HKLM\..\Run: [MSConfig] C:\DOCUME~1\PICHER\LOCALS~1\Temp\~AceTemp\msconfig\msconfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O20 - Winlogon Notify: xcdmfree - xcdmfree.dll (file missing)
ensuite :
*Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .
*Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle
est cochée) puis clique sur "lancer le nettoyage"
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
precise tes soucis
++
***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
