[Troajn-Virus]trojan-downloader-conhook
Résolu
louiz
Messages postés
23
Statut
Membre
-
Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour à tous,
Voilà, j'ai scanné mon ordinateur portable (windows XP SP2) après avoir remarqué l'apparition fréquente de popup génant (et une impression d'être déconnecté d'internet très souvent). J'ai utilisé ad-aware, spy sweeper et Spybot, ils m'ont tous trouvé le trojan Conhook. (mais n'ont pas réussi à les supprimer malgré les nombreux scan, reset etc)
J'ai donc cherché des solutions pour m'en débarrasser et suis tombée ici-même.
J'ai téléchargé HijackThis que j'ai placé sur le bureau et effectué un scan dont voici le rapport :
Logfile of HijackThis v1.99.1
Scan saved at 19:52:44, on 14/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\idd6.tmp.exe
C:\WINDOWS\TEMP\idd8.tmp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\TEMP\idd1E2.tmp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Louiz\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Startup: Screenshot Utility.lnk = C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Je fais donc appelle à votre aide, s'il vous plait, pour essayer d'éradiquer ce fléau.
Merci
Voilà, j'ai scanné mon ordinateur portable (windows XP SP2) après avoir remarqué l'apparition fréquente de popup génant (et une impression d'être déconnecté d'internet très souvent). J'ai utilisé ad-aware, spy sweeper et Spybot, ils m'ont tous trouvé le trojan Conhook. (mais n'ont pas réussi à les supprimer malgré les nombreux scan, reset etc)
J'ai donc cherché des solutions pour m'en débarrasser et suis tombée ici-même.
J'ai téléchargé HijackThis que j'ai placé sur le bureau et effectué un scan dont voici le rapport :
Logfile of HijackThis v1.99.1
Scan saved at 19:52:44, on 14/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\idd6.tmp.exe
C:\WINDOWS\TEMP\idd8.tmp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\TEMP\idd1E2.tmp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Louiz\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Startup: Screenshot Utility.lnk = C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Je fais donc appelle à votre aide, s'il vous plait, pour essayer d'éradiquer ce fléau.
Merci
A voir également:
- [Troajn-Virus]trojan-downloader-conhook
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Virus mcafee - Accueil - Piratage
- Freemake video downloader - Télécharger - Téléchargement & Transfert
- Flash video downloader - Télécharger - Téléchargement & Transfert
- Youtube downloader - Télécharger - Conversion & Codecs
31 réponses
Salut
C est des cookies = traces de surfs.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Coche Run VundoFix as a task.
Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
C est des cookies = traces de surfs.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Coche Run VundoFix as a task.
Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
J'ai enregistré VundoFix sur mon bureau, je l'ai lancé, j'ai coché "Run VundoFix as a task", ça l'a relancé, j'ai fait "Scan for Vundo" et ça me dit que ça n'a trouvé aucun fichier infecté. J'ai tout de même cliqué sur "Remove Vundo", au cas où, mais ça me dit qu'aucun fichier infecté n'est trouvé et que VundoFix va se fermer. Et il se ferme ...
Voilà, donc ça ne trouve rien
Voilà, donc ça ne trouve rien
********
19:27: | Start of Session, samedi 15 juillet 2006 |
19:27: Spy Sweeper started
19:27: Sweep initiated using definitions version 719
19:27: Starting Memory Sweep
19:35: Memory Sweep Complete, Elapsed Time: 00:07:52
19:35: Starting Registry Sweep
19:35: Registry Sweep Complete, Elapsed Time:00:00:10
19:35: Starting Cookie Sweep
19:35: Found Spy Cookie: atlas dmt cookie
19:35: louiz@atdmt[2].txt (ID = 2253)
19:35: Found Spy Cookie: bluestreak cookie
19:35: louiz@bluestreak[1].txt (ID = 2314)
19:35: Cookie Sweep Complete, Elapsed Time: 00:00:00
19:35: Starting File Sweep
19:58: File Sweep Complete, Elapsed Time: 00:22:12
19:58: Full Sweep has completed. Elapsed time 00:30:17
19:58: Traces Found: 2
20:00: Removal process initiated
20:00: Quarantining All Traces: atlas dmt cookie
20:00: Quarantining All Traces: bluestreak cookie
20:00: Removal process completed. Elapsed time 00:00:00
********
19:27: | Start of Session, samedi 15 juillet 2006 |
19:27: Spy Sweeper started
19:27: Sweep initiated using definitions version 719
19:27: Starting Memory Sweep
19:27: Sweep Canceled
19:27: Memory Sweep Complete, Elapsed Time: 00:00:23
19:27: Traces Found: 0
19:27: | End of Session, samedi 15 juillet 2006 |
********
17:58: | Start of Session, samedi 15 juillet 2006 |
17:58: Spy Sweeper started
17:58: Sweep initiated using definitions version 719
17:58: Starting Memory Sweep
18:03: Memory Sweep Complete, Elapsed Time: 00:05:16
18:03: Starting Registry Sweep
18:03: Registry Sweep Complete, Elapsed Time:00:00:08
18:03: Starting Cookie Sweep
18:03: Found Spy Cookie: atlas dmt cookie
18:03: louiz@atdmt[2].txt (ID = 2253)
18:03: Found Spy Cookie: bluestreak cookie
18:03: louiz@bluestreak[1].txt (ID = 2314)
18:03: Cookie Sweep Complete, Elapsed Time: 00:00:00
18:03: Starting File Sweep
18:23: File Sweep Complete, Elapsed Time: 00:19:57
18:23: Full Sweep has completed. Elapsed time 00:25:27
18:23: Traces Found: 2
18:29: Removal process initiated
18:29: Quarantining All Traces: atlas dmt cookie
18:29: Quarantining All Traces: bluestreak cookie
18:29: Removal process completed. Elapsed time 00:00:00
18:57: Deletion from quarantine initiated
18:57: Processing: atlas dmt cookie
18:57: Processing: bluestreak cookie
18:57: Processing: trojan agent winlogonhook
18:57: Processing: trojan-downloader-conhook
18:57: Deletion from quarantine completed. Elapsed time 00:00:00
19:27: | End of Session, samedi 15 juillet 2006 |
********
14:47: | Start of Session, samedi 15 juillet 2006 |
14:47: Spy Sweeper started
14:47: Sweep initiated using definitions version 719
14:47: Starting Memory Sweep
14:53: Memory Sweep Complete, Elapsed Time: 00:05:54
14:53: Starting Registry Sweep
14:53: Found Trojan Horse: trojan agent winlogonhook
14:53: HKLM\software\microsoft\mssmgr\ (12 subtraces) (ID = 937101)
14:53: Registry Sweep Complete, Elapsed Time:00:00:08
14:53: Starting Cookie Sweep
14:53: Found Spy Cookie: atlas dmt cookie
14:53: louiz@atdmt[1].txt (ID = 2253)
14:53: Cookie Sweep Complete, Elapsed Time: 00:00:01
14:53: Starting File Sweep
15:11: File Sweep Complete, Elapsed Time: 00:18:09
15:11: Full Sweep has completed. Elapsed time 00:24:11
15:11: Traces Found: 14
15:23: Removal process initiated
15:23: Quarantining All Traces: trojan agent winlogonhook
15:23: Quarantining All Traces: atlas dmt cookie
15:23: Removal process completed. Elapsed time 00:00:00
17:57: Processing Startup Alerts
17:57: Allowed Startup entry: msnmsgr
17:58: | End of Session, samedi 15 juillet 2006 |
********
12:18: | Start of Session, samedi 15 juillet 2006 |
12:18: Spy Sweeper started
12:18: Sweep initiated using definitions version 719
12:18: Found Trojan Horse: trojan-downloader-conhook
12:18: HKCR\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\ (2 subtraces) (ID = 1375012)
12:18: yayxuvu.dll (ID = 1375012)
12:18: Starting Memory Sweep
12:23: Found Trojan Horse: trojan agent winlogonhook
12:23: Detected running threat: c:\WINDOWS\system32\winzoa32.dll (ID = 416)
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: Memory Sweep Complete, Elapsed Time: 00:17:11
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: Starting Registry Sweep
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation allowed at user request
12:36: HKLM\software\microsoft\mssmgr\ (12 subtraces) (ID = 937101)
12:36: HKCR\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (3 subtraces) (ID = 1374116)
12:36: HKLM\software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (3 subtraces) (ID = 1374128)
12:36: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (ID = 1374138)
12:36: HKLM\software\microsoft\windows\currentversion\explorer\shellexecutehooks\ || {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (ID = 1374139)
12:36: Registry Sweep Complete, Elapsed Time:00:00:48
12:36: Starting Cookie Sweep
12:36: Found Spy Cookie: adultfriendfinder cookie
12:36: louiz@adultfriendfinder[2].txt (ID = 2165)
12:36: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:36: Starting File Sweep
12:44: Warning: Failed to read file "c:\documents and settings\louiz\mes documents\windowblinds5_public.exe". System Error. Code: 8.
Espace insuffisant pour traiter cette commande
12:49: Warning: Failed to read file "c:\program files\mozilla firefox\avg71f_395a764.exe". System Error. Code: 8.
Espace insuffisant pour traiter cette commande
13:06: File Sweep Complete, Elapsed Time: 00:30:08
13:06: Full Sweep has completed. Elapsed time 00:48:17
13:06: Traces Found: 29
13:53: Removal process initiated
13:53: Quarantining All Traces: trojan agent winlogonhook
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Failed to quarantine trojan agent winlogonhook
13:53: Failed to quarantine HKLM: software\microsoft\mssmgr\
13:53: Failed to quarantine c:\WINDOWS\system32\winzoa32.dll
13:53: Quarantining All Traces: trojan-downloader-conhook
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Failed to quarantine trojan-downloader-conhook
13:53: Failed to quarantine yayxuvu.dll
13:53: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\
13:53: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
13:53: Failed to quarantine HKLM: software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
13:53: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
13:53: Quarantining All Traces: adultfriendfinder cookie
13:53: Warning: Out of memory
13:53: Failed to quarantine adultfriendfinder cookie
13:53: Failed to quarantine louiz@adultfriendfinder[2].txt
13:53: Removal process completed. Elapsed time 00:00:18
14:22: Removal process initiated
14:22: Quarantining All Traces: trojan agent winlogonhook
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Failed to quarantine trojan agent winlogonhook
14:22: Failed to quarantine HKLM: software\microsoft\mssmgr\
14:22: Failed to quarantine c:\WINDOWS\system32\winzoa32.dll
14:22: Quarantining All Traces: trojan-downloader-conhook
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Failed to quarantine trojan-downloader-conhook
14:22: Failed to quarantine yayxuvu.dll
14:22: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\
14:22: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:22: Failed to quarantine HKLM: software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:22: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:22: Quarantining All Traces: adultfriendfinder cookie
14:22: Warning: Out of memory
14:22: Failed to quarantine adultfriendfinder cookie
14:22: Failed to quarantine louiz@adultfriendfinder[2].txt
14:22: Removal process completed. Elapsed time 00:00:05
14:23: Removal process initiated
14:23: Quarantining All Traces: trojan agent winlogonhook
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Failed to quarantine trojan agent winlogonhook
14:23: Failed to quarantine HKLM: software\microsoft\mssmgr\
14:23: Failed to quarantine c:\WINDOWS\system32\winzoa32.dll
14:23: Quarantining All Traces: trojan-downloader-conhook
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Failed to quarantine trojan-downloader-conhook
14:23: Failed to quarantine yayxuvu.dll
14:23: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\
14:23: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:23: Failed to quarantine HKLM: software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:23: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:23: Quarantining All Traces: adultfriendfinder cookie
14:23: Removal process completed. Elapsed time 00:00:05
14:33: Processing Startup Alerts
14:33: Allowed Startup entry: msnmsgr
14:39: Processing Startup Alerts
14:39: Allowed Startup entry: msnmsgr
14:47: | End of Session, samedi 15 juillet 2006 |
********
12:15: | Start of Session, samedi 15 juillet 2006 |
12:15: Spy Sweeper started
12:18: Your spyware definitions have been updated.
12:18: | End of Session, samedi 15 juillet 2006 |
Voilà, toujours ces deux cookies.
http://img85.imageshack.us/img85/1958/screen01uo1.jpg
Peut-être suffirait-il de les supprimer manuellement, non ?
(enfin, je dis ça, je sais pas :p)
19:27: | Start of Session, samedi 15 juillet 2006 |
19:27: Spy Sweeper started
19:27: Sweep initiated using definitions version 719
19:27: Starting Memory Sweep
19:35: Memory Sweep Complete, Elapsed Time: 00:07:52
19:35: Starting Registry Sweep
19:35: Registry Sweep Complete, Elapsed Time:00:00:10
19:35: Starting Cookie Sweep
19:35: Found Spy Cookie: atlas dmt cookie
19:35: louiz@atdmt[2].txt (ID = 2253)
19:35: Found Spy Cookie: bluestreak cookie
19:35: louiz@bluestreak[1].txt (ID = 2314)
19:35: Cookie Sweep Complete, Elapsed Time: 00:00:00
19:35: Starting File Sweep
19:58: File Sweep Complete, Elapsed Time: 00:22:12
19:58: Full Sweep has completed. Elapsed time 00:30:17
19:58: Traces Found: 2
20:00: Removal process initiated
20:00: Quarantining All Traces: atlas dmt cookie
20:00: Quarantining All Traces: bluestreak cookie
20:00: Removal process completed. Elapsed time 00:00:00
********
19:27: | Start of Session, samedi 15 juillet 2006 |
19:27: Spy Sweeper started
19:27: Sweep initiated using definitions version 719
19:27: Starting Memory Sweep
19:27: Sweep Canceled
19:27: Memory Sweep Complete, Elapsed Time: 00:00:23
19:27: Traces Found: 0
19:27: | End of Session, samedi 15 juillet 2006 |
********
17:58: | Start of Session, samedi 15 juillet 2006 |
17:58: Spy Sweeper started
17:58: Sweep initiated using definitions version 719
17:58: Starting Memory Sweep
18:03: Memory Sweep Complete, Elapsed Time: 00:05:16
18:03: Starting Registry Sweep
18:03: Registry Sweep Complete, Elapsed Time:00:00:08
18:03: Starting Cookie Sweep
18:03: Found Spy Cookie: atlas dmt cookie
18:03: louiz@atdmt[2].txt (ID = 2253)
18:03: Found Spy Cookie: bluestreak cookie
18:03: louiz@bluestreak[1].txt (ID = 2314)
18:03: Cookie Sweep Complete, Elapsed Time: 00:00:00
18:03: Starting File Sweep
18:23: File Sweep Complete, Elapsed Time: 00:19:57
18:23: Full Sweep has completed. Elapsed time 00:25:27
18:23: Traces Found: 2
18:29: Removal process initiated
18:29: Quarantining All Traces: atlas dmt cookie
18:29: Quarantining All Traces: bluestreak cookie
18:29: Removal process completed. Elapsed time 00:00:00
18:57: Deletion from quarantine initiated
18:57: Processing: atlas dmt cookie
18:57: Processing: bluestreak cookie
18:57: Processing: trojan agent winlogonhook
18:57: Processing: trojan-downloader-conhook
18:57: Deletion from quarantine completed. Elapsed time 00:00:00
19:27: | End of Session, samedi 15 juillet 2006 |
********
14:47: | Start of Session, samedi 15 juillet 2006 |
14:47: Spy Sweeper started
14:47: Sweep initiated using definitions version 719
14:47: Starting Memory Sweep
14:53: Memory Sweep Complete, Elapsed Time: 00:05:54
14:53: Starting Registry Sweep
14:53: Found Trojan Horse: trojan agent winlogonhook
14:53: HKLM\software\microsoft\mssmgr\ (12 subtraces) (ID = 937101)
14:53: Registry Sweep Complete, Elapsed Time:00:00:08
14:53: Starting Cookie Sweep
14:53: Found Spy Cookie: atlas dmt cookie
14:53: louiz@atdmt[1].txt (ID = 2253)
14:53: Cookie Sweep Complete, Elapsed Time: 00:00:01
14:53: Starting File Sweep
15:11: File Sweep Complete, Elapsed Time: 00:18:09
15:11: Full Sweep has completed. Elapsed time 00:24:11
15:11: Traces Found: 14
15:23: Removal process initiated
15:23: Quarantining All Traces: trojan agent winlogonhook
15:23: Quarantining All Traces: atlas dmt cookie
15:23: Removal process completed. Elapsed time 00:00:00
17:57: Processing Startup Alerts
17:57: Allowed Startup entry: msnmsgr
17:58: | End of Session, samedi 15 juillet 2006 |
********
12:18: | Start of Session, samedi 15 juillet 2006 |
12:18: Spy Sweeper started
12:18: Sweep initiated using definitions version 719
12:18: Found Trojan Horse: trojan-downloader-conhook
12:18: HKCR\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\ (2 subtraces) (ID = 1375012)
12:18: yayxuvu.dll (ID = 1375012)
12:18: Starting Memory Sweep
12:23: Found Trojan Horse: trojan agent winlogonhook
12:23: Detected running threat: c:\WINDOWS\system32\winzoa32.dll (ID = 416)
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: Memory Sweep Complete, Elapsed Time: 00:17:11
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: Starting Registry Sweep
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation allowed at user request
12:36: HKLM\software\microsoft\mssmgr\ (12 subtraces) (ID = 937101)
12:36: HKCR\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (3 subtraces) (ID = 1374116)
12:36: HKLM\software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (3 subtraces) (ID = 1374128)
12:36: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (ID = 1374138)
12:36: HKLM\software\microsoft\windows\currentversion\explorer\shellexecutehooks\ || {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (ID = 1374139)
12:36: Registry Sweep Complete, Elapsed Time:00:00:48
12:36: Starting Cookie Sweep
12:36: Found Spy Cookie: adultfriendfinder cookie
12:36: louiz@adultfriendfinder[2].txt (ID = 2165)
12:36: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:36: Starting File Sweep
12:44: Warning: Failed to read file "c:\documents and settings\louiz\mes documents\windowblinds5_public.exe". System Error. Code: 8.
Espace insuffisant pour traiter cette commande
12:49: Warning: Failed to read file "c:\program files\mozilla firefox\avg71f_395a764.exe". System Error. Code: 8.
Espace insuffisant pour traiter cette commande
13:06: File Sweep Complete, Elapsed Time: 00:30:08
13:06: Full Sweep has completed. Elapsed time 00:48:17
13:06: Traces Found: 29
13:53: Removal process initiated
13:53: Quarantining All Traces: trojan agent winlogonhook
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Failed to quarantine trojan agent winlogonhook
13:53: Failed to quarantine HKLM: software\microsoft\mssmgr\
13:53: Failed to quarantine c:\WINDOWS\system32\winzoa32.dll
13:53: Quarantining All Traces: trojan-downloader-conhook
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Failed to quarantine trojan-downloader-conhook
13:53: Failed to quarantine yayxuvu.dll
13:53: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\
13:53: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
13:53: Failed to quarantine HKLM: software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
13:53: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
13:53: Quarantining All Traces: adultfriendfinder cookie
13:53: Warning: Out of memory
13:53: Failed to quarantine adultfriendfinder cookie
13:53: Failed to quarantine louiz@adultfriendfinder[2].txt
13:53: Removal process completed. Elapsed time 00:00:18
14:22: Removal process initiated
14:22: Quarantining All Traces: trojan agent winlogonhook
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Failed to quarantine trojan agent winlogonhook
14:22: Failed to quarantine HKLM: software\microsoft\mssmgr\
14:22: Failed to quarantine c:\WINDOWS\system32\winzoa32.dll
14:22: Quarantining All Traces: trojan-downloader-conhook
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Failed to quarantine trojan-downloader-conhook
14:22: Failed to quarantine yayxuvu.dll
14:22: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\
14:22: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:22: Failed to quarantine HKLM: software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:22: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:22: Quarantining All Traces: adultfriendfinder cookie
14:22: Warning: Out of memory
14:22: Failed to quarantine adultfriendfinder cookie
14:22: Failed to quarantine louiz@adultfriendfinder[2].txt
14:22: Removal process completed. Elapsed time 00:00:05
14:23: Removal process initiated
14:23: Quarantining All Traces: trojan agent winlogonhook
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Failed to quarantine trojan agent winlogonhook
14:23: Failed to quarantine HKLM: software\microsoft\mssmgr\
14:23: Failed to quarantine c:\WINDOWS\system32\winzoa32.dll
14:23: Quarantining All Traces: trojan-downloader-conhook
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Failed to quarantine trojan-downloader-conhook
14:23: Failed to quarantine yayxuvu.dll
14:23: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\
14:23: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:23: Failed to quarantine HKLM: software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:23: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:23: Quarantining All Traces: adultfriendfinder cookie
14:23: Removal process completed. Elapsed time 00:00:05
14:33: Processing Startup Alerts
14:33: Allowed Startup entry: msnmsgr
14:39: Processing Startup Alerts
14:39: Allowed Startup entry: msnmsgr
14:47: | End of Session, samedi 15 juillet 2006 |
********
12:15: | Start of Session, samedi 15 juillet 2006 |
12:15: Spy Sweeper started
12:18: Your spyware definitions have been updated.
12:18: | End of Session, samedi 15 juillet 2006 |
Voilà, toujours ces deux cookies.
http://img85.imageshack.us/img85/1958/screen01uo1.jpg
Peut-être suffirait-il de les supprimer manuellement, non ?
(enfin, je dis ça, je sais pas :p)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut
Pour les cookies oui, supprime les manuellement.
Sinon tu vas dans panneau de configuration < option internet < onglet general < supprimer cookies.
Puis:
1/
télécharge : process xp ici:
http://www.sysinternals.com/files/procexpnt.zip
Téléchargement :
http://www.killbox.net/downloads/KillBox.exe
2/
Déconnecte toi du net.
Ferme tous les programmes en cours (média player, internet explorer, ...etc)
3/
Dézippe (clic droit > extraire) process xp et double clic sur processxp.exe
* Dans la fenêtre principale de processxp double clic sur winlogon.exe
Dans la nouvelle fenêtre qui s'ouvre clique sur threads
sélectionne seulement les lignes qui contiennent winzoa32.dll puis clique sur kill pour chacune des lignes trouvées.
une fois fait, valide avec ok
* Dans la fenêtre principale de processxp double clic sur explorer.exe
Dans la nouvelle fenêtre qui s'ouvre clique sur threads
sélectionner seulement les lignes qui contiennent winzoa32.dll puis clique sur kill pour chacune des lignes trouvées.
une fois fait, valide avec ok
****
* Dans la fenêtre principale de processxp double clic sur winlogon.exe
Dans la nouvelle fenêtre qui s'ouvre clique sur threads
sélectionne seulement les lignes qui contiennent yayxuvu.dll puis clique sur kill pour chacune des lignes trouvées.
une fois fait, valide avec ok
* Dans la fenêtre principale de processxp double clic sur explorer.exe
Dans la nouvelle fenêtre qui s'ouvre clique sur threads
sélectionner seulement les lignes qui contiennent yayxuvu.dll puis clique sur kill pour chacune des lignes trouvées.
une fois fait, valide avec ok
4/
Double clic sur killbox.exe (Pocket Killbox)
- Dans "Full Path of File to Delete"
- -Sélectionne "single File"
copie et colle:
c:\WINDOWS\system32\winzoa32.dll
- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- coche: delete on reboot
copie et colle:
C:\WINDOWS\SYSTEM32\yayxuvu.dll
- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES
Si ce message s’affiche ignore le :
http://tinypic.com/images/goodbye.jpg
Laisse le pc redémarrer.
Et après reposte un rapport spy swepper.
A+
Pour les cookies oui, supprime les manuellement.
Sinon tu vas dans panneau de configuration < option internet < onglet general < supprimer cookies.
Puis:
1/
télécharge : process xp ici:
http://www.sysinternals.com/files/procexpnt.zip
Téléchargement :
http://www.killbox.net/downloads/KillBox.exe
2/
Déconnecte toi du net.
Ferme tous les programmes en cours (média player, internet explorer, ...etc)
3/
Dézippe (clic droit > extraire) process xp et double clic sur processxp.exe
* Dans la fenêtre principale de processxp double clic sur winlogon.exe
Dans la nouvelle fenêtre qui s'ouvre clique sur threads
sélectionne seulement les lignes qui contiennent winzoa32.dll puis clique sur kill pour chacune des lignes trouvées.
une fois fait, valide avec ok
* Dans la fenêtre principale de processxp double clic sur explorer.exe
Dans la nouvelle fenêtre qui s'ouvre clique sur threads
sélectionner seulement les lignes qui contiennent winzoa32.dll puis clique sur kill pour chacune des lignes trouvées.
une fois fait, valide avec ok
****
* Dans la fenêtre principale de processxp double clic sur winlogon.exe
Dans la nouvelle fenêtre qui s'ouvre clique sur threads
sélectionne seulement les lignes qui contiennent yayxuvu.dll puis clique sur kill pour chacune des lignes trouvées.
une fois fait, valide avec ok
* Dans la fenêtre principale de processxp double clic sur explorer.exe
Dans la nouvelle fenêtre qui s'ouvre clique sur threads
sélectionner seulement les lignes qui contiennent yayxuvu.dll puis clique sur kill pour chacune des lignes trouvées.
une fois fait, valide avec ok
4/
Double clic sur killbox.exe (Pocket Killbox)
- Dans "Full Path of File to Delete"
- -Sélectionne "single File"
copie et colle:
c:\WINDOWS\system32\winzoa32.dll
- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- coche: delete on reboot
copie et colle:
C:\WINDOWS\SYSTEM32\yayxuvu.dll
- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES
Si ce message s’affiche ignore le :
http://tinypic.com/images/goodbye.jpg
Laisse le pc redémarrer.
Et après reposte un rapport spy swepper.
A+
Hey bien Spy Sweeper ne trouve plus rien.
Je n'ai plus de popup ou de pub. J'ai donc l'impression de ne plus être infecté.
J'ai fait un hijackthis, pour vérifier, que voici :
Logfile of HijackThis v1.99.1
Scan saved at 21:20:37, on 15/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\Louiz\Bureau\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Screenshot Utility.lnk = C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: winzoa32 - winzoa32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Et j'ai une question : pour ne plus (enfin, au minimum) risquer d'être réinfectée, quels logiciels me conseilles-tu d'utiliser (antivirus, firewall, anti-spyware), gratuits. (comme ewido et Spy Sweeper ne le sont pas, je sais pas trop quoi prendre)
J'ai essayé Zone Alarm, mais à l'installation il m'annonce qu'il y a un problème de compatibilité avec Avast!, mon Antivirus actuel.
Donc si tu as des conseils de logiciels performants je suis preneuse :)
En tout cas, merci beaucoup pour tout ce que tu as fait !
Je n'ai plus de popup ou de pub. J'ai donc l'impression de ne plus être infecté.
J'ai fait un hijackthis, pour vérifier, que voici :
Logfile of HijackThis v1.99.1
Scan saved at 21:20:37, on 15/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\Louiz\Bureau\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Screenshot Utility.lnk = C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: winzoa32 - winzoa32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Et j'ai une question : pour ne plus (enfin, au minimum) risquer d'être réinfectée, quels logiciels me conseilles-tu d'utiliser (antivirus, firewall, anti-spyware), gratuits. (comme ewido et Spy Sweeper ne le sont pas, je sais pas trop quoi prendre)
J'ai essayé Zone Alarm, mais à l'installation il m'annonce qu'il y a un problème de compatibilité avec Avast!, mon Antivirus actuel.
Donc si tu as des conseils de logiciels performants je suis preneuse :)
En tout cas, merci beaucoup pour tout ce que tu as fait !
Re
Tu peux fixer ceci:
O20 - Winlogon Notify: winzoa32 - winzoa32.dll (file missing)
Et C'est ok !
Pour avast et ZA, il indique une incompatibilité mais laisse ca de coté, tu n auras pas de soucis avec ces 2 la.(quoi que, en ce moment avec zone alarme, il y a quelques soucis, privilégie Kerio comme pare feu)
Pour d autres logiciels gratuits pour ta securité, regarde ici:
http://entraide.aceboard.fr/175280-2008-988-0-Securiser-Proteger-ordinateur-contr...
Y'a pas de quoi, ce fut un plaisir. J 'avoue que toute cette bataille ma pompé toute mon energie, je vais pas tarder sur le forum ce soir lol
Bonne soirée
Tu peux fixer ceci:
O20 - Winlogon Notify: winzoa32 - winzoa32.dll (file missing)
Et C'est ok !
Pour avast et ZA, il indique une incompatibilité mais laisse ca de coté, tu n auras pas de soucis avec ces 2 la.(quoi que, en ce moment avec zone alarme, il y a quelques soucis, privilégie Kerio comme pare feu)
Pour d autres logiciels gratuits pour ta securité, regarde ici:
http://entraide.aceboard.fr/175280-2008-988-0-Securiser-Proteger-ordinateur-contr...
Y'a pas de quoi, ce fut un plaisir. J 'avoue que toute cette bataille ma pompé toute mon energie, je vais pas tarder sur le forum ce soir lol
Bonne soirée
Merci beaucoup, encore une fois.
Ce que vous faites, bénévolement, pour aider les gens comme moi, je trouve ça admirable.
(ah oui "Problème résolu (merci de poster un message récapitulant la solution) "
Beh, la solution : faire ce que Regis59 dit de faire^^)
Bon voilà, à bientôt
Ce que vous faites, bénévolement, pour aider les gens comme moi, je trouve ça admirable.
(ah oui "Problème résolu (merci de poster un message récapitulant la solution) "
Beh, la solution : faire ce que Regis59 dit de faire^^)
Bon voilà, à bientôt
Mdrrrrrrrr
Bhé content que mon service vous ai plus.
Il y a beaucoup de personne qui oeuvre comme moi a garder nos PC en bonne santé !
Surtout n hesitez pas a en parler autour de vous, vraiment ! Porteger son pc est vraiment capitale, tant pour sa vie privée, que pour ses achats sur internet pour ceux qui en font.
Merci pour tes messages, j ai pris beaucoup plaisir a te répondre !
Bonne soirée ^^
Bhé content que mon service vous ai plus.
Il y a beaucoup de personne qui oeuvre comme moi a garder nos PC en bonne santé !
Surtout n hesitez pas a en parler autour de vous, vraiment ! Porteger son pc est vraiment capitale, tant pour sa vie privée, que pour ses achats sur internet pour ceux qui en font.
Merci pour tes messages, j ai pris beaucoup plaisir a te répondre !
Bonne soirée ^^
