[virus] faux antivirus mais vrai virus
Fermé
Delphine
-
29 juil. 2006 à 18:54
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 - 27 avril 2007 à 23:25
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 - 27 avril 2007 à 23:25
A voir également:
- [virus] faux antivirus mais vrai virus
- Faux message virus ordinateur - Accueil - Arnaque
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Operagxsetup virus ✓ - Forum Virus
- Tinyurl.com virus - Forum Virus
17 réponses
incognito02
Messages postés
3487
Date d'inscription
vendredi 28 octobre 2005
Statut
Contributeur
Dernière intervention
17 août 2008
138
29 juil. 2006 à 21:21
29 juil. 2006 à 21:21
Bonsoir Delphine,
Dans un premier temps, fait déja tout cela :
telecharge et execute ces antispywares ( pense a les mettre a jour avant de les lancer)
(1) ad-aware version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
***
(2) spybot version 1.4
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
***
et aussi ceci
(3) Ccleaner :
Télécharge Ccleaner ici :
https://www.ccleaner.com/ccleaner/download
Tutorial ici:
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
(4) Ewido
http://download.ewido.net/ewido-setup.exe
Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour.
Clique sur scanner puis sur scan complet du système.
Puis colle le rapport sur le forum
(5) Pour vérifier, scanne ton PC avec cet antivirus en ligne :
https://www.kaspersky.fr/downloads
(6) télécharge HijackThis ici:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
Bon courage
A+
Dans un premier temps, fait déja tout cela :
telecharge et execute ces antispywares ( pense a les mettre a jour avant de les lancer)
(1) ad-aware version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
***
(2) spybot version 1.4
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
***
et aussi ceci
(3) Ccleaner :
Télécharge Ccleaner ici :
https://www.ccleaner.com/ccleaner/download
Tutorial ici:
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
(4) Ewido
http://download.ewido.net/ewido-setup.exe
Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour.
Clique sur scanner puis sur scan complet du système.
Puis colle le rapport sur le forum
(5) Pour vérifier, scanne ton PC avec cet antivirus en ligne :
https://www.kaspersky.fr/downloads
(6) télécharge HijackThis ici:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
Bon courage
A+
Bonsoir,
Voila les deux rapports:
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 22:49:23 29/07/2006
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{873eb32d-ae1a-4183-89bd-45a77f761be4} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{93ac7c30-3878-4eaa-9420-7977285df5b1} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{873eb32d-ae1a-4183-89bd-45a77f761be4} -> Adware.Generic : No action taken.
HKU\S-1-5-21-582286824-305360367-2062686702-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : No action taken.
C:\WINDOWS\system32\drivers\Wingen\LSASS.exe -> Backdoor.Hupigon.hk : No action taken.
C:\WINDOWS\system32\drivers\Wingen\service.exe -> Backdoor.Iroffer.b : No action taken.
C:\WINDOWS\system32\sysiasvc32.dll -> Dialer.EGroup.u : No action taken.
C:\WINDOWS\system32\EGACCESS.dll -> Dialer.InstantAccess.r : No action taken.
C:\WINDOWS\system32\egaccess4_1060.dll -> Dialer.InstantAccess.r : No action taken.
C:\WINDOWS\Downloaded Program Files\575b8176aca4bdd0ce6dbc87d220c658_13.exe -> Downloader.Small.bwy : No action taken.
C:\WINDOWS\system32\ishost.exe -> Downloader.Zlob.aau : No action taken.
C:\WINDOWS\system32\ismon.exe -> Downloader.Zlob.aau : No action taken.
[1932] C:\WINDOWS\system32\ishost.exe -> Downloader.Zlob.aau : No action taken.
[280] C:\WINDOWS\system32\ismon.exe -> Downloader.Zlob.aau : No action taken.
C:\WINDOWS\system32\components\flx5.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : No action taken.
C:\WINDOWS\system32\pmnqguh.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : No action taken.
[1624] C:\WINDOWS\system32\pmnqguh.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@112.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@estat[1].txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@estat[1].txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@www.etracker[2].txt -> TrackingCookie.Etracker : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@as1.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@ehg-neuftelecom.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@ehg-foxsports.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\Temp\MT\MonLiveShow.exe -> Trojan.Dialer.eg : No action taken.
C:\WINDOWS\Temp\MT\videos_stars_nues.exe -> Trojan.Dialer.eg : No action taken.
C:\WINDOWS\system32\egaccess4_1059.dll -> Trojan.Dialer.pc : No action taken.
C:\WINDOWS\system32\winowl32.dll -> Trojan.Mezzia : No action taken.
C:\WINDOWS\eg_auth_1049.dll -> Trojan.P2E.cl : No action taken.
C:\WINDOWS\system32\eg_auth_srv_1049.dll -> Trojan.P2E.cl : No action taken.
C:\WINDOWS\ms_upd.exe -> Trojan.Small : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : No action taken.
C:\Program Files\Fichiers communs\{FC914FA3-0640-1036-0217-050514040021}\Update.exe -> Trojan.Starter.65 : No action taken.
[420] C:\Program Files\Fichiers communs\{FC914FA3-0640-1036-0217-050514040021}\Update.exe -> Trojan.Starter.65 : No action taken.
::Report end
et voila aussi le rapport de hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 22:53:46, on 29/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\USB Storage RW\DskWatch.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\system32\ismon.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\WINDOWS\vsnct511.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\Le Dréau\Mes documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [USB Storage RW] C:\Program Files\USB Storage RW\DskWatch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [SNCT511] C:\WINDOWS\vsnct511.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O14 - IERESET.INF: START_PAGE_URL=https://www.targa.gmbh/eng/targa/
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/e4d97926e15e69ee892056a9826d011c_35.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3436342D2D2D.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_s...
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Insta...
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - https://www.afternic.com/domains/downloadv3.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: winowl32 - C:\WINDOWS\SYSTEM32\winowl32.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Merçi de me donner la marche a suivre maintenant.
bonne soirée
Voila les deux rapports:
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 22:49:23 29/07/2006
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{873eb32d-ae1a-4183-89bd-45a77f761be4} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{93ac7c30-3878-4eaa-9420-7977285df5b1} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{873eb32d-ae1a-4183-89bd-45a77f761be4} -> Adware.Generic : No action taken.
HKU\S-1-5-21-582286824-305360367-2062686702-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : No action taken.
C:\WINDOWS\system32\drivers\Wingen\LSASS.exe -> Backdoor.Hupigon.hk : No action taken.
C:\WINDOWS\system32\drivers\Wingen\service.exe -> Backdoor.Iroffer.b : No action taken.
C:\WINDOWS\system32\sysiasvc32.dll -> Dialer.EGroup.u : No action taken.
C:\WINDOWS\system32\EGACCESS.dll -> Dialer.InstantAccess.r : No action taken.
C:\WINDOWS\system32\egaccess4_1060.dll -> Dialer.InstantAccess.r : No action taken.
C:\WINDOWS\Downloaded Program Files\575b8176aca4bdd0ce6dbc87d220c658_13.exe -> Downloader.Small.bwy : No action taken.
C:\WINDOWS\system32\ishost.exe -> Downloader.Zlob.aau : No action taken.
C:\WINDOWS\system32\ismon.exe -> Downloader.Zlob.aau : No action taken.
[1932] C:\WINDOWS\system32\ishost.exe -> Downloader.Zlob.aau : No action taken.
[280] C:\WINDOWS\system32\ismon.exe -> Downloader.Zlob.aau : No action taken.
C:\WINDOWS\system32\components\flx5.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : No action taken.
C:\WINDOWS\system32\pmnqguh.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : No action taken.
[1624] C:\WINDOWS\system32\pmnqguh.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@112.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@estat[1].txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@estat[1].txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@www.etracker[2].txt -> TrackingCookie.Etracker : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@as1.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@ehg-neuftelecom.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@ehg-foxsports.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\Temp\MT\MonLiveShow.exe -> Trojan.Dialer.eg : No action taken.
C:\WINDOWS\Temp\MT\videos_stars_nues.exe -> Trojan.Dialer.eg : No action taken.
C:\WINDOWS\system32\egaccess4_1059.dll -> Trojan.Dialer.pc : No action taken.
C:\WINDOWS\system32\winowl32.dll -> Trojan.Mezzia : No action taken.
C:\WINDOWS\eg_auth_1049.dll -> Trojan.P2E.cl : No action taken.
C:\WINDOWS\system32\eg_auth_srv_1049.dll -> Trojan.P2E.cl : No action taken.
C:\WINDOWS\ms_upd.exe -> Trojan.Small : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : No action taken.
C:\Program Files\Fichiers communs\{FC914FA3-0640-1036-0217-050514040021}\Update.exe -> Trojan.Starter.65 : No action taken.
[420] C:\Program Files\Fichiers communs\{FC914FA3-0640-1036-0217-050514040021}\Update.exe -> Trojan.Starter.65 : No action taken.
::Report end
et voila aussi le rapport de hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 22:53:46, on 29/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\USB Storage RW\DskWatch.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\system32\ismon.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\WINDOWS\vsnct511.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\Le Dréau\Mes documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [USB Storage RW] C:\Program Files\USB Storage RW\DskWatch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [SNCT511] C:\WINDOWS\vsnct511.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O14 - IERESET.INF: START_PAGE_URL=https://www.targa.gmbh/eng/targa/
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/e4d97926e15e69ee892056a9826d011c_35.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3436342D2D2D.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_s...
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Insta...
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - https://www.afternic.com/domains/downloadv3.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: winowl32 - C:\WINDOWS\SYSTEM32\winowl32.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Merçi de me donner la marche a suivre maintenant.
bonne soirée
incognito02
Messages postés
3487
Date d'inscription
vendredi 28 octobre 2005
Statut
Contributeur
Dernière intervention
17 août 2008
138
29 juil. 2006 à 23:24
29 juil. 2006 à 23:24
Delphine,
comme l'indique le log Ewido : No action Taken.
Il faut refaire Ewido et demander la mise en quarantaine des fichiers infectés.
surtout, essaye de faire TOUTES les étapes de desinfection et si tu as un problème avec l'une d'elle, tu continues les autres et tu nous fait part de ton problème.
Bon courage.
Bonne nuit.
A+
comme l'indique le log Ewido : No action Taken.
Il faut refaire Ewido et demander la mise en quarantaine des fichiers infectés.
surtout, essaye de faire TOUTES les étapes de desinfection et si tu as un problème avec l'une d'elle, tu continues les autres et tu nous fait part de ton problème.
Bon courage.
Bonne nuit.
A+
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 23:27:05 29/07/2006
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{873eb32d-ae1a-4183-89bd-45a77f761be4} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{93ac7c30-3878-4eaa-9420-7977285df5b1} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{873eb32d-ae1a-4183-89bd-45a77f761be4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-582286824-305360367-2062686702-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\Wingen\LSASS.exe -> Backdoor.Hupigon.hk : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\Wingen\service.exe -> Backdoor.Iroffer.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sysiasvc32.dll -> Dialer.EGroup.u : Cleaned with backup (quarantined).
C:\WINDOWS\system32\EGACCESS.dll -> Dialer.InstantAccess.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\egaccess4_1060.dll -> Dialer.InstantAccess.r : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\575b8176aca4bdd0ce6dbc87d220c658_13.exe -> Downloader.Small.bwy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ishost.exe -> Downloader.Zlob.aau : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ismon.exe -> Downloader.Zlob.aau : Cleaned with backup (quarantined).
[1932] C:\WINDOWS\system32\ishost.exe -> Downloader.Zlob.aau : Error during cleaning.
[280] C:\WINDOWS\system32\ismon.exe -> Downloader.Zlob.aau : Error during cleaning.
C:\WINDOWS\system32\components\flx5.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pmnqguh.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Cleaned with backup (quarantined).
[1624] C:\WINDOWS\system32\pmnqguh.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Error during cleaning.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@www.etracker[2].txt -> TrackingCookie.Etracker : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@ehg-neuftelecom.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@ehg-foxsports.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\MT\MonLiveShow.exe -> Trojan.Dialer.eg : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\MT\videos_stars_nues.exe -> Trojan.Dialer.eg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\egaccess4_1059.dll -> Trojan.Dialer.pc : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winowl32.dll -> Trojan.Mezzia : Cleaned with backup (quarantined).
C:\WINDOWS\eg_auth_1049.dll -> Trojan.P2E.cl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\eg_auth_srv_1049.dll -> Trojan.P2E.cl : Cleaned with backup (quarantined).
C:\WINDOWS\ms_upd.exe -> Trojan.Small : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned with backup (quarantined).
C:\Program Files\Fichiers communs\{FC914FA3-0640-1036-0217-050514040021}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).
[420] C:\Program Files\Fichiers communs\{FC914FA3-0640-1036-0217-050514040021}\Update.exe -> Trojan.Starter.65 : Error during cleaning.
::Report end
---------------------------------------------------------
+ Created at: 23:27:05 29/07/2006
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{873eb32d-ae1a-4183-89bd-45a77f761be4} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{93ac7c30-3878-4eaa-9420-7977285df5b1} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{873eb32d-ae1a-4183-89bd-45a77f761be4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-582286824-305360367-2062686702-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\Wingen\LSASS.exe -> Backdoor.Hupigon.hk : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\Wingen\service.exe -> Backdoor.Iroffer.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sysiasvc32.dll -> Dialer.EGroup.u : Cleaned with backup (quarantined).
C:\WINDOWS\system32\EGACCESS.dll -> Dialer.InstantAccess.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\egaccess4_1060.dll -> Dialer.InstantAccess.r : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\575b8176aca4bdd0ce6dbc87d220c658_13.exe -> Downloader.Small.bwy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ishost.exe -> Downloader.Zlob.aau : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ismon.exe -> Downloader.Zlob.aau : Cleaned with backup (quarantined).
[1932] C:\WINDOWS\system32\ishost.exe -> Downloader.Zlob.aau : Error during cleaning.
[280] C:\WINDOWS\system32\ismon.exe -> Downloader.Zlob.aau : Error during cleaning.
C:\WINDOWS\system32\components\flx5.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pmnqguh.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Cleaned with backup (quarantined).
[1624] C:\WINDOWS\system32\pmnqguh.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Error during cleaning.
C:\Documents and Settings\Le Dréau\Cookies\le dréau@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@www.etracker[2].txt -> TrackingCookie.Etracker : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@ehg-neuftelecom.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@ehg-foxsports.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Cookies\le dréau@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Le Dréau\Local Settings\Temp\Cookies\le dréau@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\MT\MonLiveShow.exe -> Trojan.Dialer.eg : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\MT\videos_stars_nues.exe -> Trojan.Dialer.eg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\egaccess4_1059.dll -> Trojan.Dialer.pc : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winowl32.dll -> Trojan.Mezzia : Cleaned with backup (quarantined).
C:\WINDOWS\eg_auth_1049.dll -> Trojan.P2E.cl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\eg_auth_srv_1049.dll -> Trojan.P2E.cl : Cleaned with backup (quarantined).
C:\WINDOWS\ms_upd.exe -> Trojan.Small : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned with backup (quarantined).
C:\Program Files\Fichiers communs\{FC914FA3-0640-1036-0217-050514040021}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).
[420] C:\Program Files\Fichiers communs\{FC914FA3-0640-1036-0217-050514040021}\Update.exe -> Trojan.Starter.65 : Error during cleaning.
::Report end
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
kouaw
Messages postés
27
Date d'inscription
dimanche 30 juillet 2006
Statut
Membre
Dernière intervention
30 juillet 2006
30 juil. 2006 à 03:40
30 juil. 2006 à 03:40
Je te conseil de desactiver la restauration systeme , passer bitdefender online , Ad-Aware regarder si tu as encore le virus si tu la plus reactive la restauration systeme
si non passe en mode sans echec ( F8 au demarage ) puis va suprimer a la main :
C:\Program Files\Fichiers communs\{FC914FA3-0640-1036-0217-050514040021}\Update.exe
C:\WINDOWS\system32\pmnqguh.dll
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismon.exe
si tu as encore des problemes dit le :)
si non passe en mode sans echec ( F8 au demarage ) puis va suprimer a la main :
C:\Program Files\Fichiers communs\{FC914FA3-0640-1036-0217-050514040021}\Update.exe
C:\WINDOWS\system32\pmnqguh.dll
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismon.exe
si tu as encore des problemes dit le :)
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
30 juil. 2006 à 19:25
30 juil. 2006 à 19:25
Salut
Fais tout simplement ceci:
Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
----------------------------------------------------------------------------
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
A+
Fais tout simplement ceci:
Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
----------------------------------------------------------------------------
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
A+
Bonjour,
voici le rapport:
SmitFraudFix v2.76
Rapport fait à 19:48:56,32, 30/07/2006
Executé à partir de C:\Documents and Settings\Le Dr‚au\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\isnotify.exe PRESENT !
C:\WINDOWS\system32\issearch.exe PRESENT !
C:\WINDOWS\system32\ixt?.dll PRESENT !
C:\WINDOWS\system32\ixt??.dll PRESENT !
C:\WINDOWS\system32\ot.ico PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Le Dr‚au\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LEDRAU~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
voici le rapport:
SmitFraudFix v2.76
Rapport fait à 19:48:56,32, 30/07/2006
Executé à partir de C:\Documents and Settings\Le Dr‚au\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\isnotify.exe PRESENT !
C:\WINDOWS\system32\issearch.exe PRESENT !
C:\WINDOWS\system32\ixt?.dll PRESENT !
C:\WINDOWS\system32\ixt??.dll PRESENT !
C:\WINDOWS\system32\ot.ico PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Le Dr‚au\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LEDRAU~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
30 juil. 2006 à 19:58
30 juil. 2006 à 19:58
Re,
tu peux faire la suite ;-)
a+
tu peux faire la suite ;-)
a+
Bonjour,
Voila le rapport:
SmitFraudFix v2.76
Rapport fait à 19:38:25,92, 31/07/2006
Executé à partir de C:\Documents and Settings\Le Dr‚au\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\system32\isnotify.exe supprimé
C:\WINDOWS\system32\issearch.exe supprimé
C:\WINDOWS\system32\ixt?.dll supprimé
C:\WINDOWS\system32\ot.ico supprimé
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Sauf que j'ai toujours un petit problème c'est que le défillement de mes pages internet explorer est très très ralentit, je voudrais savoir comme y remédier.
Merçi.
PS: je voulais savoir comment ne plus avoir de virus comme ça et protéger mieux mon ordinateur car je ne comprend pas comment il est venu du fait que j'ai un antivirus.
Voila le rapport:
SmitFraudFix v2.76
Rapport fait à 19:38:25,92, 31/07/2006
Executé à partir de C:\Documents and Settings\Le Dr‚au\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\system32\isnotify.exe supprimé
C:\WINDOWS\system32\issearch.exe supprimé
C:\WINDOWS\system32\ixt?.dll supprimé
C:\WINDOWS\system32\ot.ico supprimé
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Sauf que j'ai toujours un petit problème c'est que le défillement de mes pages internet explorer est très très ralentit, je voudrais savoir comme y remédier.
Merçi.
PS: je voulais savoir comment ne plus avoir de virus comme ça et protéger mieux mon ordinateur car je ne comprend pas comment il est venu du fait que j'ai un antivirus.
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
1 août 2006 à 14:23
1 août 2006 à 14:23
Salut
remet un hijack this stp
Pour la protection:
http://entraide.aceboard.fr/175280-2008-988-0-Securiser-Proteger-ordinateur-contr...
Pour le defilement, on verra apres, ton pc est vieux?
a+
remet un hijack this stp
Pour la protection:
http://entraide.aceboard.fr/175280-2008-988-0-Securiser-Proteger-ordinateur-contr...
Pour le defilement, on verra apres, ton pc est vieux?
a+
Bonjour,
Voilà le rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 22:30:53, on 01/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\USB Storage RW\DskWatch.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\WINDOWS\vsnct511.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Le Dréau\Mes documents\Logiciels\Virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [USB Storage RW] C:\Program Files\USB Storage RW\DskWatch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [SNCT511] C:\WINDOWS\vsnct511.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O14 - IERESET.INF: START_PAGE_URL=https://www.targa.gmbh/eng/targa/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_s...
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Insta...
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - https://www.afternic.com/domains/downloadv3.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: winowl32 - winowl32.dll (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Merçi beaucoup pour la protection. Et non mon ordi n'est pas vieux il n'a que 1 ans, mais les problèmes de défillement sont arrivés avec le virus.
Bonne soirée.
Voilà le rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 22:30:53, on 01/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\USB Storage RW\DskWatch.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\WINDOWS\vsnct511.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Le Dréau\Mes documents\Logiciels\Virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [USB Storage RW] C:\Program Files\USB Storage RW\DskWatch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [SNCT511] C:\WINDOWS\vsnct511.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O14 - IERESET.INF: START_PAGE_URL=https://www.targa.gmbh/eng/targa/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_s...
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Insta...
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - https://www.afternic.com/domains/downloadv3.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: winowl32 - winowl32.dll (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Merçi beaucoup pour la protection. Et non mon ordi n'est pas vieux il n'a que 1 ans, mais les problèmes de défillement sont arrivés avec le virus.
Bonne soirée.
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
1 août 2006 à 22:51
1 août 2006 à 22:51
Slt,
Pour avancer
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_s...
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Insta...
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - https://www.afternic.com/domains/downloadv3.com
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
Tu redémarres et tu refais un Hitjacthis
Dis nous koa 2 9
A++
Pour avancer
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_s...
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Insta...
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - https://www.afternic.com/domains/downloadv3.com
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
Tu redémarres et tu refais un Hitjacthis
Dis nous koa 2 9
A++
Bonjour,
Voila le nouveau rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 18:40:34, on 06/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\USB Storage RW\DskWatch.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\WINDOWS\vsnct511.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Le Dréau\Mes documents\Logiciels\Virus\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [USB Storage RW] C:\Program Files\USB Storage RW\DskWatch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [SNCT511] C:\WINDOWS\vsnct511.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O14 - IERESET.INF: START_PAGE_URL=https://www.targa.gmbh/eng/targa/
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winowl32 - winowl32.dll (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Mais ca n'a rien changer, le défillement de mes pages internet est toujours aussi lent. Merçi de ma donner une autre solution. Bonne fin de journée.
Voila le nouveau rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 18:40:34, on 06/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\USB Storage RW\DskWatch.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\WINDOWS\vsnct511.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Le Dréau\Mes documents\Logiciels\Virus\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [USB Storage RW] C:\Program Files\USB Storage RW\DskWatch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [SNCT511] C:\WINDOWS\vsnct511.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O14 - IERESET.INF: START_PAGE_URL=https://www.targa.gmbh/eng/targa/
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winowl32 - winowl32.dll (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Mais ca n'a rien changer, le défillement de mes pages internet est toujours aussi lent. Merçi de ma donner une autre solution. Bonne fin de journée.
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
7 août 2006 à 14:15
7 août 2006 à 14:15
salut
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :
O20 - Winlogon Notify: winowl32 - winowl32.dll (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents).
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
¤Arrête ces services :
Clique sur Démarrer->exécuter->tape: services.msc
Double-clique: Service: Boonty Games
Règle-le sur "Arrêté" et "Désactivé".
redemarre et remet un log
a+
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :
O20 - Winlogon Notify: winowl32 - winowl32.dll (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents).
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
¤Arrête ces services :
Clique sur Démarrer->exécuter->tape: services.msc
Double-clique: Service: Boonty Games
Règle-le sur "Arrêté" et "Désactivé".
redemarre et remet un log
a+
rudyrital
Messages postés
6230
Date d'inscription
lundi 14 novembre 2005
Statut
Membre
Dernière intervention
10 octobre 2009
131
27 avril 2007 à 22:23
27 avril 2007 à 22:23
Bonjour,
Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://perso.orange.fr/rginformatique/section%20virus/demofairesontmessage.htm
@+
Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://perso.orange.fr/rginformatique/section%20virus/demofairesontmessage.htm
@+
mariam2007
Messages postés
3
Date d'inscription
vendredi 27 avril 2007
Statut
Membre
Dernière intervention
27 avril 2007
27 avril 2007 à 22:33
27 avril 2007 à 22:33
est ce que vous pouvez m'aider a desinstaller le faux genuine microsoft software de mon pc svp
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
27 avril 2007 à 23:25
27 avril 2007 à 23:25
Tu as une réponse ==> g telecharger le faux genuine microsoft softw