Pb au démarage!

Résolu
bonnemine321 Messages postés 17 Statut Membre -  
bonnemine321 Messages postés 17 Statut Membre -
Bonjour à tous!
J'ai quelques problèmes au démarage avec mon pc :
-->au démarage le programme RUNDLL me dit : p2esocks_1049.dll, erreur de chargement, module spécifié introuvable
-->l'arrière plan (le joli dessin derrière mon bureau!) s'affiche au début du lancement puis est trés vite remplacé par une toile blanche qui devient belge par moment.
-->lorsque j'arrête mon pc normalement et le redémarre,il me demande à chaque fois quoi demarer(je peux choisir le mode XP familiale en mode normal,sans échec ......)
-->enfin dernier problème,il me demande toujour le mot de passe pour ma section,mais je n'ai pas de mot de passe,est ce que je peux retirer cette demande?

26 réponses

  • 1
  • 2
  1. incognito02 Messages postés 3487 Statut Contributeur 138
     
    Bonjour,

    Dans un premier temps, fait déja tout cela :

    telecharge et execute ces antispywares ( pense a les mettre a jour avant de les lancer)

    (1) ad-aware version 1.06

    (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
    voir demo
    http://pageperso.aol.fr/balltrap34/adwseflash.zip

    ***

    (2) spybot version 1.4

    (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
    voir demo d utilisation
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
    ***

    et aussi ceci

    (3) Ccleaner :
    Télécharge Ccleaner ici :
    https://www.ccleaner.com/ccleaner/download

    Tutorial ici:
    https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    (4) Ewido
    http://download.ewido.net/ewido-setup.exe
    Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour.

    Clique sur scanner puis sur scan complet du système.

    Puis colle le rapport sur le forum

    (5) Pour vérifier, scanne ton PC avec cet antivirus en ligne :
    https://www.bitdefender.com/toolbox/

    (6) télécharge HijackThis ici:
    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum

    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    Bon courage

    A+

    0
  2. bonnemine321 Messages postés 17 Statut Membre
     
    J'ai un pb avec la premère étape,je me retrouve sur un site de chasse
    0
  3. bonnemine321 Messages postés 17 Statut Membre
     
    Alors voici le premier scan avec Ewido :
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 13:34:39 05/08/2006

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : No action taken.
    HKLM\SOFTWARE\Classes\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
    HKU\S-1-5-21-790525478-688789844-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
    HKU\S-1-5-21-790525478-688789844-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : No action taken.
    HKU\S-1-5-21-790525478-688789844-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
    C:\Documents and Settings\famille Laplanche\Local Settings\Temp\ASearchAssist.dll -> Adware.Agent : No action taken.
    C:\w.exe -> Adware.BHO : No action taken.
    C:\WINDOWS\system32\SetupCarnival.exe -> Adware.Casino : No action taken.
    C:\WINDOWS\system32\__delete_on_reboot__n_a_v_s_h_e_x_t_1_._d_l_l_ -> Adware.Chiem : No action taken.
    C:\WINDOWS\system32\ccapp.exe -> Adware.Chiem : No action taken.
    C:\WINDOWS\system32\navshext.dll -> Adware.Chiem : No action taken.
    C:\WINDOWS\bGFwbGFuY2hl\__delete_on_reboot__a_s_a_p_p_s_r_v_._d_l_l_ -> Adware.CommAd : No action taken.
    C:\WINDOWS\bGFwbGFuY2hl\command.exe -> Adware.CommAd : No action taken.
    [1016] C:\WINDOWS\bGFwbGFuY2hl\asappsrv.dll -> Adware.CommAd : No action taken.
    [3184] C:\WINDOWS\bGFwbGFuY2hl\asappsrv.dll -> Adware.CommAd : No action taken.
    [3228] C:\WINDOWS\bGFwbGFuY2hl\asappsrv.dll -> Adware.CommAd : No action taken.
    [3240] C:\WINDOWS\bGFwbGFuY2hl\asappsrv.dll -> Adware.CommAd : No action taken.
    [3376] C:\WINDOWS\bGFwbGFuY2hl\asappsrv.dll -> Adware.CommAd : No action taken.
    [3468] C:\WINDOWS\bGFwbGFuY2hl\asappsrv.dll -> Adware.CommAd : No action taken.
    [3516] C:\WINDOWS\bGFwbGFuY2hl\asappsrv.dll -> Adware.CommAd : No action taken.
    [3768] C:\WINDOWS\bGFwbGFuY2hl\asappsrv.dll -> Adware.CommAd : No action taken.
    [3904] C:\WINDOWS\bGFwbGFuY2hl\asappsrv.dll -> Adware.CommAd : No action taken.
    [3928] C:\WINDOWS\bGFwbGFuY2hl\asappsrv.dll -> Adware.CommAd : No action taken.
    HKLM\SOFTWARE\Classes\CLSID\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} -> Adware.Generic : No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} -> Adware.Generic : No action taken.
    HKU\S-1-5-21-790525478-688789844-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : No action taken.
    C:\Program Files\minicliptoolbar toolbar\__delete_on_reboot__M_I_N_I_C_L_~_1_._D_L_L_ -> Adware.MegaSearch : No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SystemDoctor 2006 Free -> Adware.SystemDoctor2006 : No action taken.
    C:\WINDOWS\system32\sysiasvc32.dll -> Dialer.EGroup.u : No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access -> Dialer.Generic : No action taken.
    HKU\S-1-5-21-790525478-688789844-725345543-1004\Software\EGDHTML -> Dialer.Generic : No action taken.
    HKU\S-1-5-21-790525478-688789844-725345543-1004\Software\GlobalCS -> Dialer.Generic : No action taken.
    C:\WINDOWS\system32\sysinetsvc32.dll -> Dialer.InstantAccess.e : No action taken.
    C:\WINDOWS\system32\syswbsvc32.dll -> Dialer.InstantAccess.e : No action taken.
    C:\WINDOWS\ExeDialer.exe -> Dialer.InstantAccess.f : No action taken.
    C:\WINDOWS\system32\EGDACCESS.dll -> Dialer.InstantAccess.f : No action taken.
    C:\WINDOWS\system32\EGDACCESS_1068.dll -> Dialer.InstantAccess.f : No action taken.
    C:\WINDOWS\system32\EGDACCESS_1069.dll -> Dialer.InstantAccess.f : No action taken.
    C:\WINDOWS\system32\EGDACCESS_1072.dll -> Dialer.InstantAccess.f : No action taken.
    C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll -> Downloader.Small : No action taken.
    C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@112.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@7search[1].txt -> TrackingCookie.7search : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@abcsearch[1].txt -> TrackingCookie.Abcsearch : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ad-logics[2].txt -> TrackingCookie.Ad-logics : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@adtech[1].txt -> TrackingCookie.Adtech : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
    C:\Documents and Settings\famille Laplanche\Local Settings\Temp\Cookies\famille laplanche@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
    C:\Documents and Settings\famille Laplanche\Local Settings\Temp\Cookies\famille laplanche@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@adviva[1].txt -> TrackingCookie.Adviva : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\famille Laplanche\Local Settings\Temp\Cookies\famille laplanche@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ads18.bpath[1].txt -> TrackingCookie.Bpath : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@www.casinodelrio[2].txt -> TrackingCookie.Casinodelrio : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@casinopays[2].txt -> TrackingCookie.Casinopays : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@crbanner.casinopays[2].txt -> TrackingCookie.Casinopays : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@casinotropez[1].txt -> TrackingCookie.Casinotropez : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@cj[1].txt -> TrackingCookie.Cj : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@clickbank[2].txt -> TrackingCookie.Clickbank : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@cz5.clickzs[1].txt -> TrackingCookie.Clickzs : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@vip.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@banner.clubdicecasino[1].txt -> TrackingCookie.Clubdicecasino : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@clubdicecasino[1].txt -> TrackingCookie.Clubdicecasino : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@com[2].txt -> TrackingCookie.Com : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@cl.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@estat[1].txt -> TrackingCookie.Estat : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@www.etracker[1].txt -> TrackingCookie.Etracker : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@as-eu.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@as1.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@media.fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
    C:\Documents and Settings\famille Laplanche\Local Settings\Temp\Cookies\famille laplanche@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@findwhat[1].txt -> TrackingCookie.Findwhat : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@tracking.g3x[1].txt -> TrackingCookie.G3x : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@c.goclick[2].txt -> TrackingCookie.Goclick : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@www.goldenpalace[1].txt -> TrackingCookie.Goldenpalace : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ehg-ads.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ehg-darksideprod.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ehg-finaref.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ehg-logantod.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ehg-nfusiongroup.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ehg-nokiafin.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ehg-overseenet.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ehg-simon.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@phg.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@w119.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@w123.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter.hitslink[1].txt -> TrackingCookie.Hitslink : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter2.hitslink[1].txt -> TrackingCookie.Hitslink : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@hotlog[1].txt -> TrackingCookie.Hotlog : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ilead.itrack[1].txt -> TrackingCookie.Itrack : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ivwbox[2].txt -> TrackingCookie.Ivwbox : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@linksynergy[1].txt -> TrackingCookie.Linksynergy : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@vad.mainentrypoint[2].txt -> TrackingCookie.Mainentrypoint : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@image.masterstats[2].txt -> TrackingCookie.Masterstats : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@banner.newyorkcasino[1].txt -> TrackingCookie.Newyorkcasino : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@stat.onestat[2].txt -> TrackingCookie.Onestat : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@data2.perf.overture[2].txt -> TrackingCookie.Overture : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@data3.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@data4.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@overture[1].txt -> TrackingCookie.Overture : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@paycounter[2].txt -> TrackingCookie.Paycounter : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@paypopup[2].txt -> TrackingCookie.Paypopup : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@qksrv[2].txt -> TrackingCookie.Qksrv : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@sexlist[1].txt -> TrackingCookie.Sexlist : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter10.sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter11.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter14.sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter15.sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter16.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter2.sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter3.sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter4.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter5.sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter6.sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter7.sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter8.sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.
    C:\Documents and Settings\famille Laplanche\Local Settings\Temp\Cookies\famille laplanche@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@spylog[1].txt -> TrackingCookie.Spylog : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@starware[2].txt -> TrackingCookie.Starware : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@targetnet[2].txt -> TrackingCookie.Targetnet : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken.
    C:\Documents and Settings\famille Laplanche\Local Settings\Temp\Cookies\famille laplanche@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@vegasred[1].txt -> TrackingCookie.Vegasred : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@www.vegasred[1].txt -> TrackingCookie.Vegasred : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@weborama[1].txt -> TrackingCookie.Weborama : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@free.wegcash[1].txt -> TrackingCookie.Wegcash : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@programs.wegcash[1].txt -> TrackingCookie.Wegcash : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@count.xhit[1].txt -> TrackingCookie.Xhit : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@xxxtoolbar[1].txt -> TrackingCookie.Xxxtoolbar : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@yadro[1].txt -> TrackingCookie.Yadro : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
    C:\Program Files\mailskinner\MailSkinner.exe -> Trojan.Mailskinner.A : No action taken.

    ::Report end

    et voici le deuxiemme avec hijackthis :
    Logfile of HijackThis v1.99.1
    Scan saved at 13:00:26, on 05/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\fswsclds.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\CCleaner\ccleaner.exe
    C:\Documents and Settings\famille Laplanche\Local Settings\Temporary Internet Files\Content.IE5\6LLI2EL0\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - - (no file)
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Reactivator - {AC2E8306-D24E-4082-8669-7781499F4E03} - C:\PROGRA~1\EVERYT~1.1\everycom.dll
    O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navshext1.dll (file missing)
    O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL (file missing)
    O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Program Files\Accoona\atoolbar.dll (file missing)
    O3 - Toolbar: Every Toolbar - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - C:\PROGRA~1\EVERYT~1.1\everycom.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Install_BlueDSL] E:\Install.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
    O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
    O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\altpayV2\altpayV2.exe"
    O4 - HKLM\..\Run: [NI.UWA6PV_0001_N62M3012] "C:\Documents and Settings\famille Laplanche\Local Settings\Temporary Internet Files\Content.IE5\YV2JYDEZ\WinAntiVirusPro2006FreeInstall_fr[1].exe" -nag
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [NI.UERSV_0001_N68M0602] "C:\Documents and Settings\famille Laplanche\Local Settings\Temporary Internet Files\Content.IE5\NFX7ZL8W\ErrorSafeScannerInstall_fr[1].exe" -nag
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1049.dll,InstantAccess
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Every Toolbar Search - res://C:\PROGRA~1\EVERYT~1.1\everycom.dll/GoRSDN.dll.htm
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_s...
    O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{836AC17B-C35B-4BEC-825A-8B4FB72A6E81}: NameServer = 85.255.116.68,85.255.112.100
    O17 - HKLM\System\CCS\Services\Tcpip\..\{88E02B57-AB1C-40A8-9A4D-A5282A9FDCC9}: NameServer = 85.255.116.68,85.255.112.100
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8EC60E48-9D95-4702-893D-D8FE0D9B038D}: NameServer = 85.255.116.68,85.255.112.100
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bGFwbGFuY2hl\command.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
    O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    Merci énormément d'avance!!
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. incognito02 Messages postés 3487 Statut Contributeur 138
     
    ok,

    relance ewido et cette fois, demande le nettoyage des fichiers infectés.

    puis colle le rapport ewido et un nouveau hijackthis.

    A première vue rien de grave mais quand même quelques sales bestioles trainent sur ton ordi.

    Bon courage.

    A+
    0
  6. bonnemine321 Messages postés 17 Statut Membre
     
    Merci pour ta réponce;toute fois pour être sur je prefère te demander :
    "relance ewido et cette fois, demande le nettoyage des fichiers infectés" je dois faire comment?je lance un scann et apres je pourarais nettoyer ou je peux nettoyer directment sans refaire le scan?

    Merci énormément!!
    0
  7. incognito02 Messages postés 3487 Statut Contributeur 138
     
    re,

    excuses moi, j'ai été un peu rapide dans mon explication.

    tu relances un scan Ewido et tu demandes la suppression de TOUT ce qu'il trouve.

    tu trouveras ici un tutoriel ewido :
    https://www.pcparadise.fr

    c'est le point 2 "utilisation" qui devrai te servir.

    A+
    0
  8. bonnemine321 Messages postés 17 Statut Membre
     
    voila pour ewido:
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 15:41:37 05/08/2006

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined).
    HKU\S-1-5-21-790525478-688789844-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined).
    HKU\S-1-5-21-790525478-688789844-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned with backup (quarantined).
    HKU\S-1-5-21-790525478-688789844-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined).
    C:\Documents and Settings\famille Laplanche\Local Settings\Temp\ASearchAssist.dll -> Adware.Agent : Cleaned with backup (quarantined).
    C:\w.exe -> Adware.BHO : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\SetupCarnival.exe -> Adware.Casino : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ccapp.exe -> Adware.Chiem : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\navshext.dll -> Adware.Chiem : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\CLSID\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} -> Adware.Generic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} -> Adware.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-21-790525478-688789844-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SystemDoctor 2006 Free -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\sysiasvc32.dll -> Dialer.EGroup.u : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access -> Dialer.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-21-790525478-688789844-725345543-1004\Software\EGDHTML -> Dialer.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-21-790525478-688789844-725345543-1004\Software\GlobalCS -> Dialer.Generic : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\sysinetsvc32.dll -> Dialer.InstantAccess.e : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\syswbsvc32.dll -> Dialer.InstantAccess.e : Cleaned with backup (quarantined).
    C:\WINDOWS\ExeDialer.exe -> Dialer.InstantAccess.f : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\EGDACCESS.dll -> Dialer.InstantAccess.f : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\EGDACCESS_1068.dll -> Dialer.InstantAccess.f : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\EGDACCESS_1069.dll -> Dialer.InstantAccess.f : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\EGDACCESS_1072.dll -> Dialer.InstantAccess.f : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll -> Downloader.Small : Cleaned with backup (quarantined).
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@7search[1].txt -> TrackingCookie.7search : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ad-logics[2].txt -> TrackingCookie.Ad-logics : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\famille Laplanche\Local Settings\Temp\Cookies\famille laplanche@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\famille Laplanche\Local Settings\Temp\Cookies\famille laplanche@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@adviva[1].txt -> TrackingCookie.Adviva : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\famille Laplanche\Local Settings\Temp\Cookies\famille laplanche@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ads18.bpath[1].txt -> TrackingCookie.Bpath : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@www.casinodelrio[2].txt -> TrackingCookie.Casinodelrio : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@casinopays[2].txt -> TrackingCookie.Casinopays : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@crbanner.casinopays[2].txt -> TrackingCookie.Casinopays : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@cz5.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@banner.clubdicecasino[1].txt -> TrackingCookie.Clubdicecasino : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@clubdicecasino[1].txt -> TrackingCookie.Clubdicecasino : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@com[2].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@cl.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\famille Laplanche\Local Settings\Temp\Cookies\famille laplanche@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@tracking.g3x[1].txt -> TrackingCookie.G3x : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@www.goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ehg-ads.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ehg-darksideprod.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ehg-finaref.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ehg-nfusiongroup.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ehg-nokiafin.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ehg-overseenet.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ehg-simon.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@w119.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@banner.newyorkcasino[1].txt -> TrackingCookie.Newyorkcasino : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter10.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter11.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter14.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter15.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter16.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter2.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter5.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@counter6.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
    C:\Documents and Settings\famille Laplanche\Local Settings\Temp\Cookies\famille laplanche@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\famille Laplanche\Local Settings\Temp\Cookies\famille laplanche@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@vegasred[1].txt -> TrackingCookie.Vegasred : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@www.vegasred[1].txt -> TrackingCookie.Vegasred : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@programs.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@count.xhit[1].txt -> TrackingCookie.Xhit : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@xxxtoolbar[1].txt -> TrackingCookie.Xxxtoolbar : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\famille Laplanche\Cookies\famille laplanche@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.

    ::Report end

    et enfin pour HijackThis :
    Logfile of HijackThis v1.99.1
    Scan saved at 15:45:49, on 05/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\fswsclds.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Documents and Settings\famille Laplanche\Local Settings\Temporary Internet Files\Content.IE5\EJTHGVWU\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - - (no file)
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Reactivator - {AC2E8306-D24E-4082-8669-7781499F4E03} - C:\PROGRA~1\EVERYT~1.1\everycom.dll
    O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL (file missing)
    O3 - Toolbar: Every Toolbar - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - C:\PROGRA~1\EVERYT~1.1\everycom.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [Install_BlueDSL] E:\Install.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
    O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
    O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\altpayV2\altpayV2.exe"
    O4 - HKLM\..\Run: [NI.UWA6PV_0001_N62M3012] "C:\Documents and Settings\famille Laplanche\Local Settings\Temporary Internet Files\Content.IE5\YV2JYDEZ\WinAntiVirusPro2006FreeInstall_fr[1].exe" -nag
    O4 - HKLM\..\Run: [NI.UERSV_0001_N68M0602] "C:\Documents and Settings\famille Laplanche\Local Settings\Temporary Internet Files\Content.IE5\NFX7ZL8W\ErrorSafeScannerInstall_fr[1].exe" -nag
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1049.dll,InstantAccess
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Every Toolbar Search - res://C:\PROGRA~1\EVERYT~1.1\everycom.dll/GoRSDN.dll.htm
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_s...
    O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{836AC17B-C35B-4BEC-825A-8B4FB72A6E81}: NameServer = 85.255.116.68,85.255.112.100
    O17 - HKLM\System\CCS\Services\Tcpip\..\{88E02B57-AB1C-40A8-9A4D-A5282A9FDCC9}: NameServer = 85.255.116.68,85.255.112.100
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8EC60E48-9D95-4702-893D-D8FE0D9B038D}: NameServer = 85.255.116.68,85.255.112.100
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bGFwbGFuY2hl\command.exe (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
    O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    meri beaucoup à toi!!
    0
  9. incognito02 Messages postés 3487 Statut Contributeur 138
     
    Re,

    telecharge SmitfraudFix

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
    Copie/colle le sur le post stp.

    voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php

    A+

    0
  10. bonnemine321 Messages postés 17 Statut Membre
     
    voici le rapport :
    SmitFraudFix v2.79

    Rapport fait à 16:51:25,01, 05/08/2006
    Executé à partir de C:\Documents and Settings\famille Laplanche\Mes documents\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\famille Laplanche\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\FAMILL~1\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="C:\\WINDOWS\\desktop.html"
    "SubscribedURL"="C:\\WINDOWS\\desktop.html"
    "FriendlyName"="Security"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  11. incognito02 Messages postés 3487 Statut Contributeur 138
     
    re,

    ok, je suis rassuré de ce coté là.

    1 - Commence par desintaller maiskinner, steam, altpayV2 et Everycom par ajout suppression de programmes dans le panneau de configuration. c'est 3 là sont truffés d'espions.

    2 - Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !

    3 - Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    R3 - URLSearchHook: (no name) - - (no file)

    O2 - BHO: Reactivator - {AC2E8306-D24E-4082-8669-7781499F4E03} - C:\PROGRA~1\EVERYT~1.1\everycom.dll

    O3 - Toolbar: Every Toolbar - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - C:\PROGRA~1\EVERYT~1.1\everycom.dll

    O4 - HKLM\..\Run: [Install_BlueDSL] E:\Install.exe

    O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE

    O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H

    O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\altpayV2\altpayV2.exe"

    O4 - HKLM\..\Run: [NI.UWA6PV_0001_N62M3012] "C:\Documents and Settings\famille Laplanche\Local Settings\Temporary Internet Files\Content.IE5\YV2JYDEZ\WinAntiVirusPro2006FreeInstall_fr[1].exe" -nag

    O4 - HKLM\..\Run: [NI.UERSV_0001_N68M0602] "C:\Documents and Settings\famille Laplanche\Local Settings\Temporary Internet Files\Content.IE5\NFX7ZL8W\ErrorSafeScannerInstall_fr[1].exe" -nag

    O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1049.dll,InstantAccess

    O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe

    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent

    O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - https://www.afternic.com/domains/downloadv3.com

    O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - https://www.afternic.com/domains/downloadv3.com

    O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

    O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - https://www.afternic.com/domains/downloadv3.com

    O17 - HKLM\System\CCS\Services\Tcpip\..\{836AC17B-C35B-4BEC-825A-8B4FB72A6E81}: NameServer = 85.255.116.68,85.255.112.100

    O17 - HKLM\System\CCS\Services\Tcpip\..\{88E02B57-AB1C-40A8-9A4D-A5282A9FDCC9}: NameServer = 85.255.116.68,85.255.112.100

    O17 - HKLM\System\CCS\Services\Tcpip\..\{8EC60E48-9D95-4702-893D-D8FE0D9B038D}: NameServer = 85.255.116.68,85.255.112.100

    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bGFwbGFuY2hl\command.exe (file missing)

    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

    4 - Arrête ces services :

    Clique sur Démarrer->exécuter->tape: services.msc

    Double-clique: Service:Command Service (cmdService)

    Règle-le sur "Arrêté" et "Désactivé".

    idem pour Network Monitor

    5 - ensuite, recherche et supprime ses fichiers (en gras) si présents :

    C:\WINDOWS\NsUpdate.exe

    passe un coup de Ccleaner.

    vide la corbeille, relance ton ordi et refait un hijackthis stp.

    Ps : je dois m'absenter, si quelqu'un veux reprendre le flambeau , sinon, à demain.

    Bon courage.

    A+

    0
  12. bonnemine321 Messages postés 17 Statut Membre
     
    voici le raport :
    Logfile of HijackThis v1.99.1
    Scan saved at 19:49:00, on 05/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\fswsclds.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\CCleaner\ccleaner.exe
    C:\Documents and Settings\famille Laplanche\Local Settings\Temporary Internet Files\Content.IE5\EJTHGVWU\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NI.UWA6PV_0001_N62M3012] "C:\Documents and Settings\famille Laplanche\Local Settings\Temporary Internet Files\Content.IE5\YV2JYDEZ\WinAntiVirusPro2006FreeInstall_fr[1].exe" -nag
    O4 - HKLM\..\Run: [NI.UERSV_0001_N68M0602] "C:\Documents and Settings\famille Laplanche\Local Settings\Temporary Internet Files\Content.IE5\NFX7ZL8W\ErrorSafeScannerInstall_fr[1].exe" -nag
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\RunOnce: [DeleteEvery Toolbar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\PROGRA~1\EVERYT~1.1\everycom.dll"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_s...
    O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
    O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    je te remercie pour tous ce que tu as déja fait pour moi et te remercie d'avance pour les chose à venir!
    bonne soirée à toi alors et à demain
    >Merci encore!
    0
  13. incognito02 Messages postés 3487 Statut Contributeur 138
     
    Bonjour,

    Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    O4 - HKLM\..\Run: [NI.UWA6PV_0001_N62M3012] "C:\Documents and Settings\famille Laplanche\Local Settings\Temporary Internet Files\Content.IE5\YV2JYDEZ\WinAntiVirusPro2006FreeInstall_fr[1].exe" -nag

    O4 - HKLM\..\Run: [NI.UERSV_0001_N68M0602] "C:\Documents and Settings\famille Laplanche\Local Settings\Temporary Internet Files\Content.IE5\NFX7ZL8W\ErrorSafeScannerInstall_fr[1].exe" -nag

    puis redemarre ton ordi et refait un hijackthis stp.

    Bon courage.

    A+

    0
  14. bonnemine321 Messages postés 17 Statut Membre
     
    voila :
    Logfile of HijackThis v1.99.1
    Scan saved at 23:14:41, on 06/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\fswsclds.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\famille Laplanche\Local Settings\Temporary Internet Files\Content.IE5\49UJOLEN\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NI.UWA6PV_0001_N62M3012] "C:\Documents and Settings\famille Laplanche\Local Settings\Temporary Internet Files\Content.IE5\YV2JYDEZ\WinAntiVirusPro2006FreeInstall_fr[1].exe" -nag
    O4 - HKLM\..\Run: [NI.UERSV_0001_N68M0602] "C:\Documents and Settings\famille Laplanche\Local Settings\Temporary Internet Files\Content.IE5\NFX7ZL8W\ErrorSafeScannerInstall_fr[1].exe" -nag
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_s...
    O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
    O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    merci énormément pour le temp que tu passes à m'aider,merci !!:d
    0
  15. incognito02 Messages postés 3487 Statut Contributeur 138
     
    Bonjour,

    Elles s'accorchent les sales bestioles ! lol

    On va faire quelques recherches avec Blacklight=>

    Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.

    https://www.f-secure.com/en

    Double-clique blbeta.exe et accepte la licence; laisse [X]scan through Windows Explorer activé; clique Scan puis Next

    Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

    Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents.

    Bon courage.

    A+
    0
  16. bonnemine321 Messages postés 17 Statut Membre
     
    bonjour,
    voila le raport :
    08/08/06 13:07:02 [Info]: BlackLight Engine 1.0.42 initialized
    08/08/06 13:07:02 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    08/08/06 13:07:02 [Note]: 7019 4
    08/08/06 13:07:02 [Note]: 7005 0
    08/08/06 13:07:42 [Note]: 7006 0
    08/08/06 13:07:42 [Note]: 7011 1692
    08/08/06 13:07:42 [Note]: 7026 0
    08/08/06 13:07:42 [Note]: 7026 0
    08/08/06 13:07:42 [Note]: 7024 3
    08/08/06 13:07:42 [Info]: Hidden process: C:\windows\system32\ckbrzxtv.exe
    08/08/06 13:07:42 [Note]: FSRAW library version 1.7.1019
    08/08/06 13:10:41 [Info]: Hidden file: c:\WINDOWS\Prefetch\CKBRZXTV.EXE-19243FEB.pf
    08/08/06 13:10:41 [Note]: 10002 1
    08/08/06 13:10:53 [Info]: Hidden file: c:\WINDOWS\system32\msclock32.dll
    08/08/06 13:10:53 [Note]: 10002 1
    08/08/06 13:10:58 [Info]: Hidden file: c:\WINDOWS\system32\msplock32.dll
    08/08/06 13:10:58 [Note]: 10002 1
    08/08/06 13:10:58 [Info]: Hidden file: c:\WINDOWS\system32\ckbrzxtv.dat
    08/08/06 13:10:58 [Note]: 10002 1
    08/08/06 13:10:58 [Info]: Hidden file: C:\windows\system32\ckbrzxtv.exe
    08/08/06 13:10:58 [Note]: 10002 1
    08/08/06 13:10:58 [Info]: Hidden file: c:\WINDOWS\system32\ckbrzxtv_nav.dat
    08/08/06 13:10:58 [Note]: 10002 1
    08/08/06 13:10:58 [Info]: Hidden file: c:\WINDOWS\system32\ckbrzxtv_navps.dat
    08/08/06 13:10:58 [Note]: 10002 1
    08/08/06 13:19:53 [Note]: 7007 0

    voila,merci beaucoup!!!
    0
  17. incognito02 Messages postés 3487 Statut Contributeur 138
     
    Bonsoir,

    Là voila la bestiole ! lol

    lance Blacklight en double cliquant sur blbeta.exe et accepte la licence.
    Clique sur Scan pour lancer l'analyse.
    Une fois fait, selectionnes chaques fichiers trouvés et clic sur "RENAME"
    Puis valide.
    Réponds oui aux messages d'avertissements et te demandant si tu autorises le reboot du pc.

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

    Après le reboot du pc, les fichiers :

    C:\windows\system32\ckbrzxtv.exe
    c:\WINDOWS\Prefetch\CKBRZXTV.EXE-19243FEB.pf
    c:\WINDOWS\system32\msclock32.dll
    c:\WINDOWS\system32\msplock32.dll
    c:\WINDOWS\system32\ckbrzxtv.dat
    c:\WINDOWS\system32\ckbrzxtv_nav.dat
    c:\WINDOWS\system32\ckbrzxtv_navps.dat

    devraient être visible et pouvoir être supprimés sans aucuns soucis.
    Blacklight ne les supprimes pas, il les renommes simplement et il va falloir que tu les vires toi même:
    Va dans C:\windows\system32\ et recherches et effaces:

    C:\windows\system32\ckbrzxtv.exe.ren

    c:\WINDOWS\Prefetch\CKBRZXTV.EXE-19243FEB.pf.ren

    c:\WINDOWS\system32\msclock32.dll.ren

    c:\WINDOWS\system32\msplock32.dll.ren

    c:\WINDOWS\system32\ckbrzxtv.dat.ren

    c:\WINDOWS\system32\ckbrzxtv_nav.dat.ren

    c:\WINDOWS\system32\ckbrzxtv_navps.dat .ren

    Une fois fait, reposte un rapport hijackthis et un nouveau rapport de blacklight.

    Bon vourage.

    A+
    0
  18. bonnemine321 Messages postés 17 Statut Membre
     
    un rapport hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 22:36:19, on 08/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\fswsclds.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
    C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\famille Laplanche\Bureau\blbeta.exe
    C:\Documents and Settings\famille Laplanche\Local Settings\Temporary Internet Files\Content.IE5\EJTHGVWU\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NI.UWA6PV_0001_N62M3012] "C:\Documents and Settings\famille Laplanche\Local Settings\Temporary Internet Files\Content.IE5\YV2JYDEZ\WinAntiVirusPro2006FreeInstall_fr[1].exe" -nag
    O4 - HKLM\..\Run: [NI.UERSV_0001_N68M0602] "C:\Documents and Settings\famille Laplanche\Local Settings\Temporary Internet Files\Content.IE5\NFX7ZL8W\ErrorSafeScannerInstall_fr[1].exe" -nag
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [ckbrzxtv] c:\windows\system32\ckbrzxtv.exe ckbrzxtv
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_s...
    O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
    O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    et un nouveau rapport de blacklight.
    08/08/06 22:35:19 [Info]: BlackLight Engine 1.0.42 initialized
    08/08/06 22:35:19 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    08/08/06 22:35:19 [Note]: 7019 4
    08/08/06 22:35:19 [Note]: 7005 0
    08/08/06 22:35:21 [Note]: 7006 0
    08/08/06 22:35:21 [Note]: 7011 1556
    08/08/06 22:35:21 [Note]: 7026 0
    08/08/06 22:35:21 [Note]: 7026 0
    08/08/06 22:35:31 [Note]: FSRAW library version 1.7.1019

    Merci beaucoup a toi et bonne soirée!
    0
  19. incognito02 Messages postés 3487 Statut Contributeur 138
     
    Bonjour,

    Téléchargez et installez Look2Me-Destroyer
    http://www.atribune.org/ccount/click.php?id=7
    # double-cliquez Look2Me-Destroyer.exe afin de lancer l'outil.

    * NOTE: Si un message runtime error '339' s'affiche : Téléchargez MSWINSCK.OCX http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX et placez-le dans le dossier C:\Windows\System32

    # Cochez Run this program as a task

    # Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Cliquez sur OK

    # Le programme va se relancer après 10 secondes, puis cliquez sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.

    # Lorsque le scan termine, cliquez sur le bouton Remove L2M

    # Un message Done Scanning apparaîtra, clique OK.

    # Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; cliquez sur OK.

    # Redémarrez en mode sans échec
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).

    # Lancez un scan avec Ewido et nettoyez les malwares détectés

    # Lancer Ccleaner et nettoyer le tout
    Tutorial ici:
    https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    Bon courage.

    A+
    0
  20. bonnemine321 Messages postés 17 Statut Membre
     
    bonjour,

    Je te remercie pour ton aide,j'ai fait ce que tu m'as dit,il y a besoin que je scan et que je te le montre??
    Sinon mes problèmes ont disparus et je t'en remercie énormément!
    bonne journée et dit moi si tu veux voir un scan
    0
  • 1
  • 2