[virus] hijackthis ou autre, j'y connais rien
Résolu
matpes
Messages postés
9
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Je suis nouveau sur le forum et débutant en terme de chasse aux virus :)
J'ai antivir qui me dit que j'ai woa32.exe et tam32 mais ils réapparaissent tout le temps...
Et parfois j'ai une fenetre qui dit tout simplement que le pc va s'éteindre ! commandé par lsass32 avec un compte à rebours...
Je suis tombé sur votre forum en tapant tout ça dans gougle. J'ai regardé un peu les autres questions et j'ai compris que le point de départ est d'installer et passer hijackthis. Je l'ai donc fait mais je ne sais pas aller plus loin.
Quelqu'un peut il m'aider ?
merci !
Je suis nouveau sur le forum et débutant en terme de chasse aux virus :)
J'ai antivir qui me dit que j'ai woa32.exe et tam32 mais ils réapparaissent tout le temps...
Et parfois j'ai une fenetre qui dit tout simplement que le pc va s'éteindre ! commandé par lsass32 avec un compte à rebours...
Je suis tombé sur votre forum en tapant tout ça dans gougle. J'ai regardé un peu les autres questions et j'ai compris que le point de départ est d'installer et passer hijackthis. Je l'ai donc fait mais je ne sais pas aller plus loin.
Quelqu'un peut il m'aider ?
merci !
A voir également:
- [virus] hijackthis ou autre, j'y connais rien
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Virus facebook demande d'amis - Accueil - Facebook
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
5 réponses
Voilà ! :
Logfile of HijackThis v1.99.1
Scan saved at 20:30:48, on 18/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Fichiers communs\{06021E5D-073F-1036-1211-030304300021}\Update.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Marjo\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr8l.hpwis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/qfr8l.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/qfr8l.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [wrmdrv] rundll32.exe C:\WINDOWS\System32\wrmdrv.dll,start
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe"
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/qfr8l.hpwis.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.0 Combo Control) - https://www.photopolo.com/?utm_source=www.misterclic.fr&utm_medium=301&utm_campaign=redirection
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 20:30:48, on 18/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Fichiers communs\{06021E5D-073F-1036-1211-030304300021}\Update.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Marjo\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr8l.hpwis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/qfr8l.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/qfr8l.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [wrmdrv] rundll32.exe C:\WINDOWS\System32\wrmdrv.dll,start
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe"
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/qfr8l.hpwis.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.0 Combo Control) - https://www.photopolo.com/?utm_source=www.misterclic.fr&utm_medium=301&utm_campaign=redirection
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
ça semble presque propre à part ça, ton systeme n'est pas à jour.
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr8l.hpwis.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qfr8l.hpwis.com/
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [wrmdrv] rundll32.exe C:\WINDOWS\System32\wrmdrv.dll,start
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe"
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.0 Combo Control) - http://www.misterclic.fr/Components/Upload/ImageUploader3.cab
Rends toi à cette adresse:
http://www.virustotal.com/en/virustotalx.html
clic sur "choisir" puis suis ce chemin;
-C: , windows, system32, puis clic sur ce fichier wrmdrv.dll
Lance l'analyse attend un peu..puis postes le resultat de l'analyse ici s'il te plait.
Fais ce nettoyage: (à faire réguliérement)
¤Telecharges et installes ceci:
CCleaner:
Ccleaner
dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites tu pourra les supprimer si ton ordinateur n'a plus de problémes
¤Relance Ccleaner, vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
tu as quoi comme logiciels anti-spywares ?
A++
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr8l.hpwis.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qfr8l.hpwis.com/
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [wrmdrv] rundll32.exe C:\WINDOWS\System32\wrmdrv.dll,start
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe"
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.0 Combo Control) - http://www.misterclic.fr/Components/Upload/ImageUploader3.cab
Rends toi à cette adresse:
http://www.virustotal.com/en/virustotalx.html
clic sur "choisir" puis suis ce chemin;
-C: , windows, system32, puis clic sur ce fichier wrmdrv.dll
Lance l'analyse attend un peu..puis postes le resultat de l'analyse ici s'il te plait.
Fais ce nettoyage: (à faire réguliérement)
¤Telecharges et installes ceci:
CCleaner:
Ccleaner
dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites tu pourra les supprimer si ton ordinateur n'a plus de problémes
¤Relance Ccleaner, vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
tu as quoi comme logiciels anti-spywares ?
A++
J'ai tout fait sauf le passage sur le fichier wrmdrv.dll que j'ai pas trouvé...
Je pense pas avoir d'antispyware :) zonealarm fat pas ça ?
Est ce que je repasse hijack ?
Je pense pas avoir d'antispyware :) zonealarm fat pas ça ?
Est ce que je repasse hijack ?
ZoneAlarm version Pro doit le faire mais ça reste trop leger..il t'en faut plusieurs en voici une liste qui te trouveront des ptites bêbêtes à tous les coups !
Seulement après avoir fait les scans avec ces logiciels remets un rapport hijackthis stp
SpyBot-Search & Destroy: (gratuit)
Spybot Search & Destroy
A² free: (gratuit)
A² Squared
Ad-Aware SE Personal: (en anglais, gratuit))
Ad-aware
-Le patch pour le faire fonctionner Ad-Aware SE en français: Patch français pour Ad-aware
Telecharge, installe puis mets à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système et colle le rapport ici avec un nouveau rapport hijackthis
Ewido: (installe le en anglais il passera en français, reste gratuit après la période d'essai)
Télécharger Ewido Security Suite
Seulement après avoir fait les scans avec ces logiciels remets un rapport hijackthis stp
SpyBot-Search & Destroy: (gratuit)
Spybot Search & Destroy
A² free: (gratuit)
A² Squared
Ad-Aware SE Personal: (en anglais, gratuit))
Ad-aware
-Le patch pour le faire fonctionner Ad-Aware SE en français: Patch français pour Ad-aware
Telecharge, installe puis mets à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système et colle le rapport ici avec un nouveau rapport hijackthis
Ewido: (installe le en anglais il passera en français, reste gratuit après la période d'essai)
Télécharger Ewido Security Suite
Voilà le rapport d'ewido :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 23:21:43 18/08/2006
+ Scan result:
C:\VundoFix Backups\wvutq.dll -> Downloader.ConHook.ad : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.11:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.12:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.7:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.8:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.9:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.15:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.269:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.285:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.324:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mathieu\Cookies\mathieu@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mathieu\Cookies\mathieu@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Mathieu\Cookies\mathieu@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.22:C:\Documents and Settings\Mathieu\Application Data\Mozilla\Firefox\Profiles\llciae45.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.232:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.107:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.115:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.116:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.180:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.181:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.182:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.121:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Dbbsrv : Cleaned.
C:\Documents and Settings\Mathieu\Cookies\mathieu@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.156:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.21:C:\Documents and Settings\Mathieu\Application Data\Mozilla\Firefox\Profiles\llciae45.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.567:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.568:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.569:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.570:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.631:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.632:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.589:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.590:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.591:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.29:C:\Documents and Settings\Mathieu\Application Data\Mozilla\Firefox\Profiles\llciae45.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.363:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.364:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.292:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.293:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.101:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.343:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.344:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.345:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.346:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.197:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.198:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.199:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.200:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.201:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.202:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.203:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.349:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.509:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.510:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.511:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.658:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.365:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.366:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.367:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.368:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.391:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.392:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.393:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.394:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.395:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.397:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.430:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.431:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.432:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.23:C:\Documents and Settings\Mathieu\Application Data\Mozilla\Firefox\Profiles\llciae45.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.24:C:\Documents and Settings\Mathieu\Application Data\Mozilla\Firefox\Profiles\llciae45.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.25:C:\Documents and Settings\Mathieu\Application Data\Mozilla\Firefox\Profiles\llciae45.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.425:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.426:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.427:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.428:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.539:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Mathieu\Cookies\mathieu@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Fichiers communs\{06021E5D-073F-1036-1211-030304300021}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).
::Report end
Et celui de hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 23:22:54, on 18/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\Marjo\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/qfr8l.hpwis.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
merci !
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 23:21:43 18/08/2006
+ Scan result:
C:\VundoFix Backups\wvutq.dll -> Downloader.ConHook.ad : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.11:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.12:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.7:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.8:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.9:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.15:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.269:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.285:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.324:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mathieu\Cookies\mathieu@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mathieu\Cookies\mathieu@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Mathieu\Cookies\mathieu@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.22:C:\Documents and Settings\Mathieu\Application Data\Mozilla\Firefox\Profiles\llciae45.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.232:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.107:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.115:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.116:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.180:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.181:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.182:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.121:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Dbbsrv : Cleaned.
C:\Documents and Settings\Mathieu\Cookies\mathieu@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.156:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.21:C:\Documents and Settings\Mathieu\Application Data\Mozilla\Firefox\Profiles\llciae45.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.567:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.568:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.569:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.570:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.631:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.632:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.589:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.590:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.591:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.29:C:\Documents and Settings\Mathieu\Application Data\Mozilla\Firefox\Profiles\llciae45.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.363:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.364:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.292:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.293:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.101:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.343:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.344:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.345:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.346:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.197:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.198:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.199:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.200:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.201:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.202:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.203:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.349:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.509:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.510:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.511:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.658:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.365:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.366:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.367:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.368:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.391:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.392:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.393:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.394:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.395:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.397:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.430:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.431:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.432:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.23:C:\Documents and Settings\Mathieu\Application Data\Mozilla\Firefox\Profiles\llciae45.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.24:C:\Documents and Settings\Mathieu\Application Data\Mozilla\Firefox\Profiles\llciae45.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.25:C:\Documents and Settings\Mathieu\Application Data\Mozilla\Firefox\Profiles\llciae45.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.425:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.426:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.427:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.428:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.539:C:\Documents and Settings\Marjo\Application Data\Mozilla\Firefox\Profiles\nrrd8ho9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Mathieu\Cookies\mathieu@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Fichiers communs\{06021E5D-073F-1036-1211-030304300021}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).
::Report end
Et celui de hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 23:22:54, on 18/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\Marjo\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/qfr8l.hpwis.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
merci !
ok, ça me semble mieux, mais pas fini..
Fais ce nettoyage: (à faire réguliérement)
¤Telecharges et installes ceci:
CCleaner:
Ccleaner
dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites tu pourra les supprimer si ton ordinateur n'a plus de problémes
¤Relance Ccleaner, vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
Puis refais un scan en ligne avec Bitdefender s'il ne te trouve rien alors tu pourra faire ça:
¤ Mises à jours ¤
Clic sur "demarrer", "tous les programmes", tout en haut "Windows Update" puis telecharge toutes les mises à jour qu'il te trouve, tu peux refaire cette opération plusieurs fois à la suite, même si ton PC aura redemarrer, car ton systèe est loin d'être à jour ;-)
Fais ce nettoyage: (à faire réguliérement)
¤Telecharges et installes ceci:
CCleaner:
Ccleaner
dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites tu pourra les supprimer si ton ordinateur n'a plus de problémes
¤Relance Ccleaner, vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
Puis refais un scan en ligne avec Bitdefender s'il ne te trouve rien alors tu pourra faire ça:
¤ Mises à jours ¤
Clic sur "demarrer", "tous les programmes", tout en haut "Windows Update" puis telecharge toutes les mises à jour qu'il te trouve, tu peux refaire cette opération plusieurs fois à la suite, même si ton PC aura redemarrer, car ton systèe est loin d'être à jour ;-)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
