Blocage fichiers exe lors d installations
osechi
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Depuis quelques jours j ai un probleme. Si quelqu un connait une methode pour le resoudre je lui serais tres tres reconnaissant !
Je vais essayer d etre precis.
J arrive a ouvrir les fichiers executables mais lorsque j installe un logiciel, soit l installation bug en route. Soit le programme installe n a pas cree de fichier executable. J ai donc le programme installe sans pouvoir l executer.
Je soupconne fortement un virus (malgre macafee, et le firewall windows mis a jour).
A cause de ce probleme toutes les mises a jour microsoft sont impossibles ainsi que l installation de nouveaux programmes (j ai essaye Panda. spybots et consors en vain...).
J ai pense a recreer l association a l extension .exe sans succes.
Le comble, c est que en essayant hijack je nai eu aucun probeme pour l installation et l executer... Est ce un fichier systeme corrompu?
Voici ce qu a donne hijack:
Logfile of HijackThis v1.99.1
Scan saved at 18:39:47, on 2007/01/02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\NTTE\Flets\app\TangoService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\NTTE\Flets\app\TangoManager.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Fran軋ise\VERSION TRADUITE ORIGINALE.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowTangoBar Class - {603EC267-504E-4BD4-97F3-5DD71A271EAF} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: フレッツ接続ツール - {831AA893-5930-4A2B-8D38-B881AD1764E2} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\NTTE\Flets\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: フレッツ接続ツール - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167727153015
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ウイルスバスター On-Line Scan) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29CEF087-1999-4D96-8526-4A8B14D93438}: NameServer = 202.238.95.24 202.238.95.26
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTE\Flets\app\TangoService.exe
O23 - Service: Touch-It Virtual Keyboard (TouchIt) - Unknown owner - C:\WINDOWS\system32\TouchIts.exe (file missing)
Je precise enfin que j ai une version japonaise de xp familiale (officielle) mais ca ne change pas grand chose.
Tous vos conseils ou propositions sont les bienvenus!!!
Depuis quelques jours j ai un probleme. Si quelqu un connait une methode pour le resoudre je lui serais tres tres reconnaissant !
Je vais essayer d etre precis.
J arrive a ouvrir les fichiers executables mais lorsque j installe un logiciel, soit l installation bug en route. Soit le programme installe n a pas cree de fichier executable. J ai donc le programme installe sans pouvoir l executer.
Je soupconne fortement un virus (malgre macafee, et le firewall windows mis a jour).
A cause de ce probleme toutes les mises a jour microsoft sont impossibles ainsi que l installation de nouveaux programmes (j ai essaye Panda. spybots et consors en vain...).
J ai pense a recreer l association a l extension .exe sans succes.
Le comble, c est que en essayant hijack je nai eu aucun probeme pour l installation et l executer... Est ce un fichier systeme corrompu?
Voici ce qu a donne hijack:
Logfile of HijackThis v1.99.1
Scan saved at 18:39:47, on 2007/01/02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\NTTE\Flets\app\TangoService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\NTTE\Flets\app\TangoManager.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Fran軋ise\VERSION TRADUITE ORIGINALE.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowTangoBar Class - {603EC267-504E-4BD4-97F3-5DD71A271EAF} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: フレッツ接続ツール - {831AA893-5930-4A2B-8D38-B881AD1764E2} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\NTTE\Flets\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: フレッツ接続ツール - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167727153015
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ウイルスバスター On-Line Scan) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29CEF087-1999-4D96-8526-4A8B14D93438}: NameServer = 202.238.95.24 202.238.95.26
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTE\Flets\app\TangoService.exe
O23 - Service: Touch-It Virtual Keyboard (TouchIt) - Unknown owner - C:\WINDOWS\system32\TouchIts.exe (file missing)
Je precise enfin que j ai une version japonaise de xp familiale (officielle) mais ca ne change pas grand chose.
Tous vos conseils ou propositions sont les bienvenus!!!
A voir également:
- Blocage fichiers exe lors d installations
- .Exe - Télécharger - Divers Utilitaires
- Renommer des fichiers en masse - Guide
- Fichiers epub - Guide
- Winrar exe - Télécharger - Compression & Décompression
- Bat to exe - Télécharger - Édition & Programmation
11 réponses
Salut à toi,
à ta place je verrai du coté de la restauration système.
Si ça ne va pas...ben, t'auras pas le choix.
Voir si tu n'as collé une infection dans ton PC...
Dis-moi, si la restauration à fonctionné ?
à ta place je verrai du coté de la restauration système.
Si ça ne va pas...ben, t'auras pas le choix.
Voir si tu n'as collé une infection dans ton PC...
Dis-moi, si la restauration à fonctionné ?
bonjour je ne sais pas si je serais d'une grande aide mais on dirais bien que tu as un probleme de droit sur ton pc
au boulot où je ne suis pas administrateur j'ai exactement le meme probleme mais une fois logue en admini tout est ok
a mon niveau je ne peux rien de plus
au boulot où je ne suis pas administrateur j'ai exactement le meme probleme mais une fois logue en admini tout est ok
a mon niveau je ne peux rien de plus
Salut à toi,
commence par vérifier ce fichier:
C:\WINDOWS\system32\igfxtray.exe
ici:
http://www.virustotal.com/en/virustotalx.html
colles le rapport
commence par vérifier ce fichier:
C:\WINDOWS\system32\igfxtray.exe
ici:
http://www.virustotal.com/en/virustotalx.html
colles le rapport
Merci beaucoup pour votre aide.
Philo 2100 : voici le resultat du rapport malheureusement, il n a rien trouve
File "igfxtray.exe" received on 01.02.2007 at 13:11:45 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.
Antivirus Version Update Result
AntiVir 7.3.0.21 01.02.2007 no virus found
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.01.2007 no virus found
BitDefender 7.2 01.02.2007 no virus found
CAT-QuickHeal 8.00 01.01.2007 no virus found
ClamAV devel-20060426 01.02.2007 no virus found
DrWeb 4.33 01.02.2007 no virus found
eSafe 7.0.14.0 01.01.2007 no virus found
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3296 01.02.2007 no virus found
Ewido 4.0 01.01.2007 no virus found
Fortinet 2.82.0.0 01.02.2007 no virus found
F-Prot 3.16f 12.30.2006 no virus found
Aditional Information
File size: 94208 bytes
MD5: 6e5a178e359ee42f748186a14449d848
SHA1: 99196807302cefe48b41e8483c33d426c3da2749
Je vais tenter une restauration systeme.
Je vous tiens au courant.
Philo 2100 : voici le resultat du rapport malheureusement, il n a rien trouve
File "igfxtray.exe" received on 01.02.2007 at 13:11:45 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.
Antivirus Version Update Result
AntiVir 7.3.0.21 01.02.2007 no virus found
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.01.2007 no virus found
BitDefender 7.2 01.02.2007 no virus found
CAT-QuickHeal 8.00 01.01.2007 no virus found
ClamAV devel-20060426 01.02.2007 no virus found
DrWeb 4.33 01.02.2007 no virus found
eSafe 7.0.14.0 01.01.2007 no virus found
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3296 01.02.2007 no virus found
Ewido 4.0 01.01.2007 no virus found
Fortinet 2.82.0.0 01.02.2007 no virus found
F-Prot 3.16f 12.30.2006 no virus found
Aditional Information
File size: 94208 bytes
MD5: 6e5a178e359ee42f748186a14449d848
SHA1: 99196807302cefe48b41e8483c33d426c3da2749
Je vais tenter une restauration systeme.
Je vous tiens au courant.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bon, toutes les restaurations systemes ont ete infructeuses...
Par contre j ai trouve un fichier louche et j ai fait l analyse sur le site mentionne precedemment:
Antivirus Version Update Result
AntiVir 7.3.0.21 01.02.2007 Worm/Bagle.GX
Authentium 4.93.8 12.30.2006 W32/Mitglieder.VD
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.01.2007 I-Worm/Bagle
BitDefender 7.2 01.02.2007 Win32.Bagle.DZ@mm
CAT-QuickHeal 8.00 01.01.2007 no virus found
ClamAV devel-20060426 01.02.2007 no virus found
DrWeb 4.33 01.02.2007 no virus found
Apparemment c est lui qui a fait des degats. Je vais voir comme l eradiquer...
Par contre j ai trouve un fichier louche et j ai fait l analyse sur le site mentionne precedemment:
Antivirus Version Update Result
AntiVir 7.3.0.21 01.02.2007 Worm/Bagle.GX
Authentium 4.93.8 12.30.2006 W32/Mitglieder.VD
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.01.2007 I-Worm/Bagle
BitDefender 7.2 01.02.2007 Win32.Bagle.DZ@mm
CAT-QuickHeal 8.00 01.01.2007 no virus found
ClamAV devel-20060426 01.02.2007 no virus found
DrWeb 4.33 01.02.2007 no virus found
Apparemment c est lui qui a fait des degats. Je vais voir comme l eradiquer...
Tu fais comme tu le sens....
Mais je te conseille de faire cette procédure dans l'ordre:
https://leblogdeclaude.blogspot.com/2006/10/informatique-procdure-de-nettoyage.html
ensuite un post de hijackthis:
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Mais je te conseille de faire cette procédure dans l'ordre:
https://leblogdeclaude.blogspot.com/2006/10/informatique-procdure-de-nettoyage.html
ensuite un post de hijackthis:
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Re-bonjour,
Merci pour le lien Philo, j ai suivi a la lettre les etapes decrites. C est vraiment sympa.
Par contre, a cause du virus j ai pas pu mettre a jour adaware (l update bloque au moment de se sauvegarder),
de meme spybot ne marche pas (pas de fichier exe cree), enfin et plus grave au moment ou je choisis le mode sans echec, un ecran bleu apparait (j ai pas le temps de lire mais cela parle de systeme et de virus) et cela redemarre la machine. Je ne peux donc acceder a ce mode!
voici les rapports demandes dans ton tutorial:
RAPPORT SMITFRAUD
SmitFraudFix v2.132
Scan done at 4:01:41.46, 2007/01/03
Run from C:\Documents and Settings\cぇm\デスクトップ\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
ササササササササササササササササササササササササ C:\
ササササササササササササササササササササササササ C:\WINDOWS
ササササササササササササササササササササササササ C:\WINDOWS\system
ササササササササササササササササササササササササ C:\WINDOWS\Web
ササササササササササササササササササササササササ C:\WINDOWS\system32
ササササササササササササササササササササササササ C:\Documents and Settings\cぇm
ササササササササササササササササササササササササ C:\Documents and Settings\cぇm\Application Data
ササササササササササササササササササササササササ Start Menu
ササササササササササササササササササササササササ C:\DOCUME~1\cぇm\FAVORI~1
ササササササササササササササササササササササササ Desktop
ササササササササササササササササササササササササ C:\Program Files
ササササササササササササササササササササササササ Corrupted keys
ササササササササササササササササササササササササ Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="現在のホーム ページ"
ササササササササササササササササササササササササ Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
ササササササササササササササササササササササササ AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
ササササササササササササササササササササササササ Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
ササササササササササササササササササササササササ pe386-msguard-lzx32
ササササササササササササササササササササササササ Scanning wininet.dll infection
ササササササササササササササササササササササササ End
RAPPORT AVG
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:25:15 2007/01/03
+ Scan result:
:mozilla.101:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.102:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.135:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.136:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.79:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.80:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.81:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.125:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.154:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.155:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.156:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.110:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.111:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.112:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.29:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.180:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.113:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.114:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.115:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.116:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.103:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.104:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.106:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.166:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.167:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.188:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.105:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.139:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.140:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.141:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.142:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.143:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.144:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.73:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.74:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.75:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.161:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.61:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.62:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.64:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.65:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.76:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.77:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.78:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.205:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.94:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
ET ENFIN HIJACK
Logfile of HijackThis v1.99.1
Scan saved at 13:27:53, on 2007/01/03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\NTTE\Flets\app\TangoService.exe
C:\PROGRA~1\NTTE\Flets\app\TangoManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Fran軋ise\VERSION TRADUITE ORIGINALE.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ShowTangoBar Class - {603EC267-504E-4BD4-97F3-5DD71A271EAF} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: フレッツ接続ツール - {831AA893-5930-4A2B-8D38-B881AD1764E2} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\NTTE\Flets\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ウイルスバスター On-Line Scan) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{29CEF087-1999-4D96-8526-4A8B14D93438}: NameServer = 202.238.95.24 202.238.95.26
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTE\Flets\app\TangoService.exe
O23 - Service: Touch-It Virtual Keyboard (TouchIt) - Unknown owner - C:\WINDOWS\system32\TouchIts.exe (file missing)
Merci pour le lien Philo, j ai suivi a la lettre les etapes decrites. C est vraiment sympa.
Par contre, a cause du virus j ai pas pu mettre a jour adaware (l update bloque au moment de se sauvegarder),
de meme spybot ne marche pas (pas de fichier exe cree), enfin et plus grave au moment ou je choisis le mode sans echec, un ecran bleu apparait (j ai pas le temps de lire mais cela parle de systeme et de virus) et cela redemarre la machine. Je ne peux donc acceder a ce mode!
voici les rapports demandes dans ton tutorial:
RAPPORT SMITFRAUD
SmitFraudFix v2.132
Scan done at 4:01:41.46, 2007/01/03
Run from C:\Documents and Settings\cぇm\デスクトップ\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
ササササササササササササササササササササササササ C:\
ササササササササササササササササササササササササ C:\WINDOWS
ササササササササササササササササササササササササ C:\WINDOWS\system
ササササササササササササササササササササササササ C:\WINDOWS\Web
ササササササササササササササササササササササササ C:\WINDOWS\system32
ササササササササササササササササササササササササ C:\Documents and Settings\cぇm
ササササササササササササササササササササササササ C:\Documents and Settings\cぇm\Application Data
ササササササササササササササササササササササササ Start Menu
ササササササササササササササササササササササササ C:\DOCUME~1\cぇm\FAVORI~1
ササササササササササササササササササササササササ Desktop
ササササササササササササササササササササササササ C:\Program Files
ササササササササササササササササササササササササ Corrupted keys
ササササササササササササササササササササササササ Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="現在のホーム ページ"
ササササササササササササササササササササササササ Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
ササササササササササササササササササササササササ AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
ササササササササササササササササササササササササ Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
ササササササササササササササササササササササササ pe386-msguard-lzx32
ササササササササササササササササササササササササ Scanning wininet.dll infection
ササササササササササササササササササササササササ End
RAPPORT AVG
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:25:15 2007/01/03
+ Scan result:
:mozilla.101:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.102:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.135:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.136:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.79:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.80:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.81:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.125:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.154:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.155:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.156:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.110:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.111:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.112:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.29:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.180:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.113:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.114:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.115:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.116:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.103:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.104:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.106:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.166:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.167:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.188:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.105:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.139:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.140:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.141:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.142:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.143:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.144:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.73:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.74:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.75:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.161:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.61:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.62:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.64:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.65:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.76:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.77:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.78:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.205:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.94:C:\My Backup -- 06-12-07 1206PM\Documents and Settings\ありひろ\Application Data\Mozilla\Firefox\Profiles\9yenyk9g.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
ET ENFIN HIJACK
Logfile of HijackThis v1.99.1
Scan saved at 13:27:53, on 2007/01/03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\NTTE\Flets\app\TangoService.exe
C:\PROGRA~1\NTTE\Flets\app\TangoManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Fran軋ise\VERSION TRADUITE ORIGINALE.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ShowTangoBar Class - {603EC267-504E-4BD4-97F3-5DD71A271EAF} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: フレッツ接続ツール - {831AA893-5930-4A2B-8D38-B881AD1764E2} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\NTTE\Flets\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ウイルスバスター On-Line Scan) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{29CEF087-1999-4D96-8526-4A8B14D93438}: NameServer = 202.238.95.24 202.238.95.26
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTE\Flets\app\TangoService.exe
O23 - Service: Touch-It Virtual Keyboard (TouchIt) - Unknown owner - C:\WINDOWS\system32\TouchIts.exe (file missing)
Hello,
Je re marque à tes "016 "que tu fais pleins de trucs, en pleine décontamination.....ça va pas résoudre ton soucis.
Je peux comprendre que tu essayes aussi par toi même.
Mais le résultat n'est pas flagrant ....
フレッツ接続ツール -....
de plus tu me dis:
J ai essaye d installer spy doctor a l instant.
----------------------------------------------------------------------------
Tu as deux trucs qui risquent de cacher certaines infections:
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
je te dis ça comme- ça
Si tu essayes de décontaminer un PC avec des programmes qui bloquent l'infection en dessous, tu vas jamais en sortir.
Des infections risquent de ne pas apparaîtrent dans Hijackthis.
------------------------------------------------------------------------
Si tu fais des choses non demandées, la désinfection ne sera pas possible....ça va partir en cornichon....
Bon, je laisse la place libre.
;-)
Je re marque à tes "016 "que tu fais pleins de trucs, en pleine décontamination.....ça va pas résoudre ton soucis.
Je peux comprendre que tu essayes aussi par toi même.
Mais le résultat n'est pas flagrant ....
フレッツ接続ツール -....
de plus tu me dis:
J ai essaye d installer spy doctor a l instant.
----------------------------------------------------------------------------
Tu as deux trucs qui risquent de cacher certaines infections:
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
je te dis ça comme- ça
Si tu essayes de décontaminer un PC avec des programmes qui bloquent l'infection en dessous, tu vas jamais en sortir.
Des infections risquent de ne pas apparaîtrent dans Hijackthis.
------------------------------------------------------------------------
Si tu fais des choses non demandées, la désinfection ne sera pas possible....ça va partir en cornichon....
Bon, je laisse la place libre.
;-)
Salut Philo,
Merci pour tes indications.
Desole si mes manoeuvres ne sont pas tres rationnelles...
Pr Macafee c etait mon ancien antivirus il semble qu il gardait le spamkiller malgre la desinstallation.
フレッツ接続ツール est juste un programme de connection a internet.
Bon je pense que la meilleure chose a faire est la reinstallation...de windows.
Des le depart de mon probleme je ne pouvais pas demarrer en mode sans echec ce qui n est pas rassurant...
Bon je te remercie beaucoup pour ton aide...
++
Merci pour tes indications.
Desole si mes manoeuvres ne sont pas tres rationnelles...
Pr Macafee c etait mon ancien antivirus il semble qu il gardait le spamkiller malgre la desinstallation.
フレッツ接続ツール est juste un programme de connection a internet.
Bon je pense que la meilleure chose a faire est la reinstallation...de windows.
Des le depart de mon probleme je ne pouvais pas demarrer en mode sans echec ce qui n est pas rassurant...
Bon je te remercie beaucoup pour ton aide...
++
