Bonjour,
J'ai XPSecurityCenter installé sur l'ordi, le message "Your computer is infected, ...etc..." apparait sans arret près de la barre d'horloge
Pouvez vous m'aider à le désinstaller de l'ordinateur ??
voici mon rapport HijackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:34:58, on 3/07/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Belgium Identity Card\beidsystemtray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\braviax.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\Excel.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\crelanapps\clients\app_client.exe
c:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\u343490\Desktop\scan.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://crelanet.crelan.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://crelanet.crelan.be
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.crelan.be:8090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;127.*;141.96*;*.crelan.be;*.dexwired.net;194.36.230.101;194.36.230.100;194.78.227.210;fws.axa.be;www.fe.axa.be;<local>
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [braviax] C:\WINNT\system32\braviax.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://crelanet.crelan.be
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://hn019.crelan.be:8080/iNotes6W.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = crelan.be
O17 - HKLM\System\CCS\Services\Tcpip\..\{66A33875-ACA3-41C7-AB1B-9099ECB7AB81}: NameServer = 10.8.91.10,10.8.91.2,10.8.91.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = crelan.be
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = crelan.be
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = crelan.be
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = crelan.be
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = crelan.be
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: eID CRL Service - Zetes - C:\WINNT\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINNT\system32\beidservicepcsc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: OracleDEFAULT_HOME9ClientCache - Unknown owner - C:\ORA9\BIN\ONRSD.EXE
O23 - Service: SMS Task Sequence Agent (smstsmgr) - Unknown owner - C:\WINNT\system32\CCM\TSManager.exe
Afficher la suite
3 juil. 2008 à 16:09
es ce en rapport avec SmitFraudfix ou avec un fichier manquant de la machine ?