Tom's Guide > Forum > Sécurité - Virus > svp aidez moi! comment débarrasser de Adware Reviews? [RÉSOLU]

svp aidez moi! comment débarrasser de Adware Reviews? [RÉSOLU]

Forum Sécurité - Virus : svp aidez moi! comment débarrasser de Adware Reviews? [RÉSOLU]

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
kaytiti   12-04-2006 à 23:36:37

Bonjour,
SVP aidez moi!
Mon ordi est infecté avec Adware Reviews, et Norton Antivirus n'y peut rien. Norton n'est même pas capable de le détecter! Je ne connais pas beaucoup alors que dois-je faire pour m'en débarrasser?
J'ai lu quelques uns des messages postés, et voici le rapport de Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 17:28:50, on 2006-04-12
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\svchost.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\ATnotes\ATnotes.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\wupdmgr.exe
C:\WINNT\osaupd.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\enternet.exe
C:\WINNT\TEMP\1BF3.tmp
D:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUMENTS AND SETTINGS\TRAN KIM THANH\DESKTOP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.c [...] x_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [ATnotes.exe] D:\Program Files\ATnotes\ATnotes.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program Files\GetRight\getright.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = D:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/ga [...] blt1_x.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/file [...] n-test.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ [...] ge-c10.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/web [...] ad635a.exe
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.sponsoradulto.com/cab/3/ [...] comInt.cab
O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} - http://www.webvdecor.com/app/WebVDSetUp.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downlo [...] ofupld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility [...] tility.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A0F3DE0D-9308-4650-82A0-53F0C17D7D65} (Web2D Control) - http://www.webvdecor.com/app/WebVD.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.photolab.ca/fr/Photo/ImageUploader3.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramew [...] b34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.ya [...] mplete.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/unskin/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab
O20 - Winlogon Notify: cdscsix3 - C:\WINNT\SYSTEM32\cdscsix3.dll
O20 - Winlogon Notify: directpt - C:\WINNT\SYSTEM32\directpt.dll
O20 - Winlogon Notify: Reliability - C:\WINNT\
O20 - Winlogon Notify: SensSrv - C:\WINNT\SYSTEM32\senssrv.dll
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\system32\nfbnnhdn.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\sxiwkdb.exe (file missing)

Merci merci merci infiniment de votre aide! Je vous serais tellement reconnaissante!

Kim

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
chercheur_   12-04-2006 à 23:39:35
- 0 +

Bonsoir

Beaucoup de travail.

On commence.

* Télécharge
SmitfraudFix de S!Ri:
http://siri.urz.free.fr/Fix/SmitfraudFix.php
Tu le dézippes sur le Bureau.

Ewido
http://www.ewido.net/fr/download/
Tu l'installes et tu le mets à jour.

* Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1
Postes le rapport.

* Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarres l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuyes sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionnes le mode sans échec approprié et appuyes sur Entrée.

* Relances SmitfraudFix et choisis cette fois l’option 2 et réponds oui à tout.

* Lance Ewido. Fais un scan en mode complet.
Sauvegardes le rapport.

* Redémarres normalement et communiques le deuxième rapport de SmitfraudFix, celui d'Ewido avec un nouveau rapport Hijackthis.

Répondre à chercheur_
kaytiti   13-04-2006 à 03:37:34
- 0 +

Merci beaucoup d'être venu en aide.

J'ai téléchargé Ewido sur mon Bureau, mais je n'ai pas réussi à l'installer. À chaque fois que ça arrive à l'étape où on choisit où l'installer, il y a une alerte d'erreur et la fenêtre d'installation disparaisse toute seule. Comment faire? Devrais-je sauter cette étape?

J'ai pu téléchargé SmitfraudFix, et voici le 1er rapport:

SmitFraudFix v2.29

Scan done at 21:34:41,95, mer. 2006-04-12
Run from C:\Documents and Settings\Tran Kim Thanh\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195]

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\country.exe FOUND !
C:\exit FOUND !
C:\secure32.html FOUND !
C:\tool1.exe FOUND !
C:\tool4.exe FOUND !
C:\toolbar.exe FOUND !
C:\uniq FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT

C:\WINNT\loadadv728.exe FOUND !
C:\WINNT\osaupd.exe FOUND !
C:\WINNT\uninstDsk.exe FOUND !
C:\WINNT\warnhp.html FOUND !
C:\WINNT\wupdmgr.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32

C:\WINNT\system32\amcompat.tlb FOUND !
C:\WINNT\system32\intell321.exe FOUND !
C:\WINNT\system32\nscompat.tlb FOUND !
C:\WINNT\system32\oleext.dll FOUND !
C:\WINNT\system32\parad.raw.exe FOUND !
C:\WINNT\system32\runsrv32.dll FOUND !
C:\WINNT\system32\runsrv32.exe FOUND !
C:\WINNT\system32\shell386.exe FOUND !
C:\WINNT\system32\tcpservice2.exe FOUND !
C:\WINNT\system32\txfdb32.dll FOUND !
C:\WINNT\system32\winapi32.dll FOUND !
C:\WINNT\system32\wstart.dll FOUND !
C:\WINNT\system32\zlbw.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tran Kim Thanh\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tran Kim Thanh\Favorites


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files

D:\Program Files\Common Files\VCClient\VCMain.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\WINNT\\warnhp.html"
"SubscribedURL"=""
"FriendlyName"="Desktop Uninstall"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

[HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Encore merci,
Kim

Répondre à kaytiti
kaytiti   13-04-2006 à 17:48:24
- 0 +

Finalement, j'ai réussi à installer Ewido en mode sans échec, et revenir en mode normal pour pouvoir le mettre à jour comme tu as recommandé. Puis revenir en mode sans échec à nouveau et relancé SmithfraudFix une 3e fois:

(Rapport #2 message précédent)
Rapport SmitFraudFix #3
SmitFraudFix v2.29

Rapport fait à 22:36:32,01, mer. 2006-04-12
Executé à partir de C:\Documents and Settings\Tran Kim Thanh\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINNT\osaupd.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Fin

________________________________________________________________________________
J'ai lancé Ewido 2 fois également, et je pense avoir bien fait, parce que la deuxième fois, d'autres fichiers infectés ont été trouvés aussi. Voici les 2 rapports:

Rapport Ewido #1
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 23:00:10, 2006-04-12
+ Report-Checksum: CF960589

+ Scan result:

HKLM\SOFTWARE\Alexa Internet -> Adware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Classes\AlxTB.BHO -> Adware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\DailyToolbar.DLL -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\Bridge.brdg -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\DailyToolbar.IEBand -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\DailyToolbar.SysMgr -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\IEToolbar.AffiliateCtl -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\jao.jao -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\PopMenu.Menu -> Adware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Classes\Popup.PopupKiller -> Adware.Alexa : Cleaned with backup
HKLM\SOFTWARE\DailyToolbar -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e52dedbb-d168-4bdb-b229-c48160800e81} -> Hijacker.Generic : Cleaned with backup
HKLM\SOFTWARE\NIX Solutions -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\NIX Solutions\DailyToolbar -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\RespondMiter -> Adware.VX2 : Cleaned with backup
C:\315502.exe -> Trojan.Small : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\GLYR8DUJ\tt[1].exe -> Backdoor.Small.ko : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.365:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Tran Kim Thanh\Application Data\Phoenix\Profiles\default\tcujfh4j.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Tran Kim Thanh\Application Data\Phoenix\Profiles\default\tcujfh4j.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Tran Kim Thanh\Application Data\Phoenix\Profiles\default\tcujfh4j.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Tran Kim Thanh\Application Data\Phoenix\Profiles\default\tcujfh4j.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Tran Kim Thanh\Application Data\Phoenix\Profiles\default\tcujfh4j.slt\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Tran Kim Thanh\Application Data\Phoenix\Profiles\default\tcujfh4j.slt\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\Tran Kim Thanh\Local Settings\Temp\Cookies\kthanh@a.tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Tran Kim Thanh\Local Settings\Temp\Cookies\kthanh@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Tran Kim Thanh\Local Settings\Temp\Cookies\kthanh@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\drsmartload45a.exe -> Downloader.Adload.an : Cleaned with backup
C:\windows\mousepad10.exe -> Hijacker.VB.ly : Cleaned with backup
C:\WINNT\CheckS02.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINNT\Downloaded Program Files\HbInstIE.dll -> Adware.HotBar : Cleaned with backup
C:\WINNT\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Cleaned with backup
C:\WINNT\errorhandler.exe -> Downloader.VB.nw : Cleaned with backup
C:\WINNT\system32\cdscsix3.dll -> Logger.Haxspy.v : Cleaned with backup
C:\WINNT\system32\cdscsix3r.sys -> Logger.Haxspy.v : Error during cleaning
C:\WINNT\system32\directprt.sys -> Logger.Haxspy.w : Error during cleaning
C:\WINNT\system32\directpt.dll -> Logger.Goldun.iy : Cleaned with backup
C:\WINNT\system32\senssrv.dll -> Downloader.Agent.afl : Cleaned with backup
C:\WINNT\Temp\1BF3.tmp -> Backdoor.Small.ko : Cleaned with backup
D:\Program Files\?icrosoft\?poolsv.exe -> Adware.PurityScan : Cleaned with backup


::Report End

Rapport Ewido #2
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 23:15:17, 2006-04-12
+ Report-Checksum: D8CB5866

+ Scan result:

C:\WINNT\system32\cdscsix3r.sys -> Logger.Haxspy.v : Cleaned with backup
C:\WINNT\system32\directprt.sys -> Logger.Haxspy.w : Cleaned with backup


::Report End

_______________________________________________________________________________
Et voici le nouveau rapport HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 23:24:35, on 2006-04-12
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\svchost.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\ATnotes\ATnotes.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\wupdmgr.exe
C:\WINNT\osaupd.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\enternet.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\Tran Kim Thanh\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [ATnotes.exe] D:\Program Files\ATnotes\ATnotes.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program Files\GetRight\getright.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = D:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/ga [...] blt1_x.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/file [...] n-test.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ [...] ge-c10.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/web [...] ad635a.exe
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.sponsoradulto.com/cab/3/ [...] comInt.cab
O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} - http://www.webvdecor.com/app/WebVDSetUp.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downlo [...] ofupld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility [...] tility.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A0F3DE0D-9308-4650-82A0-53F0C17D7D65} (Web2D Control) - http://www.webvdecor.com/app/WebVD.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.photolab.ca/fr/Photo/ImageUploader3.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramew [...] b34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.ya [...] mplete.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/unskin/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab
O20 - Winlogon Notify: cdscsix3 - cdscsix3.dll (file missing)
O20 - Winlogon Notify: directpt - directpt.dll (file missing)
O20 - Winlogon Notify: Reliability - C:\WINNT\
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\system32\nfbnnhdn.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\sxiwkdb.exe (file missing)

Les icônes Adware Reviews réapparaissent toujours sur le Bureau, et 2 autres dans la barre des Tâches qui clignotent ces messages "hypocrites". J'ai hâte d'en venir à bout!

Merci tellement,
Kim

Répondre à kaytiti
Angeldark   13-04-2006 à 17:56:26
- 0 +

Bonjour,
Supprime Smitfraudfix on va recommencer il y a eu une erreur quelque part.
(prends le en farncais cette fois ;-) )

1/ Télécharge Smitfraudfix
Dézippe-le sur le Bureau.
Ouvre le dossier SmitfraudFix et lance SmitfraudFix.cmd
Choisis l'Option 1 (Recherche)
Si tu vois des lignes avec PRESENT! Continue

2/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)

Relance SmitfraudFix et choisis cette fois l’Option 2 et réponds oui à chaque question
Sauvegarde puis poste le rapport.

3/ Poste un rapport Hijackthis

Répondre à Angeldark
kaytiti   13-04-2006 à 18:31:26
- 0 +

Merci Angeldark. J'ai fait ce que tu m'as recommandé. Voici le rapport SmithfraudFix et Hijackthis:

SmitFraudFix v2.29

Rapport fait à 12:31:33,07, jeu. 2006-04-13
Executé à partir de C:\Documents and Settings\Tran Kim Thanh\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINNT\osaupd.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Fin


Logfile of HijackThis v1.99.1
Scan saved at 12:38:40, on 2006-04-13
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\svchost.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
D:\Program Files\ATnotes\ATnotes.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\wupdmgr.exe
C:\WINNT\osaupd.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\enternet.exe
C:\Documents and Settings\Tran Kim Thanh\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [ATnotes.exe] D:\Program Files\ATnotes\ATnotes.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program Files\GetRight\getright.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = D:\Program Files\Quicken\bagent.exe
O4 - Global Startup: wupdmgr.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/ga [...] blt1_x.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/file [...] n-test.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ [...] ge-c10.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/web [...] ad635a.exe
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.sponsoradulto.com/cab/3/ [...] comInt.cab
O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} - http://www.webvdecor.com/app/WebVDSetUp.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downlo [...] ofupld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility [...] tility.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A0F3DE0D-9308-4650-82A0-53F0C17D7D65} (Web2D Control) - http://www.webvdecor.com/app/WebVD.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.photolab.ca/fr/Photo/ImageUploader3.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramew [...] b34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.ya [...] mplete.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/unskin/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab
O20 - Winlogon Notify: cdscsix3 - cdscsix3.dll (file missing)
O20 - Winlogon Notify: directpt - directpt.dll (file missing)
O20 - Winlogon Notify: Reliability - C:\WINNT\
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\system32\nfbnnhdn.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\sxiwkdb.exe (file missing)

Les icônes me hantent toujours sur le Bureau et dans la zone de notification à côté de l'horloge. Je crois que je vais pleurer! ...mais je me retienne :)
Merci
Kim

Répondre à kaytiti
chercheur_   14-04-2006 à 00:12:11
- 0 +

Bonsoir

1 Télécharge CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.

3 Relance un scan HijackThis et coche les lignes ci-dessous :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = D:\Program Files\Quicken\bagent.exe
O4 - Global Startup: wupdmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/ga [...] blt1_x.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/file [...] n-test.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ [...] ge-c10.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/web [...] ad635a.exe
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.sponsoradulto.com/cab/3/ [...] comInt.cab
O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} - http://www.webvdecor.com/app/WebVDSetUp.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downlo [...] ofupld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility [...] tility.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A0F3DE0D-9308-4650-82A0-53F0C17D7D65} (Web2D Control) - http://www.webvdecor.com/app/WebVD.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.photolab.ca/fr/Photo/ImageUploader3.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramew [...] b34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.ya [...] mplete.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/unskin/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab
O20 - Winlogon Notify: cdscsix3 - cdscsix3.dll (file missing)
O20 - Winlogon Notify: directpt - directpt.dll (file missing)
O20 - Winlogon Notify: Reliability - C:\WINNT\
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\system32\nfbnnhdn.dll (file missing)

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »

4 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer

5 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\WINNT\system32\dmonwv.dll
C:\WINNT\wupdmgr.exe

6 Lance le nettoyage avec CCleaner.

Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.

7 Redémarre normalement

8 Télécharger haxfix.exe
et sauvegarde le sur le bureau.

  • Double cliquer sur haxfix.exe pour installer haxfix. (l'installation standard est c:\program Files\haxfix)
  • Cocher "Create a desktop icon"
  • Cliquer "Next"
  • Quand l'installation est terminée, s'assurer que "Launch HaxFix" est coché
  • Cliquer "Finish"


Une "fenêtre DOS" à fond rouge s'ouvre avec les options suivantes:
1. Make logfile (créer un rapport)
2. Run auto fix (lancer la réparation en mode automatique)
3. Run manual fix (lancer la réparation en mode manuel)
E. Exit Haxfix (quitter Haxfix)

  • Selectionner l'option 1. Make logfile en tapant 1 puis taper "Entrée"
  • Haxfix va analyser le système. Quand il a fini, un rapport s'ouvrira: haxlog.txt > (c:\haxlog.txt)


Colle ce rapport ici.

Ensuite.

  • Ouvrir le dossier C:\Program Files\haxfix et double-cliquer sur fix.bat

(ou double-cliquer sur l'icone du bureau fix.bat )

  • Fermer toutes les autres fenêtres, car Haxfix re-démarerra le système.
  • Selectionner l'option 2. Run auto fix en tapant 2 puis "Entrée"


si une infection est trouvée, Vous aurez un message demandant de fermer toutes les autres fenêtres ouvertes.

  • Fermer toutes les autres fenêtres sauf la fenêtre à fond rouge de haxfix puis taper "Entrée"
  • La machine sera re-démarrée
  • En fin de re-démarrage un rapport s'ouvrira > (c:\haxfix.txt)
  • Poster le contenu de ce rapport ainsi qu'un nouveau rapport HijackThis

Répondre à chercheur_
kaytiti   14-04-2006 à 05:28:07
- 0 +

Bonsoir,

Je ne sais pas si le mal est complétement nettoyé, je l'espère, mais je suis tellement contente et reconnaissante! Les icônes "hypocrites" ne réapparaissent plus dans le systray, et il n'y a plus d'icône d'Adware Reviews sur mon Bureau, ni de message d'alerte non sollicité! Merci mille et mille fois Chercheur PCA! et Darkangel aussi. Vous êtes tous les deux merveilleux!
Kim

Voici le rapport haxlog.txt:

HAXFIX logfile - by Marckie
--------------
version 2.31
jeu. 2006-04-13 23:31:23,32

checking for ps.a3d....
ps.a3d not found

checking for p2s2.a3d....
p2s2.a3d not found

checking for matching notify keys....
no matching notify keys found

checking for matching services....
matching services found
Aspi32

checking for matching safeboot services....
no matching safeboot services found

Et le dernier rapport de HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 23:51:01, on 2006-04-13
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\svchost.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\Program Files\Norton Internet Security\Norton

AntiVirus\navapsvc.exe
D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
D:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\ATnotes\ATnotes.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security

Console\NSCSRVCE.EXE
D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\enternet.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\notepad.exe
C:\Documents and Settings\Tran Kim

Thanh\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = 127.0.0.1
O2 - BHO: bho2gr Class -

{31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program

Files\GetRight\xx2gr.dll
O2 - BHO: Norton Internet Security 2006 -

{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program

Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}

- D:\Program Files\Norton Internet Security\Norton

AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ASUS Probe] C:\Program

Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI

Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program

Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA

Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE

TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program

Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common

Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common

Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [ATnotes.exe] D:\Program

Files\ATnotes\ATnotes.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program

Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program

Files\GetRight\getright.exe
O8 - Extra context menu item: &Google Search -

res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -

res://d:\program

files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -

res://d:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -

res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight -

D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser -

D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://d:\program

files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -

res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: PartyPoker.com -

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program

Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com -

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program

Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINNT\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec

Corporation - D:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation

(ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton

Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation -

D:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Logical Disk Manager Administrative Service

(dmadmin) - VERITAS Software Corp. -

C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks -

D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks -

D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation -

D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service

(navapsvc) - Symantec Corporation - D:\Program Files\Norton

Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) -

Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINNT\system32\HPZipm12.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner -

D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec

Corporation - D:\Program Files\Norton Internet Security\Norton

AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) -

Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner -

C:\WINNT\sxiwkdb.exe (file missing)

Répondre à kaytiti
chercheur_   14-04-2006 à 14:54:31
- 0 +

Bonjour

Il en reste un.

Tu clique sur Démarrer puis Exécuter, tu tapes services.msc et tu cliques sur OK.

Dans la liste des services, cherche et sélectionne
"Windows Overlay Components" / double clique sur la ligne
/ vérifie dans Chemin d'accès des fichiers exécutables qu'il
s'agit bien de "C:\WINNT\sxiwkdb.exe" / dans Type de démarrage,
sélectionne Désactiver / valide la modification.

Démarre le logiciel HijackThis.

Clique sur > Config >Misc tools > delete a file on reboot.
Entre ce chemin:

C:\WINNT\sxiwkdb.exe

Redémarre l'ordinateur.

Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/

Colle son rapport ici.

Répondre à chercheur_
kaytiti   15-04-2006 à 05:04:43
- 0 +

Bonsoir,
J'ai fait une analyse en ligne sur Kaspersky tel que recommandé. On dirait que j'ai encore beaucoup de virus!

Voici le rapport d'analyse sur Kaspersky:

KASPERSKY ON-LINE SCANNER - RAPPORT
vendredi 14 avril 2006 23:12:41
Système d'exploitation : Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Version de Kaspersky On-line Scanner: 5.0.78.0
Dernière mise à jour de la base antivirus Kaspersky : 15/04/2006
Enregistrements dans la base antivirus Kaspersky : 176778
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie. vrai
Cible de l'analyse Dossiers
C:\
D:\
Statistiques de l'analyse
Total d'objets analysés : 43676
Nombre de virus trouvés 37
Nombre d'objets infectés 101
Nombre d'objets suspects 0
Durée de l'analyse 00:28:47

Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02BF0F47.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02C31282.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02C63C7F.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02E66813.exe Infecté: Trojan-Dropper.Win32.VB.kk ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03BA20B0.tmp Infecté: SpamTool.Win32.Agent.e ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07D96B33.dll Infecté: Virus.Win32.Nsag.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07EA3D21.dll Infecté: Trojan-Proxy.Win32.Wopla.s ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07EA3D21.exe Infecté: Trojan-PSW.Win32.Sinowal.d ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07ED671E.exe Infecté: Backdoor.Win32.Agent.xb ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07ED671E.tmp Infecté: SpamTool.Win32.Agent.e ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07F0111A.tmp Infecté: SpamTool.Win32.Agent.e ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08242DD9.exe Infecté: Trojan-Downloader.Win32.TSUpdate.o ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D52472E.exe Infecté: Trojan.Win32.StartPage.adi ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F3B0838.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F3E3235.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F415C31.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11AD76C4.exe Infecté: Trojan-Downloader.Win32.Qoologic.bj ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\120B385B.exe Infecté: Trojan.Win32.VB.tg ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12405822.EXE Infecté: Trojan-Clicker.Win32.VB.ly ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14825FA6.exe Infecté: Trojan-Downloader.Win32.TSUpdate.p ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\179A77DD.exe Infecté: Trojan-Downloader.Win32.VB.tw ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A3C5544.exe Infecté: Trojan.Win32.VB.tg ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AE5483E.exe Infecté: Trojan-Downloader.Win32.Adload.ae ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BA26ADB.exe/data0002/data0006 Infecté: Trojan-Dropper.Win32.VB.kk ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BA26ADB.exe/data0002 Infecté: Trojan-Dropper.Win32.VB.kk ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BA26ADB.exe NSIS: infecté - 2 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BA26ADB.exe CryptFF: infecté - 2 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BA514D7.exe Infecté: Trojan-Downloader.Win32.Dyfuca.ei ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C5650A8.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C597AA4.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D9C3741.tmp Infecté: Backdoor.Win32.Rbot.adf ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA0613D.tmp Infecté: Trojan-Downloader.Win32.Small.cpp ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA30B39.tmp Infecté: Packed.Win32.Tibs ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E160B1B.zip/Matrix.class Infecté: Trojan-Downloader.Java.OpenStream.c ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E160B1B.zip ZIP: infecté - 1 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E160B1B.zip CryptFF: infecté - 1 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21042BC4.exe/data0002 Infecté: Trojan-Downloader.Win32.VB.tw ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21042BC4.exe/data0003 Infecté: Trojan.Win32.VB.tg ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21042BC4.exe/data0006 Infecté: Trojan.Win32.VB.tg ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21042BC4.exe/data0007 Infecté: Trojan.Win32.VB.tg ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21042BC4.exe NSIS: infecté - 4 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21042BC4.exe CryptFF: infecté - 4 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2330257E.exe/data0002 Infecté: Trojan-Clicker.Win32.Small.jf ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2330257E.exe NSIS: infecté - 1 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2330257E.exe CryptFF: infecté - 1 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\233A2373.exe Infecté: Trojan-Downloader.Win32.Small.buy ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24487DE9.exe Infecté: Trojan-PSW.Win32.Sinowal.d ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\247A3613.exe Infecté: Trojan-Dropper.Win32.Agent.aie ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24810A0B.exe/data0002 Infecté: Trojan-Clicker.Win32.Small.jf ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24810A0B.exe NSIS: infecté - 1 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24810A0B.exe CryptFF: infecté - 1 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24E80739.dll Infecté: Trojan-PSW.Win32.Sinowal.d ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24EB3135.dll Infecté: Trojan-PSW.Win32.Sinowal.d ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25920E7E.exe Infecté: Trojan-Clicker.Win32.Small.kr ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\259924D6.dll Infecté: Trojan-Clicker.Win32.Small.jf ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\259C0C73.exe Infecté: Trojan-Dropper.Win32.Agent.aie ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25DB6C8E.dll Infecté: Trojan.Win32.Dialer.fu ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26B8513B.dll Infecté: Trojan-Clicker.Win32.Small.jf ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26CD1C66.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27F67C3E.exe Infecté: Trojan-Downloader.Win32.VB.nw ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28BB19EA.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28F05AC9.exe Infecté: Trojan-Downloader.Win32.VB.nw ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28F72EC2.exe Infecté: Packed.Win32.Tibs ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\298D3A1D.dll Infecté: Backdoor.Win32.Agent.xb ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A58279E.exe Infecté: Trojan.Win32.VB.tg ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A603738.exe Infecté: Trojan.Win32.VB.tg ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AB37CD9.exe Infecté: Trojan-Proxy.Win32.Wopla.r ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AF44492.exe Infecté: Backdoor.Win32.Rbot.adf ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AF76E8E.dll Infecté: Trojan-Proxy.Win32.Lager.aq ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B775402.exe Infecté: Trojan.Win32.VB.tg ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E9458C5.exe Infecté: Trojan-Downloader.Win32.Adload.af ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EC63220.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33277EBB.exe Infecté: Trojan-Downloader.Win32.Tiny.al ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B211475.exe/data0002 Infecté: Trojan-Clicker.Win32.Small.jf ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B211475.exe NSIS: infecté - 1 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B211475.exe CryptFF: infecté - 1 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CBD2760.exe/WISE0009.BIN Infecté: Trojan-Downloader.Win32.TSUpdate.n ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CBD2760.exe/WISE0010.BIN Infecté: Trojan-Downloader.Win32.TSUpdate.p ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CBD2760.exe/WISE0011.BIN Infecté: Trojan-Downloader.Win32.TSUpdate.l ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CBD2760.exe/WISE0012.BIN Infecté: Trojan-Downloader.Win32.TSUpdate.f ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CBD2760.exe WiseSFX: infecté - 4 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CBD2760.exe CryptFF: infecté - 4 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C991A68.exe Infecté: Trojan-Clicker.Win32.VB.ij ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4CA96C56.exe Infecté: Trojan-Clicker.Win32.VB.ij ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\613E48D3.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\614272D0.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68FE5421.tmp Infecté: Trojan-Spy.Win32.Small.ak ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F9739DA.exe Infecté: Trojan-Downloader.Win32.Dyfuca.ei ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\718C2B65.exe Infecté: Trojan-Downloader.Win32.Dyfuca.ei ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\757E4298.exe Infecté: Trojan-Downloader.Win32.Qoologic.bj ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7838298B.tmp Infecté: SpamTool.Win32.Agent.e ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\783B5387.tmp Infecté: SpamTool.Win32.Agent.e ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\783E7D84.tmp Infecté: SpamTool.Win32.Agent.e ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79917D4C.exe Infecté: Trojan-Clicker.Win32.VB.ij ignoré
C:\Program Files\secure32.html Infecté: Trojan.Win32.Harnig.a ignoré
C:\WINNT\pf78bb.exe/data0002 Infecté: Trojan-Downloader.Win32.VB.tw ignoré
C:\WINNT\pf78bb.exe/data0003 Infecté: Trojan.Win32.VB.tg ignoré
C:\WINNT\pf78bb.exe/data0006 Infecté: Trojan.Win32.VB.tg ignoré
C:\WINNT\pf78bb.exe/data0007 Infecté: Trojan.Win32.VB.tg ignoré
C:\WINNT\pf78bb.exe NSIS: infecté - 4 ignoré
C:\WINNT\system32\winsrv32.exe Infecté: not-virus:Hoax.Win32.Renos.cl ignoré
Analyse terminée.

Que fait donc Norton Antivirus? Mon cauchemar n'est donc pas fini?

Kim

Répondre à kaytiti
alvinm93   15-04-2006 à 13:14:25
- 0 +

Je ne suis pas sur mais installez kaspersky antivirus 5.0, programmez pour les bases antivirus étendues et faites un scan.

Répondre à alvinm93
Angeldark   15-04-2006 à 13:19:08
- 0 +

Bonjour,
Redemarre en mode sans echec puis supprime

C:\Program Files\secure32.html
C:\WINNT\pf78bb.exe
C:\WINNT\system32\winsrv32.exe

Vide ce dossier

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine

Répondre à Angeldark
kaytiti   15-04-2006 à 18:52:07
- 0 +

Bonjour,
J'ai vidé le dossier Quarantine de Norton et supprimé les fichiers infectés dans C:\ comme recommandé.

Et j'ai refait une analyse en ligne avec Kaspersky. Tout est parfait, ça m'a donné un rapport vide! Et j'ai fait un scan avec Ewido qui est encore sur mon ordi, seulement 1 infection est détecté et c'est enlevé.

Devrais-je faire autres chose pour m'assurer que tout est propre? Merci.
Kim

Répondre à kaytiti
Angeldark   15-04-2006 à 19:38:16
- 0 +

Tu peux toujours faire un scan en ligne chez Panda
Meme procedure + rapport Panda

Répondre à Angeldark
kaytiti   15-04-2006 à 20:48:23
- 0 +

Rebonjour,

J'ai fait un scan en ligne sur Panda. D'autres spyware ont été trouvés, je me demande d'où renouvellent-ils sans arrêt? Devrais-je les effacer manuellement?

Voici le rapport de Panda


Incident Status Location

Dialer:Dialer.GQK Not disinfected C:\Documents and Settings\Tran Kim Thanh\Desktop\backups\backup-20060413-230645-375.inf
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Tran Kim Thanh\Desktop\SmitfraudFix\Process.exe
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Distribution.dll.045
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Music.dll.022
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Windows.dll.072
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.041
Adware:adware/btgrab Not disinfected C:\WINNT\BTGrab.dll
Adware:adware/deskwizz Not disinfected C:\WINNT\dh.ini
Adware:adware/transponder Not disinfected C:\WINNT\dlmax.dll
Adware:Adware/AzeSearch Not disinfected C:\WINNT\Downloaded Program Files\azesearch.inf
Adware:adware/ieplugin Not disinfected C:\WINNT\kwv2.dat
Adware:adware/adwaresheriff Not disinfected C:\WINNT\osaupd.exe
Spyware:spyware/betterinet Not disinfected C:\WINNT\susp.exe
Adware:adware/superspider Not disinfected C:\WINNT\system32\a.exe
Adware:adware/alexa-toolbar Not disinfected C:\WINNT\system32\alxres.dll
Adware:adware/azesearch Not disinfected C:\WINNT\system32\azebar.xml
Spyware:spyware/bridge Not disinfected C:\WINNT\system32\bridge.dll
Adware:adware/dailytoolbar Not disinfected C:\WINNT\system32\dailytoolbar.dll
Adware:adware/wupd Not disinfected C:\WINNT\system32\ide21201.vxd

Merci beaucoup,
Kim

Répondre à kaytiti
kaytiti   16-04-2006 à 18:40:44
- 0 +

Merci beaucoup à Angeldark et Chercheur PCA de m'avoir tant aidé pour débarrasser de Adware Reviews.

Il y a toujours d'autres adwares (moins exaspérants cependant) qui entrent dans mon ordi par je ne sais où et comment, mais je pense pouvoir régler leurs comptes :) Si je n'y arrive pas je reviendrai certainement demander de l'aide encore!

Merci tellement et infiniment!
Kim

Répondre à kaytiti
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > svp aidez moi! comment débarrasser de Adware Reviews? [RÉSOLU]
Aller à :

Il y a 863 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,431 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens