trojan et pub incessante qui sont en train de "devorer" mon ordi

arnaud7

27 Juin 2006 09:03:50

bonjours a tous
l'heure est grave pour mon ordi
merci de me dire se qu'il faut que je supprime voici mon log hijackthis : (je l'ai fait en mode sans erreurs)

Logfile of HijackThis v1.99.1
Scan saved at 10:55:04, on 27/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\HP_Propriétaire\Mes documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.modulonet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.modulonet.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = France Télécom Câble
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ydirector1] C:\Program Files\Larousse\EUL 2002\Shockwave_Installer_Full.exe /s
O4 - HKLM\..\Run: [zzzzzzzxtras] C:\Program Files\Larousse\EUL 2002\demo_xtras.exe
O4 - HKLM\..\Run: [ydirector2] C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\system32\Macromed\Flash\Swflash.ocx /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dialogoo] C:\Program Files\Dialogoo\Dialogoo.exe
O4 - HKLM\..\Run: [Easy-TV] C:\Program Files\Easy-TV\Easy-TV.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [XDAeDhKq4] C:\WINDOWS\blokhn.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [XDAeDh$vùõš/‚²‘ÆßfC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\blokhn.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
O4 - HKCU\..\Run: [Winlogin] C:\Documents and Settings\HP_Propriétaire\Mes documents\Temp\svchost.exe
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
O4 - HKCU\..\Run: [4d2877ac.exe] C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\4d2877ac.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hyperappel.lnk = C:\Program Files\Larousse\EUL 2002\bin\hyperappel.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.modulonet.fr
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - https://www.fnacmusic.com/telechargementFnacmusic/FnacC...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

voila merci d'avance

Autres pages sur : trojan pub incessante train devorer ordi

| Etre averti des réponses
| Alerter

Répondre à arnaud7

vinzator

27 Juin 2006 09:08:38

J'ai jamais vu un truc pareille dans les O1

| Alerter

Répondre à vinzator

rocket_270@IDN

27 Juin 2006 09:19:18

commence par ceci:
1/CCleaner

Telecharge ccleaner sur ce site:
CCleaner
Il nettoie ton ordi de tout les fichiers temporaires inutiles.
Fais une analyse puis lance le nettoyage.

2/Ewido

Telecharge ewido sur ce site:
Ewido-Anti-Malware
Fais les mise a jour puis fais un scan et post le rapport

| Alerter

Répondre à rocket_270@IDN

mogadon

27 Juin 2006 10:11:03

Bonjour , il a déjà fait Ewido

bonjour

relancer hijack
cocher et fix checked

toutes les lignes 01

--------------------
télécharger et enregistrer sur le bureau

= Hoster à : http://www.funkytoad.com/download/hoster.zip
=Vundofix

-------------------------
= Lancer Hoster.exe
= cliquer Restore Microsoft's Original Hosts =>OK.

-------------------
lancer Vundofix

= Double-clic VundoFix.exe.
=Cocher la case Run VundoFix as a task.
=Attendre le redemarrage de Vundofix

=Clic Scan for Vundo..
=Puis clic Remove Vundo.
= Puis yes
= Le Bureau disparaît un moment lors de la suppression des fichiers.
=Message shutdown; clic OK
=Redémarrer

------------------------

supprrimer en mode sans échec

si encore présent

85274TUJ ==> dans C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\

------------------------

refaire un hijack , il reste à nettoyer

| Alerter

Répondre à mogadon

rocket_270@IDN

27 Juin 2006 10:13:42

tu pense que ca vient de quoi toute ces lignes 01

| Alerter

Répondre à rocket_270@IDN

arnaud7

27 Juin 2006 10:22:06

voila c'est fait j'ai supprimé tout les 01 effectivement yavais un message en anglais qui parlai des 01 voila pour HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 12:20:16, on 27/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Larousse\EUL 2002\demo_xtras.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\HP_Propriétaire\Mes documents\Temp\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Larousse\EUL 2002\bin\hyperappel.exe
C:\Program Files\StarOffice7\program\soffice.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\TEMP\win543.tmp.exe
C:\Documents and Settings\HP_Propriétaire\Mes documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.modulonet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.modulonet.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = France Télécom Câble
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ydirector1] C:\Program Files\Larousse\EUL 2002\Shockwave_Installer_Full.exe /s
O4 - HKLM\..\Run: [zzzzzzzxtras] C:\Program Files\Larousse\EUL 2002\demo_xtras.exe
O4 - HKLM\..\Run: [ydirector2] C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\system32\Macromed\Flash\Swflash.ocx /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dialogoo] C:\Program Files\Dialogoo\Dialogoo.exe
O4 - HKLM\..\Run: [Easy-TV] C:\Program Files\Easy-TV\Easy-TV.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [XDAeDhKq4] C:\WINDOWS\blokhn.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [XDAeDh$vùõš/‚²‘ÆßfC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\blokhn.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
O4 - HKCU\..\Run: [Winlogin] C:\Documents and Settings\HP_Propriétaire\Mes documents\Temp\svchost.exe
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
O4 - HKCU\..\Run: [4d2877ac.exe] C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\4d2877ac.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hyperappel.lnk = C:\Program Files\Larousse\EUL 2002\bin\hyperappel.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.modulonet.fr
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - https://www.fnacmusic.com/telechargementFnacmusic/FnacC...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Ewido ne dit rien

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:21:31 27/06/2006

+ Scan result:

Nothing found.

::Report end

| Alerter

Répondre à arnaud7

mogadon

27 Juin 2006 10:52:07

relaancer hijack
cocher et fix checked

C:\Documents and Settings\HP_Propriétaire\Mes documents\Temp\svchost.exe
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file missing)
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [XDAeDh$vùõš/‚²‘ÆßfC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\blokhn.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [Winlogin] C:\Documents and Settings\HP_Propriétaire\Mes documents\Temp\svchost.exe
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
----------------------
en mode sans échec ( copier les instructions avant)
en ayant accés aux fichiers cachés
Démarrer =>Poste de travail =>Outils =>Options des dossiers =>Affichage
Cocher = Afficher les fichiers et dossiers cachés
Plus bas
Décocher =Masquer les extensions des fichiers dont le type est connu
Décocher =Masquer les fichiers protégés du système d'exploitation

Supprimer

svchost.exe ==> dans C:\Documents and Settings\HP_Propriétaire\Mes documents\Temp
YourSiteBar ==> dans C:\Program Files
SurfAccuracy ==> dans C:\Program Files
ISTsvc\ ==> dans C:\Program Files
License_Manager ==> dans C:\Program Files

faire
démarrer==> exécuter==> ecrire : services.msc
dans le tableau chercher Boonty...
double clic ==> désactiver==> arrêter==> ok

puis supprimer

BOONTY ==> dans C:\Program Files\Fichiers communs

j'ai lu vite , j'ai surement oublié des choses !!!

refaire un hijack

| Alerter

Répondre à mogadon

arnaud7

27 Juin 2006 13:16:19

voila la vlupar des truc que tu m'a demandé de faire etait deja fait sauf supprimer les fichier avec hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 15:14:38, on 27/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Larousse\EUL 2002\demo_xtras.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Larousse\EUL 2002\bin\hyperappel.exe
C:\Program Files\StarOffice7\program\soffice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Propriétaire\Mes documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.modulonet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.modulonet.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = France Télécom Câble
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Give4Free Plugin Installer - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - C:\Program Files\Give4Free Plugin\ibho.dll
O2 - BHO: (no name) - {6D6A6EF8-7CD9-42EE-9A68-5525C297E337} - C:\WINDOWS\system32\pmnlm.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\Justdo\Jd2002.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ydirector1] C:\Program Files\Larousse\EUL 2002\Shockwave_Installer_Full.exe /s
O4 - HKLM\..\Run: [zzzzzzzxtras] C:\Program Files\Larousse\EUL 2002\demo_xtras.exe
O4 - HKLM\..\Run: [ydirector2] C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\system32\Macromed\Flash\Swflash.ocx /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dialogoo] C:\Program Files\Dialogoo\Dialogoo.exe
O4 - HKLM\..\Run: [Easy-TV] C:\Program Files\Easy-TV\Easy-TV.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [XDAeDhKq4] C:\WINDOWS\blokhn.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [4d2877ac.exe] C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\4d2877ac.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hyperappel.lnk = C:\Program Files\Larousse\EUL 2002\bin\hyperappel.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.modulonet.fr
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - https://www.fnacmusic.com/telechargementFnacmusic/FnacC...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winubg32 - C:\WINDOWS\SYSTEM32\winubg32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

| Alerter

Répondre à arnaud7

rocket_270@IDN

27 Juin 2006 13:22:43

Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation

O2 - BHO: Give4Free Plugin Installer - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - C:\Program Files\Give4Free Plugin\ibho.dll
O2 - BHO: (no name) - {6D6A6EF8-7CD9-42EE-9A68-5525C297E337} - C:\WINDOWS\system32\pmnlm.dll (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Redémarre en mode sans échec, (en tapotant F8 au démarrage).
Assures-toi que tu as accès aux fichiers cachés.
-Explorateur windows->outils->options des dossiers->affichage
"Afficher les fichiers cachés"->coché
"Masquer les extensions.."->décoché
"Masquer les fichiers protégers du système"->décoché

Supprimes manuellement les fichiers suivants:
C:\WINDOWS\ALCXMNTR.EXE

Vide ta corbeille.
Redémarre ton pc.

Puis fais un scan avec panda et post le rapport

| Alerter

Répondre à rocket_270@IDN

arnaud7

27 Juin 2006 14:20:40

bon j'ai fait tout ca mais panda veu pas demarer alor je fait avec securiser.com

il n'a pas encor fini

ps: tout a l'heure j'ai eu encore une pub et en meme temp une alerte entivirus et il m'a affiché ou se trouvait le fichier qui contenait le virus
peut etre que si je le suprime en mode sans echec sa fonctionnera (en mode normal suprimer avec l'antivirus ca marche pas il reapparait tout le temps

| Alerter

Répondre à arnaud7

rocket_270@IDN

27 Juin 2006 14:22:25

si il te propose un lien pour telecharger un utilitaire antivirus fais ca.
1/ Télécharge Télécharge Smitfraudfix
Dézippe-le sur le Bureau.
Ouvre le dossier SmitfraudFix et lance SmitfraudFix.cmd
Choisis l'Option 1 (Recherche)
Si tu vois des lignes avec PRESENT! Continue

Redémarre en mode sans échec.
2/ Relance SmitfraudFix et choisis cette fois l’Option 2 et réponds oui à chaque question
Sauvegarde puis poste le rapport.

| Alerter

Répondre à rocket_270@IDN

mogadon

27 Juin 2006 14:26:26

pour le scan Panda = normal

incompatibilité Panda <=> Avast

il faut désactiver Avast

| Alerter

Répondre à mogadon

arnaud7

27 Juin 2006 20:52:27

voila je croi que mon ordi a plus rien ya rien qui c'est manifesté un grand merci a tous ceux qui mon aidé

c'était pas une mince a faire

ciao

ps si j'ai un autre problemme je saurait ou ,m'adresser

France 3 espagne 1

VIVE LA FRANCE :-D :-D

| Alerter

Répondre à arnaud7

rocket_270@IDN

27 Juin 2006 20:59:41

si tu n a plus de probleme et plus de question merci de rajouter [Resolu] au titre de ton sujet.

| Alerter

Répondre à rocket_270@IDN

Tom's guide dans le monde