Se connecter / S'enregistrer
Votre question

svp aidez moi! comment débarrasser de Adware Reviews? [RÉSOLU]

Tags :
  • Adware
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Avril 2006 23:36:37

Bonjour,
SVP aidez moi!
Mon ordi est infecté avec Adware Reviews, et Norton Antivirus n'y peut rien. Norton n'est même pas capable de le détecter! Je ne connais pas beaucoup alors que dois-je faire pour m'en débarrasser?
J'ai lu quelques uns des messages postés, et voici le rapport de Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 17:28:50, on 2006-04-12
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\svchost.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\ATnotes\ATnotes.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\wupdmgr.exe
C:\WINNT\osaupd.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\enternet.exe
C:\WINNT\TEMP\1BF3.tmp
D:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUMENTS AND SETTINGS\TRAN KIM THANH\DESKTOP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homep...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [ATnotes.exe] D:\Program Files\ATnotes\ATnotes.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program Files\GetRight\getright.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = D:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x....
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-te...
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/i...
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload...
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.c...
O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} - http://www.webvdecor.com/app/WebVDSetUp.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/...
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility.com/installs/spamblo...
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A0F3DE0D-9308-4650-82A0-53F0C17D7D65} (Web2D Control) - http://www.webvdecor.com/app/WebVD.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.photolab.ca/fr/Photo/ImageUploader3.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab342...
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/s...
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/unskin/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab
O20 - Winlogon Notify: cdscsix3 - C:\WINNT\SYSTEM32\cdscsix3.dll
O20 - Winlogon Notify: directpt - C:\WINNT\SYSTEM32\directpt.dll
O20 - Winlogon Notify: Reliability - C:\WINNT\
O20 - Winlogon Notify: SensSrv - C:\WINNT\SYSTEM32\senssrv.dll
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\system32\nfbnnhdn.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\sxiwkdb.exe (file missing)

Merci merci merci infiniment de votre aide! Je vous serais tellement reconnaissante!

Kim

Autres pages sur : svp aidez debarrasser adware reviews resolu

12 Avril 2006 23:39:35

Bonsoir

Beaucoup de travail.

On commence.

* Télécharge
SmitfraudFix de S!Ri:
http://siri.urz.free.fr/Fix/SmitfraudFix.php
Tu le dézippes sur le Bureau.

Ewido
http://www.ewido.net/fr/download/
Tu l'installes et tu le mets à jour.

* Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1
Postes le rapport.

* Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarres l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuyes sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionnes le mode sans échec approprié et appuyes sur Entrée.

* Relances SmitfraudFix et choisis cette fois l’option 2 et réponds oui à tout.

* Lance Ewido. Fais un scan en mode complet.
Sauvegardes le rapport.

* Redémarres normalement et communiques le deuxième rapport de SmitfraudFix, celui d'Ewido avec un nouveau rapport Hijackthis.
13 Avril 2006 03:37:34

Merci beaucoup d'être venu en aide.

J'ai téléchargé Ewido sur mon Bureau, mais je n'ai pas réussi à l'installer. À chaque fois que ça arrive à l'étape où on choisit où l'installer, il y a une alerte d'erreur et la fenêtre d'installation disparaisse toute seule. Comment faire? Devrais-je sauter cette étape?

J'ai pu téléchargé SmitfraudFix, et voici le 1er rapport:

SmitFraudFix v2.29

Scan done at 21:34:41,95, mer. 2006-04-12
Run from C:\Documents and Settings\Tran Kim Thanh\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195]

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\country.exe FOUND !
C:\exit FOUND !
C:\secure32.html FOUND !
C:\tool1.exe FOUND !
C:\tool4.exe FOUND !
C:\toolbar.exe FOUND !
C:\uniq FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT

C:\WINNT\loadadv728.exe FOUND !
C:\WINNT\osaupd.exe FOUND !
C:\WINNT\uninstDsk.exe FOUND !
C:\WINNT\warnhp.html FOUND !
C:\WINNT\wupdmgr.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32

C:\WINNT\system32\amcompat.tlb FOUND !
C:\WINNT\system32\intell321.exe FOUND !
C:\WINNT\system32\nscompat.tlb FOUND !
C:\WINNT\system32\oleext.dll FOUND !
C:\WINNT\system32\parad.raw.exe FOUND !
C:\WINNT\system32\runsrv32.dll FOUND !
C:\WINNT\system32\runsrv32.exe FOUND !
C:\WINNT\system32\shell386.exe FOUND !
C:\WINNT\system32\tcpservice2.exe FOUND !
C:\WINNT\system32\txfdb32.dll FOUND !
C:\WINNT\system32\winapi32.dll FOUND !
C:\WINNT\system32\wstart.dll FOUND !
C:\WINNT\system32\zlbw.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tran Kim Thanh\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tran Kim Thanh\Favorites


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files

D:\Program Files\Common Files\VCClient\VCMain.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\WINNT\\warnhp.html"
"SubscribedURL"=""
"FriendlyName"="Desktop Uninstall"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

[HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Encore merci,
Kim
Contenus similaires
13 Avril 2006 17:48:24

Finalement, j'ai réussi à installer Ewido en mode sans échec, et revenir en mode normal pour pouvoir le mettre à jour comme tu as recommandé. Puis revenir en mode sans échec à nouveau et relancé SmithfraudFix une 3e fois:

(Rapport #2 message précédent)
Rapport SmitFraudFix #3
SmitFraudFix v2.29

Rapport fait à 22:36:32,01, mer. 2006-04-12
Executé à partir de C:\Documents and Settings\Tran Kim Thanh\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINNT\osaupd.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Fin

________________________________________________________________________________
J'ai lancé Ewido 2 fois également, et je pense avoir bien fait, parce que la deuxième fois, d'autres fichiers infectés ont été trouvés aussi. Voici les 2 rapports:

Rapport Ewido #1
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 23:00:10, 2006-04-12
+ Report-Checksum: CF960589

+ Scan result:

HKLM\SOFTWARE\Alexa Internet -> Adware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Classes\AlxTB.BHO -> Adware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\DailyToolbar.DLL -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\Bridge.brdg -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\DailyToolbar.IEBand -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\DailyToolbar.SysMgr -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\IEToolbar.AffiliateCtl -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\jao.jao -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\PopMenu.Menu -> Adware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Classes\Popup.PopupKiller -> Adware.Alexa : Cleaned with backup
HKLM\SOFTWARE\DailyToolbar -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e52dedbb-d168-4bdb-b229-c48160800e81} -> Hijacker.Generic : Cleaned with backup
HKLM\SOFTWARE\NIX Solutions -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\NIX Solutions\DailyToolbar -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\RespondMiter -> Adware.VX2 : Cleaned with backup
C:\315502.exe -> Trojan.Small : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\GLYR8DUJ\tt[1].exe -> Backdoor.Small.ko : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.365:C:\Documents and Settings\Tran Kim Thanh\Application Data\Mozilla\Firefox\Profiles\8w0naw3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Tran Kim Thanh\Application Data\Phoenix\Profiles\default\tcujfh4j.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Tran Kim Thanh\Application Data\Phoenix\Profiles\default\tcujfh4j.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Tran Kim Thanh\Application Data\Phoenix\Profiles\default\tcujfh4j.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Tran Kim Thanh\Application Data\Phoenix\Profiles\default\tcujfh4j.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Tran Kim Thanh\Application Data\Phoenix\Profiles\default\tcujfh4j.slt\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Tran Kim Thanh\Application Data\Phoenix\Profiles\default\tcujfh4j.slt\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\Tran Kim Thanh\Local Settings\Temp\Cookies\kthanh@a.tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Tran Kim Thanh\Local Settings\Temp\Cookies\kthanh@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Tran Kim Thanh\Local Settings\Temp\Cookies\kthanh@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\drsmartload45a.exe -> Downloader.Adload.an : Cleaned with backup
C:\windows\mousepad10.exe -> Hijacker.VB.ly : Cleaned with backup
C:\WINNT\CheckS02.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINNT\Downloaded Program Files\HbInstIE.dll -> Adware.HotBar : Cleaned with backup
C:\WINNT\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Cleaned with backup
C:\WINNT\errorhandler.exe -> Downloader.VB.nw : Cleaned with backup
C:\WINNT\system32\cdscsix3.dll -> Logger.Haxspy.v : Cleaned with backup
C:\WINNT\system32\cdscsix3r.sys -> Logger.Haxspy.v : Error during cleaning
C:\WINNT\system32\directprt.sys -> Logger.Haxspy.w : Error during cleaning
C:\WINNT\system32\directpt.dll -> Logger.Goldun.iy : Cleaned with backup
C:\WINNT\system32\senssrv.dll -> Downloader.Agent.afl : Cleaned with backup
C:\WINNT\Temp\1BF3.tmp -> Backdoor.Small.ko : Cleaned with backup
D:\Program Files\?icrosoft\?poolsv.exe -> Adware.PurityScan : Cleaned with backup


::Report End

Rapport Ewido #2
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 23:15:17, 2006-04-12
+ Report-Checksum: D8CB5866

+ Scan result:

C:\WINNT\system32\cdscsix3r.sys -> Logger.Haxspy.v : Cleaned with backup
C:\WINNT\system32\directprt.sys -> Logger.Haxspy.w : Cleaned with backup


::Report End

_______________________________________________________________________________
Et voici le nouveau rapport HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 23:24:35, on 2006-04-12
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\svchost.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\ATnotes\ATnotes.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\wupdmgr.exe
C:\WINNT\osaupd.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\enternet.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\Tran Kim Thanh\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [ATnotes.exe] D:\Program Files\ATnotes\ATnotes.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program Files\GetRight\getright.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = D:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x....
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-te...
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/i...
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload...
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.c...
O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} - http://www.webvdecor.com/app/WebVDSetUp.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/...
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility.com/installs/spamblo...
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A0F3DE0D-9308-4650-82A0-53F0C17D7D65} (Web2D Control) - http://www.webvdecor.com/app/WebVD.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.photolab.ca/fr/Photo/ImageUploader3.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab342...
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/s...
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/unskin/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab
O20 - Winlogon Notify: cdscsix3 - cdscsix3.dll (file missing)
O20 - Winlogon Notify: directpt - directpt.dll (file missing)
O20 - Winlogon Notify: Reliability - C:\WINNT\
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\system32\nfbnnhdn.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\sxiwkdb.exe (file missing)

Les icônes Adware Reviews réapparaissent toujours sur le Bureau, et 2 autres dans la barre des Tâches qui clignotent ces messages "hypocrites". J'ai hâte d'en venir à bout!

Merci tellement,
Kim
a b 8 Sécurité
13 Avril 2006 17:56:26

Bonjour,
Supprime Smitfraudfix on va recommencer il y a eu une erreur quelque part.
(prends le en farncais cette fois ;-) )

1/ Télécharge Smitfraudfix
Dézippe-le sur le Bureau.
Ouvre le dossier SmitfraudFix et lance SmitfraudFix.cmd
Choisis l'Option 1 (Recherche)
Si tu vois des lignes avec PRESENT! Continue

2/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)

Relance SmitfraudFix et choisis cette fois l’Option 2 et réponds oui à chaque question
Sauvegarde puis poste le rapport.

3/ Poste un rapport Hijackthis

13 Avril 2006 18:31:26

Merci Angeldark. J'ai fait ce que tu m'as recommandé. Voici le rapport SmithfraudFix et Hijackthis:

SmitFraudFix v2.29

Rapport fait à 12:31:33,07, jeu. 2006-04-13
Executé à partir de C:\Documents and Settings\Tran Kim Thanh\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINNT\osaupd.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Fin


Logfile of HijackThis v1.99.1
Scan saved at 12:38:40, on 2006-04-13
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\svchost.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
D:\Program Files\ATnotes\ATnotes.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\wupdmgr.exe
C:\WINNT\osaupd.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\enternet.exe
C:\Documents and Settings\Tran Kim Thanh\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [ATnotes.exe] D:\Program Files\ATnotes\ATnotes.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program Files\GetRight\getright.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = D:\Program Files\Quicken\bagent.exe
O4 - Global Startup: wupdmgr.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x....
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-te...
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/i...
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload...
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.c...
O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} - http://www.webvdecor.com/app/WebVDSetUp.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/...
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility.com/installs/spamblo...
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A0F3DE0D-9308-4650-82A0-53F0C17D7D65} (Web2D Control) - http://www.webvdecor.com/app/WebVD.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.photolab.ca/fr/Photo/ImageUploader3.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab342...
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/s...
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/unskin/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab
O20 - Winlogon Notify: cdscsix3 - cdscsix3.dll (file missing)
O20 - Winlogon Notify: directpt - directpt.dll (file missing)
O20 - Winlogon Notify: Reliability - C:\WINNT\
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\system32\nfbnnhdn.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\sxiwkdb.exe (file missing)

Les icônes me hantent toujours sur le Bureau et dans la zone de notification à côté de l'horloge. Je crois que je vais pleurer! ...mais je me retienne :) 
Merci
Kim
14 Avril 2006 00:12:11

Bonsoir

1 Télécharge CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.

3 Relance un scan HijackThis et coche les lignes ci-dessous :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = D:\Program Files\Quicken\bagent.exe
O4 - Global Startup: wupdmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x....
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-te...
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/i...
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload...
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.c...
O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} - http://www.webvdecor.com/app/WebVDSetUp.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/...
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility.com/installs/spamblo...
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A0F3DE0D-9308-4650-82A0-53F0C17D7D65} (Web2D Control) - http://www.webvdecor.com/app/WebVD.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.photolab.ca/fr/Photo/ImageUploader3.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab342...
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/s...
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/unskin/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab
O20 - Winlogon Notify: cdscsix3 - cdscsix3.dll (file missing)
O20 - Winlogon Notify: directpt - directpt.dll (file missing)
O20 - Winlogon Notify: Reliability - C:\WINNT\
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\system32\nfbnnhdn.dll (file missing)

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »

4 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer

5 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\WINNT\system32\dmonwv.dll
C:\WINNT\wupdmgr.exe

6 Lance le nettoyage avec CCleaner.

Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.

7 Redémarre normalement

8 Télécharger haxfix.exe
et sauvegarde le sur le bureau.


  • Double cliquer sur haxfix.exe pour installer haxfix. (l'installation standard est c:\program Files\haxfix)
  • Cocher "Create a desktop icon"
  • Cliquer "Next"
  • Quand l'installation est terminée, s'assurer que "Launch HaxFix" est coché
  • Cliquer "Finish"

    Une "fenêtre DOS" à fond rouge s'ouvre avec les options suivantes:
    1. Make logfile (créer un rapport)
    2. Run auto fix (lancer la réparation en mode automatique)
    3. Run manual fix (lancer la réparation en mode manuel)
    E. Exit Haxfix (quitter Haxfix)

  • Selectionner l'option 1. Make logfile en tapant 1 puis taper "Entrée"
  • Haxfix va analyser le système. Quand il a fini, un rapport s'ouvrira: haxlog.txt > (c:\haxlog.txt)

    Colle ce rapport ici.

    Ensuite.

  • Ouvrir le dossier C:\Program Files\haxfix et double-cliquer sur fix.bat
    (ou double-cliquer sur l'icone du bureau fix.bat )
  • Fermer toutes les autres fenêtres, car Haxfix re-démarerra le système.
  • Selectionner l'option 2. Run auto fix en tapant 2 puis "Entrée"

    si une infection est trouvée, Vous aurez un message demandant de fermer toutes les autres fenêtres ouvertes.

  • Fermer toutes les autres fenêtres sauf la fenêtre à fond rouge de haxfix puis taper "Entrée"
  • La machine sera re-démarrée
  • En fin de re-démarrage un rapport s'ouvrira > (c:\haxfix.txt)
  • Poster le contenu de ce rapport ainsi qu'un nouveau rapport HijackThis
    14 Avril 2006 05:28:07

    Bonsoir,

    Je ne sais pas si le mal est complétement nettoyé, je l'espère, mais je suis tellement contente et reconnaissante! Les icônes "hypocrites" ne réapparaissent plus dans le systray, et il n'y a plus d'icône d'Adware Reviews sur mon Bureau, ni de message d'alerte non sollicité! Merci mille et mille fois Chercheur PCA! et Darkangel aussi. Vous êtes tous les deux merveilleux!
    Kim

    Voici le rapport haxlog.txt:

    HAXFIX logfile - by Marckie
    --------------
    version 2.31
    jeu. 2006-04-13 23:31:23,32

    checking for ps.a3d....
    ps.a3d not found

    checking for p2s2.a3d....
    p2s2.a3d not found

    checking for matching notify keys....
    no matching notify keys found

    checking for matching services....
    matching services found
    Aspi32

    checking for matching safeboot services....
    no matching safeboot services found

    Et le dernier rapport de HijackThis:

    Logfile of HijackThis v1.99.1
    Scan saved at 23:51:01, on 2006-04-13
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec

    Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec

    Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\spoolsv.exe
    D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINNT\System32\svchost.exe
    D:\Program Files\ewido anti-malware\ewidoctrl.exe
    D:\Program Files\ewido anti-malware\ewidoguard.exe
    D:\Program Files\Norton Internet Security\Norton

    AntiVirus\navapsvc.exe
    D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\ASUS\Probe\AsusProb.exe
    D:\Program Files\ATI Technologies\ATI Control

    Panel\atiptaxx.exe
    D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    D:\Program Files\Logitech\iTouch\iTouch.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\Program Files\ATnotes\ATnotes.exe
    D:\Program Files\GetRight\getright.exe
    D:\Program Files\GetRight\getright.exe
    D:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\Security

    Console\NSCSRVCE.EXE
    D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\enternet.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINNT\system32\cmd.exe
    C:\WINNT\system32\notepad.exe
    C:\Documents and Settings\Tran Kim

    Thanh\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: bho2gr Class -

    {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program

    Files\GetRight\xx2gr.dll
    O2 - BHO: Norton Internet Security 2006 -

    {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program

    Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}

    - D:\Program Files\Norton Internet Security\Norton

    AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program

    Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI

    Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program

    Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA

    Corporation\NvMixer\NvMixerTray.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE

    TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program

    Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program

    Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common

    Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common

    Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKCU\..\Run: [ATnotes.exe] D:\Program

    Files\ATnotes\ATnotes.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program

    Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program

    Files\GetRight\getright.exe
    O8 - Extra context menu item: &Google Search -

    res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word -

    res://d:\program

    files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links -

    res://d:\program

    files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page -

    res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download with GetRight -

    D:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser -

    D:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Similar Pages - res://d:\program

    files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English -

    res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: PartyPoker.com -

    {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program

    Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com -

    {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program

    Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: Yahoo! Messenger -

    {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

    D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

    {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

    D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O23 - Service: Ati HotKey Poller - Unknown owner -

    C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner -

    C:\WINNT\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec

    Corporation - D:\Program

    Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec

    Corporation - C:\Program Files\Common Files\Symantec

    Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation

    (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton

    Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec

    Corporation - C:\Program Files\Common Files\Symantec

    Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

    Corporation - C:\Program Files\Common Files\Symantec

    Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation -

    D:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Logical Disk Manager Administrative Service

    (dmadmin) - VERITAS Software Corp. -

    C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks -

    D:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks -

    D:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) -

    Macrovision Corporation - C:\Program Files\Common

    Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - D:\Program

    Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation -

    D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service

    (navapsvc) - Symantec Corporation - D:\Program Files\Norton

    Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) -

    Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Pml Driver HPZ12 - HP -

    C:\WINNT\system32\HPZipm12.exe
    O23 - Service: PPPoE Service (PPPoEService) - Unknown owner -

    D:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec

    Corporation - D:\Program Files\Norton Internet Security\Norton

    AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) -

    Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec

    Corporation - C:\Program Files\Common Files\Symantec

    Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation -

    C:\Program Files\Common Files\Symantec

    Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Windows Overlay Components - Unknown owner -

    C:\WINNT\sxiwkdb.exe (file missing)

    14 Avril 2006 14:54:31

    Bonjour

    Il en reste un.

    Tu clique sur Démarrer puis Exécuter, tu tapes services.msc et tu cliques sur OK.

    Dans la liste des services, cherche et sélectionne
    "Windows Overlay Components" / double clique sur la ligne
    / vérifie dans Chemin d'accès des fichiers exécutables qu'il
    s'agit bien de "C:\WINNT\sxiwkdb.exe" / dans Type de démarrage,
    sélectionne Désactiver / valide la modification.

    Démarre le logiciel HijackThis.

    Clique sur > Config >Misc tools > delete a file on reboot.
    Entre ce chemin:

    C:\WINNT\sxiwkdb.exe

    Redémarre l'ordinateur.

    Fais une analyse antivirus en ligne sur Kaspersky
    http://webscanner.kaspersky.fr/

    Colle son rapport ici.
    15 Avril 2006 05:04:43

    Bonsoir,
    J'ai fait une analyse en ligne sur Kaspersky tel que recommandé. On dirait que j'ai encore beaucoup de virus!

    Voici le rapport d'analyse sur Kaspersky:

    KASPERSKY ON-LINE SCANNER - RAPPORT
    vendredi 14 avril 2006 23:12:41
    Système d'exploitation : Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
    Version de Kaspersky On-line Scanner: 5.0.78.0
    Dernière mise à jour de la base antivirus Kaspersky : 15/04/2006
    Enregistrements dans la base antivirus Kaspersky : 176778
    Paramètres d'analyse
    Analyser avec la base antivirus suivante standard
    Analyser les archives vrai
    Analyser les bases de messagerie. vrai
    Cible de l'analyse Dossiers
    C:\
    D:\
    Statistiques de l'analyse
    Total d'objets analysés : 43676
    Nombre de virus trouvés 37
    Nombre d'objets infectés 101
    Nombre d'objets suspects 0
    Durée de l'analyse 00:28:47

    Nom de l'objet infecté Nom du virus Dernière action
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02BF0F47.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02C31282.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02C63C7F.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02E66813.exe Infecté: Trojan-Dropper.Win32.VB.kk ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03BA20B0.tmp Infecté: SpamTool.Win32.Agent.e ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07D96B33.dll Infecté: Virus.Win32.Nsag.b ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07EA3D21.dll Infecté: Trojan-Proxy.Win32.Wopla.s ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07EA3D21.exe Infecté: Trojan-PSW.Win32.Sinowal.d ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07ED671E.exe Infecté: Backdoor.Win32.Agent.xb ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07ED671E.tmp Infecté: SpamTool.Win32.Agent.e ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07F0111A.tmp Infecté: SpamTool.Win32.Agent.e ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08242DD9.exe Infecté: Trojan-Downloader.Win32.TSUpdate.o ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D52472E.exe Infecté: Trojan.Win32.StartPage.adi ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F3B0838.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F3E3235.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F415C31.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11AD76C4.exe Infecté: Trojan-Downloader.Win32.Qoologic.bj ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\120B385B.exe Infecté: Trojan.Win32.VB.tg ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12405822.EXE Infecté: Trojan-Clicker.Win32.VB.ly ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14825FA6.exe Infecté: Trojan-Downloader.Win32.TSUpdate.p ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\179A77DD.exe Infecté: Trojan-Downloader.Win32.VB.tw ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A3C5544.exe Infecté: Trojan.Win32.VB.tg ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AE5483E.exe Infecté: Trojan-Downloader.Win32.Adload.ae ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BA26ADB.exe/data0002/data0006 Infecté: Trojan-Dropper.Win32.VB.kk ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BA26ADB.exe/data0002 Infecté: Trojan-Dropper.Win32.VB.kk ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BA26ADB.exe NSIS: infecté - 2 ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BA26ADB.exe CryptFF: infecté - 2 ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BA514D7.exe Infecté: Trojan-Downloader.Win32.Dyfuca.ei ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C5650A8.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C597AA4.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D9C3741.tmp Infecté: Backdoor.Win32.Rbot.adf ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA0613D.tmp Infecté: Trojan-Downloader.Win32.Small.cpp ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA30B39.tmp Infecté: Packed.Win32.Tibs ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E160B1B.zip/Matrix.class Infecté: Trojan-Downloader.Java.OpenStream.c ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E160B1B.zip ZIP: infecté - 1 ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E160B1B.zip CryptFF: infecté - 1 ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21042BC4.exe/data0002 Infecté: Trojan-Downloader.Win32.VB.tw ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21042BC4.exe/data0003 Infecté: Trojan.Win32.VB.tg ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21042BC4.exe/data0006 Infecté: Trojan.Win32.VB.tg ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21042BC4.exe/data0007 Infecté: Trojan.Win32.VB.tg ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21042BC4.exe NSIS: infecté - 4 ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21042BC4.exe CryptFF: infecté - 4 ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2330257E.exe/data0002 Infecté: Trojan-Clicker.Win32.Small.jf ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2330257E.exe NSIS: infecté - 1 ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2330257E.exe CryptFF: infecté - 1 ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\233A2373.exe Infecté: Trojan-Downloader.Win32.Small.buy ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24487DE9.exe Infecté: Trojan-PSW.Win32.Sinowal.d ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\247A3613.exe Infecté: Trojan-Dropper.Win32.Agent.aie ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24810A0B.exe/data0002 Infecté: Trojan-Clicker.Win32.Small.jf ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24810A0B.exe NSIS: infecté - 1 ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24810A0B.exe CryptFF: infecté - 1 ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24E80739.dll Infecté: Trojan-PSW.Win32.Sinowal.d ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24EB3135.dll Infecté: Trojan-PSW.Win32.Sinowal.d ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25920E7E.exe Infecté: Trojan-Clicker.Win32.Small.kr ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\259924D6.dll Infecté: Trojan-Clicker.Win32.Small.jf ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\259C0C73.exe Infecté: Trojan-Dropper.Win32.Agent.aie ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25DB6C8E.dll Infecté: Trojan.Win32.Dialer.fu ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26B8513B.dll Infecté: Trojan-Clicker.Win32.Small.jf ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26CD1C66.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27F67C3E.exe Infecté: Trojan-Downloader.Win32.VB.nw ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28BB19EA.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28F05AC9.exe Infecté: Trojan-Downloader.Win32.VB.nw ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28F72EC2.exe Infecté: Packed.Win32.Tibs ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\298D3A1D.dll Infecté: Backdoor.Win32.Agent.xb ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A58279E.exe Infecté: Trojan.Win32.VB.tg ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A603738.exe Infecté: Trojan.Win32.VB.tg ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AB37CD9.exe Infecté: Trojan-Proxy.Win32.Wopla.r ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AF44492.exe Infecté: Backdoor.Win32.Rbot.adf ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AF76E8E.dll Infecté: Trojan-Proxy.Win32.Lager.aq ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B775402.exe Infecté: Trojan.Win32.VB.tg ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E9458C5.exe Infecté: Trojan-Downloader.Win32.Adload.af ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EC63220.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33277EBB.exe Infecté: Trojan-Downloader.Win32.Tiny.al ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B211475.exe/data0002 Infecté: Trojan-Clicker.Win32.Small.jf ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B211475.exe NSIS: infecté - 1 ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B211475.exe CryptFF: infecté - 1 ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CBD2760.exe/WISE0009.BIN Infecté: Trojan-Downloader.Win32.TSUpdate.n ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CBD2760.exe/WISE0010.BIN Infecté: Trojan-Downloader.Win32.TSUpdate.p ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CBD2760.exe/WISE0011.BIN Infecté: Trojan-Downloader.Win32.TSUpdate.l ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CBD2760.exe/WISE0012.BIN Infecté: Trojan-Downloader.Win32.TSUpdate.f ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CBD2760.exe WiseSFX: infecté - 4 ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CBD2760.exe CryptFF: infecté - 4 ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C991A68.exe Infecté: Trojan-Clicker.Win32.VB.ij ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4CA96C56.exe Infecté: Trojan-Clicker.Win32.VB.ij ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\613E48D3.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\614272D0.tmp Infecté: Email-Flooder.Win32.Labean.b ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68FE5421.tmp Infecté: Trojan-Spy.Win32.Small.ak ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F9739DA.exe Infecté: Trojan-Downloader.Win32.Dyfuca.ei ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\718C2B65.exe Infecté: Trojan-Downloader.Win32.Dyfuca.ei ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\757E4298.exe Infecté: Trojan-Downloader.Win32.Qoologic.bj ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7838298B.tmp Infecté: SpamTool.Win32.Agent.e ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\783B5387.tmp Infecté: SpamTool.Win32.Agent.e ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\783E7D84.tmp Infecté: SpamTool.Win32.Agent.e ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79917D4C.exe Infecté: Trojan-Clicker.Win32.VB.ij ignoré
    C:\Program Files\secure32.html Infecté: Trojan.Win32.Harnig.a ignoré
    C:\WINNT\pf78bb.exe/data0002 Infecté: Trojan-Downloader.Win32.VB.tw ignoré
    C:\WINNT\pf78bb.exe/data0003 Infecté: Trojan.Win32.VB.tg ignoré
    C:\WINNT\pf78bb.exe/data0006 Infecté: Trojan.Win32.VB.tg ignoré
    C:\WINNT\pf78bb.exe/data0007 Infecté: Trojan.Win32.VB.tg ignoré
    C:\WINNT\pf78bb.exe NSIS: infecté - 4 ignoré
    C:\WINNT\system32\winsrv32.exe Infecté: not-virus:Hoax.Win32.Renos.cl ignoré
    Analyse terminée.

    Que fait donc Norton Antivirus? Mon cauchemar n'est donc pas fini?

    Kim
    15 Avril 2006 13:14:25

    Je ne suis pas sur mais installez kaspersky antivirus 5.0, programmez pour les bases antivirus étendues et faites un scan.
    a b 8 Sécurité
    15 Avril 2006 13:19:08

    Bonjour,
    Redemarre en mode sans echec puis supprime

    C:\Program Files\secure32.html
    C:\WINNT\pf78bb.exe
    C:\WINNT\system32\winsrv32.exe

    Vide ce dossier

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine
    15 Avril 2006 18:52:07

    Bonjour,
    J'ai vidé le dossier Quarantine de Norton et supprimé les fichiers infectés dans C:\ comme recommandé.

    Et j'ai refait une analyse en ligne avec Kaspersky. Tout est parfait, ça m'a donné un rapport vide! Et j'ai fait un scan avec Ewido qui est encore sur mon ordi, seulement 1 infection est détecté et c'est enlevé.

    Devrais-je faire autres chose pour m'assurer que tout est propre? Merci.
    Kim
    a b 8 Sécurité
    15 Avril 2006 19:38:16

    Tu peux toujours faire un scan en ligne chez Panda
    Meme procedure + rapport Panda
    15 Avril 2006 20:48:23

    Rebonjour,

    J'ai fait un scan en ligne sur Panda. D'autres spyware ont été trouvés, je me demande d'où renouvellent-ils sans arrêt? Devrais-je les effacer manuellement?

    Voici le rapport de Panda


    Incident Status Location

    Dialer:D ialer.GQK Not disinfected C:\Documents and Settings\Tran Kim Thanh\Desktop\backups\backup-20060413-230645-375.inf
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Tran Kim Thanh\Desktop\SmitfraudFix\Process.exe
    Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Distribution.dll.045
    Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Music.dll.022
    Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Windows.dll.072
    Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.041
    Adware:adware/btgrab Not disinfected C:\WINNT\BTGrab.dll
    Adware:adware/deskwizz Not disinfected C:\WINNT\dh.ini
    Adware:adware/transponder Not disinfected C:\WINNT\dlmax.dll
    Adware:Adware/AzeSearch Not disinfected C:\WINNT\Downloaded Program Files\azesearch.inf
    Adware:adware/ieplugin Not disinfected C:\WINNT\kwv2.dat
    Adware:adware/adwaresheriff Not disinfected C:\WINNT\osaupd.exe
    Spyware:spyware/betterinet Not disinfected C:\WINNT\susp.exe
    Adware:adware/superspider Not disinfected C:\WINNT\system32\a.exe
    Adware:adware/alexa-toolbar Not disinfected C:\WINNT\system32\alxres.dll
    Adware:adware/azesearch Not disinfected C:\WINNT\system32\azebar.xml
    Spyware:spyware/bridge Not disinfected C:\WINNT\system32\bridge.dll
    Adware:adware/dailytoolbar Not disinfected C:\WINNT\system32\dailytoolbar.dll
    Adware:adware/wupd Not disinfected C:\WINNT\system32\ide21201.vxd

    Merci beaucoup,
    Kim
    16 Avril 2006 18:40:44

    Merci beaucoup à Angeldark et Chercheur PCA de m'avoir tant aidé pour débarrasser de Adware Reviews.

    Il y a toujours d'autres adwares (moins exaspérants cependant) qui entrent dans mon ordi par je ne sais où et comment, mais je pense pouvoir régler leurs comptes :)  Si je n'y arrive pas je reviendrai certainement demander de l'aide encore!

    Merci tellement et infiniment!
    Kim
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS