Bonjour,
J'ai encore un problème de pubs intempestives sur un pc partagé à plusieurs, vieux, pas super stable et sur lequel on trouve plein de vieux logiciel qui n'ont plus d'utilité ou qui sont mal désinstallés ...
LA GALERE QUOI et comme je n'ai pas le temps de le nettoyé je voudrais déjà arrêté ces spyware.
J'avais déjà posté un message pour le même problème sur un pc en windows xp mais j'ai essayé la même manip pour windows 98 et LA RIEN ça ne marche pas
HELP I NEED SOME BODY, HELP, ....
Merci d'avance
Voici le log hijackthis (etoui il est super long vu que c'est le boxon dans le pc !!!):
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:03:00, on 08/06/2007
Platform: Windows 98 SE (Win9x 4.10.2222A)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\PROGRAM FILES\REALVNC\VNC4\WINVNC4.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SCARDSVR.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\GEMPLUS\CERTREG\CERTREG.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\D-TOOLS\DAEMON.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\NO-IP\DUC20.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\PROGRAM FILES\KEIRNET\K9\K9.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\GEMPLUS\TOKEN API\CARDSERVER.DLL
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\ACRRIZUYPW.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\BUREAU\VINCENT\HIJACKTHIS_V2.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goolge.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTRAY.EXE
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\SYSTEM\gemstrmw.exe /r
O4 - HKLM\..\Run: [CertReg] C:\Program Files\Fichiers communs\Gemplus\CertReg\certreg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [acrrizuypw] c:\windows\system\acrrizuypw.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\FICHIE~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\DEFWATCH.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\RTVSCN95.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [gemstrmw] C:\WINDOWS\SYSTEM\gemstrmw.exe /s
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [WinVNC4] "C:\PROGRAM FILES\REALVNC\VNC4\WINVNC4.EXE" -noconsole -service
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1071.dll,InstantAccess
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Instant Access] rundll32.exe EGACCESS4_1071.dll,InstantAccess (User 'Default user')
O4 - .DEFAULT Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe (User 'Default user')
O4 - .DEFAULT Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE (User 'Default user')
O4 - .DEFAULT Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (User 'Default user')
O4 - .DEFAULT Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system\pws2dnet.wsp
O10 - Unknown file in Winsock LSP: c:\windows\system\pws2dnet.wsp
O10 - Unknown file in Winsock LSP: c:\windows\system\pws2dnet.wsp
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O16 - DPF: {08F04139-8DFC-11D2-80E9-006008B066EE} (ConfigChkr Class) - https://paiements.click-and-trust.com/cab/vscnfchk.cab
O16 - DPF: JPM Sign - https://www.vialink.fr/signatureSafe/jsp/sign.cab
O16 - DPF: {A06BE318-C096-11D4-964F-0010A4D06F69} (TeleTVA Control) - https://tva.dgi.minefi.gouv.fr/activeX/TeleTVA.tva
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR.cab
O16 - DPF: {C660C559-903D-41A5-991B-ED7959096C35} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1070.cab
O16 - DPF: {413E282B-C32A-4717-A0F3-4F2E6FE25F83} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1071.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = neurrisse
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 80.10.246.130,80.10.246.3
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SYSTEM\BROWSEUI.DLL
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SYSTEM\BROWSEUI.DLL
