J'ai cette saloperie qui apparait... un popup en anglais qui me dit que mon ordi n'est pas à l'abri des spywares... une fenêtre info s'ouvre... et il faut cliquer plusieyrs fois pour qu'elle disparaisse apres plusieurs messages... avec une infobulles en bas à droite avec ce message sur les spywares.
J'ai tout essayé... ad-aware, spybot, CwShreeder, a-squared... ils détectent des trojans, les effacent... mais ils reviennent au reboot.
J'ai même essayé HijackThis pour effacer les entrées dans le registre... rien à faire... cette merde résiste.
Je suis sous windows98.
Quelqu'un a-t-il un remède efficace ?
Autres précisions :
A chaque redémarrage j'ai la page about:blank sur mon IE qui s'affiche avec un espece de moteur de recherche avec un logo de windows.
Voici mes los avec HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 16:43:15, on 15/05/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\SYSXS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\SXGTKBAR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\RAM IDLE\RAMIDLE.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\IEYH32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\DOWNLOADS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\jtzkc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\jtzkc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\jtzkc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\jtzkc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\jtzkc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\jtzkc.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\jtzkc.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {846D64A6-CB52-BBEE-0DEE-0A8D17435524} - C:\WINDOWS\SYSTEM\MSYW.DLL
O3 - Toolbar: _AT_msdxmLC.dll,-1_AT_1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_3_16_0.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\RAM Idle\RAMIdle.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\PROGRAM FILES\ABBYY FINEREADER 7.0 PROFESSIONAL EDITION\ABBYYNEWSREADER.EXE"
O4 - HKLM\..\Run: [IEYH32.EXE] C:\WINDOWS\SYSTEM\IEYH32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [SYSXS.EXE] C:\WINDOWS\SYSTEM\SYSXS.EXE /s
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Write a Review... - [url="http://client.alexa.com/holiday/script/actions/review.htm"]http://client.alexa.
com/holiday/script/actions/review.htm[/url]
O8 - Extra context menu item: Shorten URL - [url="http://www.cjb.net/menuext.html"]http://www.cjb.net/menuext.html[/url]
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {44EFB53C-C965-43CF-9F45-52242D134187} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\Icq\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\Icq\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Erotic - {8E65B894-C2E9-11D5-BCD3-00E018987505} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Erotic - {8E65B894-C2E9-11D5-BCD3-00E018987509} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: xxx - {14051602-5C4E-11d6-916B-00E02964E8E3} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} (CFForm Runtime) - [url="http://www.eurobid.com/CFIDE/classes/CFJava.cab"]http://www.eurobid.com/CFIDE/classes/
CFJava.cab[/url]
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - [url="http://www.adverline.com/CFIDE/classes/CFJava.cab"]http://www.adverline.com/CFIDE/
classes/CFJava.cab[/url]
O16 - DPF: {CB3656E6-1677-4AA3-9C6A-C6F1D23DEDC3} - [url="http://www.coreba.com/downloads/cbaview.cab"]http://www.coreba.com/downloads/cbaview.
cab[/url]
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1) -
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} (CU LiveUpdate Control) - [url="https://www.cuworld.com/PIC/inner_pic/packages/liveupdate.cab"]https://www.cuworld.
com/PIC/inner_pic/packa.../liveupdate.cab[/url]
O16 - DPF: {8E65B894-C2E9-11D5-BCD3-00E018987509} - [url="http://09.sharedsource.org/cabs/notecasesfr.cab"]http://09.sharedsource.org/cabs/
notecasesfr.cab[/url]
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - [url="http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebiof5_3_16_0.cab"]
http://us.dl1.yimg.com/download.companion....iof5_3_16_0.cab[/url]
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - [url="http://www.cjb.net/search.cab"]http://www.cjb.net/search.cab[/url]
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - [url="http://secure2.comned.com/signuptemplates/AktiveSekurity.cab"]http://secure2.comned.
com/signuptemplates/AktiveSekurity.cab[/url]
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - [url="http://secure2.comned.com/signuptemplates/securelogin-devel.cab"]http://secure2.
comned.com/signuptemplates/...login-devel.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url="http://www.pandasoftware.com/activescan/as5/asinst.cab"]http://www.pandasoftware.
com/activescan/as5/asinst.cab[/url]
Haut
), ainsi que des pop-ups toutes les deux minutes...
