Virus?
Dernière réponse : dans Sécurité
salut j'ai un problème avec mon ordi, j'ai été sur un site de crack (j'sai c'est pas bien :s) et mon fond d'ecran a chengé, ça donne un fond noir avec ce texte :
WARNING!
YOU'RE IN DANGER!
ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK. WHEN YOU VISIT SITES, SEND EMAILS... ALL YOUR ACTIONS ARE LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDARD TOOLS. YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN SOME CASES FOR YOUR BOSS, YOUR FRIENDS, YOUR WIFE, YOUR CHILDREN.
Every site you or somebody or even something, like spyware, opened in your browser, with all images, and all downloaded and maybe later removed movies or mp3 songs - ARE STILL THERE and could broke your life!
SECURE YOURSELF RIGHT NOW!
REMOVE ALL SPYWARE FROM YOUR PC!
Removal instructions
et dès que je clique dessus, une page internet s'ouvre avec un site de téléchargement d'anti-virus... de plus un icône est installé dans ma barre d'outil disant que mon ordi est infecté mais je n'arrive pas a retirer ce bouton. Une barre de recherche s'est aussi installé sur les pages internet (azesearch) et tous les sites ou je vais contiennent des publivités.
Merci pour votre aide a+
:saipa::saipa::saipa::saipa:
WARNING!
YOU'RE IN DANGER!
ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK. WHEN YOU VISIT SITES, SEND EMAILS... ALL YOUR ACTIONS ARE LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDARD TOOLS. YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN SOME CASES FOR YOUR BOSS, YOUR FRIENDS, YOUR WIFE, YOUR CHILDREN.
Every site you or somebody or even something, like spyware, opened in your browser, with all images, and all downloaded and maybe later removed movies or mp3 songs - ARE STILL THERE and could broke your life!
SECURE YOURSELF RIGHT NOW!
REMOVE ALL SPYWARE FROM YOUR PC!
Removal instructions
et dès que je clique dessus, une page internet s'ouvre avec un site de téléchargement d'anti-virus... de plus un icône est installé dans ma barre d'outil disant que mon ordi est infecté mais je n'arrive pas a retirer ce bouton. Une barre de recherche s'est aussi installé sur les pages internet (azesearch) et tous les sites ou je vais contiennent des publivités.
Merci pour votre aide a+
:saipa::saipa::saipa::saipa:
Autres pages sur : virus
Lassé par la pub ? Créez un compte
Citation :
le_psycologue a écrit :
essaye un anti spy (celui de microsoft est super : microsoft antispyware 1 béta sinon ad-aware ou encore spybot).
essaye sinon de faire un scan avec ton anti virus (si tu n'en as pas je te conseille le freeware : avast ou le payant norton).
bonne chance
merci mais comme j'ai dis plus haut, j'ai déjà fais tout ça...
Bonjour
Tu as un méchant.
Télécharge HijackThis v1.99.1
http://www.merijn.org/files/hijackthis.zip
Tutorial
http://sitethemacs.free.fr/aide_enregistrement_de_hijackthi.htm
Fais un scan et poste l'analyse ici.
Tu as un méchant.
Télécharge HijackThis v1.99.1
http://www.merijn.org/files/hijackthis.zip
Tutorial
http://sitethemacs.free.fr/aide_enregistrement_de_hijackthi.htm
Fais un scan et poste l'analyse ici.
Logfile of HijackThis v1.99.1
Scan saved at 17:47:13, on 23/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINNT\switpa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\hookdump.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
C:\WINNT\system32\LVComS.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jonathan\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 213.219.251.78 www.google.com
O1 - Hosts: 213.219.251.78 google.com
O1 - Hosts: 213.219.251.78 www.google.co.uk
O1 - Hosts: 213.219.251.78 google.co.uk
O1 - Hosts: 213.219.251.78 www.google.ca
O1 - Hosts: 213.219.251.78 google.ca
O1 - Hosts: 213.219.251.78 www.google.es
O1 - Hosts: 213.219.251.78 google.es
O1 - Hosts: 213.219.251.78 www.google.de
O1 - Hosts: 213.219.251.78 google.de
O1 - Hosts: 213.219.251.78 www.google.fr
O1 - Hosts: 213.219.251.78 google.fr
O1 - Hosts: 213.219.251.78 www.google.com.au
O1 - Hosts: 213.219.251.78 google.com.au
O1 - Hosts: 213.219.251.79 www.yahoo.com
O1 - Hosts: 213.219.251.79 yahoo.com
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 213.219.251.80 www.msn.com
O1 - Hosts: 213.219.251.80 msn.com
O1 - Hosts: 213.219.251.80 search.msn.com
O1 - Hosts: 213.219.251.80 www.search.msn.com
O1 - Hosts: 213.219.251.80 go.com
O1 - Hosts: 213.219.251.80 www.go.com
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\system32\azesearch4.ocx
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINNT\system32\azesearch4.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [lir] C:\WINNT\lir.exe
O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [Windows Update] scvhost.exe
O4 - HKLM\..\Run: [System Update] wuscv32.exe
O4 - HKLM\..\Run: [Internet Suspention] story.exe
O4 - HKLM\..\Run: [Microsoft Opeions] IEXwe.exe
O4 - HKLM\..\Run: [Jufualt] jxx2.exe
O4 - HKLM\..\Run: [WINRUN] svchost32.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [switp] C:\WINNT\switpa.exe
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - HKLM\..\RunServices: [System Update] wuscv32.exe
O4 - HKLM\..\RunServices: [Internet Suspention] story.exe
O4 - HKLM\..\RunServices: [Microsoft Opeions] IEXwe.exe
O4 - HKLM\..\RunServices: [WINRUN] svchost32.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Intel system tool] C:\WINNT\system32\hookdump.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://encyclo.voila.fr/JS/tdserver.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/b...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/A...
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/...
O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) - http://www.slotchbar.com/ist/softwares/v4.0/protect_reg...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://11731.kit.carpediem.fr/FanBritneyVideo.exe
O16 - DPF: {B467A3AF-E45B-4B1B-9983-C035D988FB0F} (VacPro.belgio_ver10) - http://advnt01.com/dialer/belgio_ver10.CAB
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/play...
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04A40C05-3A82-4FDE-9D60-68F2307FE219}: NameServer = 62.235.14.4 62.235.13.199
O17 - HKLM\System\CS1\Services\Tcpip\..\{04A40C05-3A82-4FDE-9D60-68F2307FE219}: NameServer = 62.235.14.4 62.235.13.199
O18 - Protocol: bw+0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Fax Service (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINNT\system32\angelex.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINNT\System32\rsvp.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Scan saved at 17:47:13, on 23/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINNT\switpa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\hookdump.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
C:\WINNT\system32\LVComS.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jonathan\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 213.219.251.78 www.google.com
O1 - Hosts: 213.219.251.78 google.com
O1 - Hosts: 213.219.251.78 www.google.co.uk
O1 - Hosts: 213.219.251.78 google.co.uk
O1 - Hosts: 213.219.251.78 www.google.ca
O1 - Hosts: 213.219.251.78 google.ca
O1 - Hosts: 213.219.251.78 www.google.es
O1 - Hosts: 213.219.251.78 google.es
O1 - Hosts: 213.219.251.78 www.google.de
O1 - Hosts: 213.219.251.78 google.de
O1 - Hosts: 213.219.251.78 www.google.fr
O1 - Hosts: 213.219.251.78 google.fr
O1 - Hosts: 213.219.251.78 www.google.com.au
O1 - Hosts: 213.219.251.78 google.com.au
O1 - Hosts: 213.219.251.79 www.yahoo.com
O1 - Hosts: 213.219.251.79 yahoo.com
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 213.219.251.80 www.msn.com
O1 - Hosts: 213.219.251.80 msn.com
O1 - Hosts: 213.219.251.80 search.msn.com
O1 - Hosts: 213.219.251.80 www.search.msn.com
O1 - Hosts: 213.219.251.80 go.com
O1 - Hosts: 213.219.251.80 www.go.com
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\system32\azesearch4.ocx
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINNT\system32\azesearch4.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [lir] C:\WINNT\lir.exe
O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [Windows Update] scvhost.exe
O4 - HKLM\..\Run: [System Update] wuscv32.exe
O4 - HKLM\..\Run: [Internet Suspention] story.exe
O4 - HKLM\..\Run: [Microsoft Opeions] IEXwe.exe
O4 - HKLM\..\Run: [Jufualt] jxx2.exe
O4 - HKLM\..\Run: [WINRUN] svchost32.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [switp] C:\WINNT\switpa.exe
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - HKLM\..\RunServices: [System Update] wuscv32.exe
O4 - HKLM\..\RunServices: [Internet Suspention] story.exe
O4 - HKLM\..\RunServices: [Microsoft Opeions] IEXwe.exe
O4 - HKLM\..\RunServices: [WINRUN] svchost32.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Intel system tool] C:\WINNT\system32\hookdump.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://encyclo.voila.fr/JS/tdserver.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/b...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/A...
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/...
O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) - http://www.slotchbar.com/ist/softwares/v4.0/protect_reg...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://11731.kit.carpediem.fr/FanBritneyVideo.exe
O16 - DPF: {B467A3AF-E45B-4B1B-9983-C035D988FB0F} (VacPro.belgio_ver10) - http://advnt01.com/dialer/belgio_ver10.CAB
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/play...
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04A40C05-3A82-4FDE-9D60-68F2307FE219}: NameServer = 62.235.14.4 62.235.13.199
O17 - HKLM\System\CS1\Services\Tcpip\..\{04A40C05-3A82-4FDE-9D60-68F2307FE219}: NameServer = 62.235.14.4 62.235.13.199
O18 - Protocol: bw+0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {74AACFB5-2DFD-4E13-A226-7AAF9BCE9732} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Fax Service (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINNT\system32\angelex.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINNT\System32\rsvp.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Re, belles infections
1 Télécharge les outils suivants:
LSPfix
http://www.cexx.org/lspfix.htm
DelDomain.inf
http://www.mvps.org/winhelp2002/restricted.htm
clic droit / Enregistrer la cible sous... Mettre sur le bureau.
CCleaner
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
Hoster
http://www.funkytoad.com/download/hoster.zip
Ensuite, tu le dézippes sur ton bureau.
Smitfraud.reg
http://www.bleepingcomputer.com/files/reg/smitfraud.reg
Enregistre ce fichier sur ton bureau
IMPORTANT:
A partir de maintenant, tu fais toutes les corrections HORS CONNEXION. Imprime cette page.
2 Lances LSPfix et agrandis la fenêtre qui, par défaut, est trop petite et fait apparaître les ascenseurs horizontaux et verticaux, masquant un bouton.
Déconnecte toi d'Internet et ferme toutes les instances (fenêtres) Internet Explorer.
Coche la case "I know what I'm doing" ("Je sais ce que je fais").
Sélectionne toutes les instances des dll suivantes
aklsp.dll
et fais les glisser du panneau de gauche, appelé "keep" au panneau de droite, appelé "Remove".
Clique sur le bouton "Finish".
3 Désinstalle via Ajout/suppression des programmes du panneau de configuration, les programmes suivants (si tu les trouves):
QuickSearch
VBouncer
Daily Weather Forecast
AntivirusGold
4 Double-clique sur Smitfraud.reg et clique sur Oui lorsqu'on te demande confirmation pour Fusionner.
Lorsque tu reçois un message du bon déroulement, supprime le fichier smitfraud.reg
5 Redémarre en mode sans echec Rémarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuye sur Entrée.
6 Relance un scan HijackThis et coche les lignes ci-dessous :
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 213.219.251.78 www.google.com
O1 - Hosts: 213.219.251.78 google.com
O1 - Hosts: 213.219.251.78 www.google.co.uk
O1 - Hosts: 213.219.251.78 google.co.uk
O1 - Hosts: 213.219.251.78 www.google.ca
O1 - Hosts: 213.219.251.78 google.ca
O1 - Hosts: 213.219.251.78 www.google.es
O1 - Hosts: 213.219.251.78 google.es
O1 - Hosts: 213.219.251.78 www.google.de
O1 - Hosts: 213.219.251.78 google.de
O1 - Hosts: 213.219.251.78 www.google.fr
O1 - Hosts: 213.219.251.78 google.fr
O1 - Hosts: 213.219.251.78 www.google.com.au
O1 - Hosts: 213.219.251.78 google.com.au
O1 - Hosts: 213.219.251.79 www.yahoo.com
O1 - Hosts: 213.219.251.79 yahoo.com
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 213.219.251.80 www.msn.com
O1 - Hosts: 213.219.251.80 msn.com
O1 - Hosts: 213.219.251.80 search.msn.com
O1 - Hosts: 213.219.251.80 www.search.msn.com
O1 - Hosts: 213.219.251.80 go.com
O1 - Hosts: 213.219.251.80 www.go.com
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\system32\azesearch4.ocx
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINNT\system32\azesearch4.ocx
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [lir] C:\WINNT\lir.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [Windows Update] scvhost.exe
O4 - HKLM\..\Run: [System Update] wuscv32.exe
O4 - HKLM\..\Run: [Internet Suspention] story.exe
O4 - HKLM\..\Run: [Microsoft Opeions] IEXwe.exe
O4 - HKLM\..\Run: [Jufualt] jxx2.exe
O4 - HKLM\..\Run: [WINRUN] svchost32.exe
O4 - HKLM\..\Run: [switp] C:\WINNT\switpa.exe
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - HKLM\..\RunServices: [System Update] wuscv32.exe
O4 - HKLM\..\RunServices: [Internet Suspention] story.exe
O4 - HKLM\..\RunServices: [Microsoft Opeions] IEXwe.exe
O4 - HKLM\..\RunServices: [WINRUN] svchost32.exed
O4 - HKCU\..\Run: [Intel system tool] C:\WINNT\system32\hookdump.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/b...
O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) - http://www.slotchbar.com/ist/softwares/v4.0/protect_reg...
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://11731.kit.carpediem.fr/FanBritneyVideo.exe
O16 - DPF: {B467A3AF-E45B-4B1B-9983-C035D988FB0F} (VacPro.belgio_ver10) - http://advnt01.com/dialer/belgio_ver10.CAB
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/play...
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O23 - Service: ISEXEng - Unknown owner - C:\WINNT\system32\angelex.exe (file missing)
Ferme toutes les fenêtres Internet Explorer, Outlook Express sauf Hijackthis,puis clique sur Fix checked
7 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer
8 Supprime les dossiers suivants (si tu les trouves):
C:\Program Files\QuickSearch
C:\Program Files\VBouncer
C:\Program Files\Daily Weather Forecast
C:\Program Files\AntivirusGold
C:\WINNT\lir.exe
C:\WINNT\switpa.exe
C:\WINNT\system32\iasada.dll
C:\WINNT\system32\angelex.exe
C:\WINNT\system32\azesearch4.ocx
C:\WINNT\system32\hookdump.exe
scvhost.exe --> Fais une recherche sur l'ordinateur(ATTENTION à l'orthographe)
wuscv32.exe --> Fais une recherche sur l'ordinateur
story.exe --> Fais une recherche sur l'ordinateur
IEXwe.exe --> Fais une recherche sur l'ordinateur
jxx2.exe --> Fais une recherche sur l'ordinateur
svchost32.exe --> Fais une recherche sur l'ordinateur
9 Lance Hoster - Toadbee et clique sur " Restore original Hosts "
10 Fais un clic droit le fichier Del_Domains.inf -->Installer
121 Lance et exécute CCleaner
12 Redémarre et poste un nouveau rapport hijackthis.
1 Télécharge les outils suivants:
LSPfix
http://www.cexx.org/lspfix.htm
DelDomain.inf
http://www.mvps.org/winhelp2002/restricted.htm
clic droit / Enregistrer la cible sous... Mettre sur le bureau.
CCleaner
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
Hoster
http://www.funkytoad.com/download/hoster.zip
Ensuite, tu le dézippes sur ton bureau.
Smitfraud.reg
http://www.bleepingcomputer.com/files/reg/smitfraud.reg
Enregistre ce fichier sur ton bureau
IMPORTANT:
A partir de maintenant, tu fais toutes les corrections HORS CONNEXION. Imprime cette page.
2 Lances LSPfix et agrandis la fenêtre qui, par défaut, est trop petite et fait apparaître les ascenseurs horizontaux et verticaux, masquant un bouton.
Déconnecte toi d'Internet et ferme toutes les instances (fenêtres) Internet Explorer.
Coche la case "I know what I'm doing" ("Je sais ce que je fais").
Sélectionne toutes les instances des dll suivantes
aklsp.dll
et fais les glisser du panneau de gauche, appelé "keep" au panneau de droite, appelé "Remove".
Clique sur le bouton "Finish".
3 Désinstalle via Ajout/suppression des programmes du panneau de configuration, les programmes suivants (si tu les trouves):
QuickSearch
VBouncer
Daily Weather Forecast
AntivirusGold
4 Double-clique sur Smitfraud.reg et clique sur Oui lorsqu'on te demande confirmation pour Fusionner.
Lorsque tu reçois un message du bon déroulement, supprime le fichier smitfraud.reg
5 Redémarre en mode sans echec Rémarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuye sur Entrée.
6 Relance un scan HijackThis et coche les lignes ci-dessous :
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 213.219.251.78 www.google.com
O1 - Hosts: 213.219.251.78 google.com
O1 - Hosts: 213.219.251.78 www.google.co.uk
O1 - Hosts: 213.219.251.78 google.co.uk
O1 - Hosts: 213.219.251.78 www.google.ca
O1 - Hosts: 213.219.251.78 google.ca
O1 - Hosts: 213.219.251.78 www.google.es
O1 - Hosts: 213.219.251.78 google.es
O1 - Hosts: 213.219.251.78 www.google.de
O1 - Hosts: 213.219.251.78 google.de
O1 - Hosts: 213.219.251.78 www.google.fr
O1 - Hosts: 213.219.251.78 google.fr
O1 - Hosts: 213.219.251.78 www.google.com.au
O1 - Hosts: 213.219.251.78 google.com.au
O1 - Hosts: 213.219.251.79 www.yahoo.com
O1 - Hosts: 213.219.251.79 yahoo.com
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 213.219.251.80 www.msn.com
O1 - Hosts: 213.219.251.80 msn.com
O1 - Hosts: 213.219.251.80 search.msn.com
O1 - Hosts: 213.219.251.80 www.search.msn.com
O1 - Hosts: 213.219.251.80 go.com
O1 - Hosts: 213.219.251.80 www.go.com
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\system32\azesearch4.ocx
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINNT\system32\azesearch4.ocx
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [lir] C:\WINNT\lir.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [Windows Update] scvhost.exe
O4 - HKLM\..\Run: [System Update] wuscv32.exe
O4 - HKLM\..\Run: [Internet Suspention] story.exe
O4 - HKLM\..\Run: [Microsoft Opeions] IEXwe.exe
O4 - HKLM\..\Run: [Jufualt] jxx2.exe
O4 - HKLM\..\Run: [WINRUN] svchost32.exe
O4 - HKLM\..\Run: [switp] C:\WINNT\switpa.exe
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - HKLM\..\RunServices: [System Update] wuscv32.exe
O4 - HKLM\..\RunServices: [Internet Suspention] story.exe
O4 - HKLM\..\RunServices: [Microsoft Opeions] IEXwe.exe
O4 - HKLM\..\RunServices: [WINRUN] svchost32.exed
O4 - HKCU\..\Run: [Intel system tool] C:\WINNT\system32\hookdump.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/b...
O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) - http://www.slotchbar.com/ist/softwares/v4.0/protect_reg...
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://11731.kit.carpediem.fr/FanBritneyVideo.exe
O16 - DPF: {B467A3AF-E45B-4B1B-9983-C035D988FB0F} (VacPro.belgio_ver10) - http://advnt01.com/dialer/belgio_ver10.CAB
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/play...
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O23 - Service: ISEXEng - Unknown owner - C:\WINNT\system32\angelex.exe (file missing)
Ferme toutes les fenêtres Internet Explorer, Outlook Express sauf Hijackthis,puis clique sur Fix checked
7 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer
8 Supprime les dossiers suivants (si tu les trouves):
C:\Program Files\QuickSearch
C:\Program Files\VBouncer
C:\Program Files\Daily Weather Forecast
C:\Program Files\AntivirusGold
C:\WINNT\lir.exe
C:\WINNT\switpa.exe
C:\WINNT\system32\iasada.dll
C:\WINNT\system32\angelex.exe
C:\WINNT\system32\azesearch4.ocx
C:\WINNT\system32\hookdump.exe
scvhost.exe --> Fais une recherche sur l'ordinateur(ATTENTION à l'orthographe)
wuscv32.exe --> Fais une recherche sur l'ordinateur
story.exe --> Fais une recherche sur l'ordinateur
IEXwe.exe --> Fais une recherche sur l'ordinateur
jxx2.exe --> Fais une recherche sur l'ordinateur
svchost32.exe --> Fais une recherche sur l'ordinateur
9 Lance Hoster - Toadbee et clique sur " Restore original Hosts "
10 Fais un clic droit le fichier Del_Domains.inf -->Installer
121 Lance et exécute CCleaner
12 Redémarre et poste un nouveau rapport hijackthis.
Lassé par la pub ? Créez un compte
- Contenus similaires :
