Tom's Guide > Forum > Sécurité - Virus > log hijackthis a analyser svp

log hijackthis a analyser svp

Forum Sécurité - Virus : log hijackthis a analyser svp

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
cocuz   08-10-2005 à 17:38:23

Bonjour, j'ai des stress avec mon ordi et je viens appeler à l'aide.
il est super lent par moment, il a vraiment du mal a démarrer comme s'il était tout le temps en train de chercher une application sur le disque. Il me met des messages d'erreur quand je l'éteins, enfin quand il veut bien s'éteindre alors si quelqu'un pouvait me dire ce que je dois faire ce serait sympa. Aussi, y'a mon anti virus (mc affee) qui a disparu de mon ordinateur.

Logfile of HijackThis v1.99.1
Scan saved at 21:54:59, on 07/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\intranet.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wasptis.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\etb\pokapoka75.exe
C:\Program Files\webHancer\Programs\whSurvey.exe
C:\Program Files\webHancer\Programs\whAgent.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\temp\salm.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Dfwdxy\Udyss.exe
C:\WINDOWS\System32\grqa46v7.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\whInstall\whInstaller.exe
C:\Program Files\Casperlab Software\No-Popup\NoPopup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.seektheglobe.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seektheglobe.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seektheglobe.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seektheglobe.com/sp2.php
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitegdp32.exe
O4 - HKLM\..\Run: [lsass] C:\windows\system32\eliteyit32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\temp532.exe -N
O4 - HKLM\..\Run: [Gughgntx] C:\Program Files\Dfwdxy\Udyss.exe
O4 - HKLM\..\Run: [grqa46v7] C:\WINDOWS\System32\grqa46v7.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\belgium_nm.exe -N
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [The Intranet] intranet.exe
O4 - HKLM\..\Run: [hud] c:\windows\hud.exe
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\RunServices: [strmsnmsgr] msnmsgrs.exe
O4 - HKLM\..\RunServices: [The Intranet] intranet.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\RunServices: [The Intranet] intranet.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install011.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ [...] ge-c17.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} - http://bis.180solutions.com/active [...] taller.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.be/net/import/ImageUploader3.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] owdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D1504D9-7CB3-4D02-9673-0D14C397612E}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D1504D9-7CB3-4D02-9673-0D14C397612E}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{1D1504D9-7CB3-4D02-9673-0D14C397612E}: NameServer = 195.238.2.22 195.238.2.21
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Intranet Service (IntranetService) - Brought to you by the Bandwidth Bandits - C:\WINDOWS\SYSTEM32\intranet.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

Merci à ceux qui prendront un peu de leur temps pour moi.

Cocuz

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
esteban54   08-10-2005 à 23:16:50
- 0 +

Bonsoir,

de très nombreuses infections, c'est pour un record ? :biggrin:
J'ai rarement vu ça !
en tout cas y'a du boulot...

1/ Télécharge et installe CCleaner

2/ Télécharge ces prog :
ad-aware
Spybot Search and Destroy
ewido
installe-les et mets-les à jour mais ne lance pas les scans maintenant

3/ Désinstalle si possible les prog que tu trouves dans la liste ci-dessous, via Ajout/suppression de Prog :

WebHancer
NewDotNet
Media Access
Internet Optimizer
BullsEye Network
ezula

4/ Télécharge LSPfix.exe
Lance LSPfix
Déconnecte-toi d'Internet et ferme toutes les fenêtres d'Internet Explorer.
Coche la case "I know what I'm doing"
Sélectionne toutes les instances des dll suivantes (s'il y en a, sinon ferme LSPfix)

newdotnet*_**.dll --> les * correspondent à un chiffre
whiehlpr.dll

et fais les glisser du panneau de gauche "keep" au panneau de droite "Remove".
Clique sur le bouton "Finish".

5/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.

6/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.seektheglobe.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seektheglobe.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seektheglobe.com/sp2.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seektheglobe.com/sp2.php
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitegdp32.exe
O4 - HKLM\..\Run: [lsass] C:\windows\system32\eliteyit32.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER --> inutile
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime --> inutile
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\temp532.exe -N
O4 - HKLM\..\Run: [Gughgntx] C:\Program Files\Dfwdxy\Udyss.exe
O4 - HKLM\..\Run: [grqa46v7] C:\WINDOWS\System32\grqa46v7.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\belgium_nm.exe -N
O4 - HKLM\..\Run: [The Intranet] intranet.exe
O4 - HKLM\..\Run: [hud] c:\windows\hud.exe
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\RunServices: [strmsnmsgr] msnmsgrs.exe
O4 - HKLM\..\RunServices: [The Intranet] intranet.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\RunServices: [The Intranet] intranet.exe

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install011.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ [...] ge-c17.cab
O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} - http://bis.180solutions.com/active [...] taller.cab

O23 - Service: Intranet Service (IntranetService) - Brought to you by the Bandwidth Bandits - C:\WINDOWS\SYSTEM32\intranet.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

7/ Assure-toi que tu as accès aux fichiers cachés.
(explorateur windows->outils->options des dossiers->affichage
"Afficher les fichiers et dossiers cachés" ->coché
"Masquer les extensions des fichiers dont le type est connu" ->décoché
"Masquer les fichiers protégés du système d'exploitation" ->décoché)

8/ ensuite supprime les fichiers et/ou dossiers suivants (s'ils sont encore là) :

C:\Program Files\ISTsvc\ --> supprime le dossier
C:\Program Files\newdotnet\ --> supprime le dossier
C:\windows\system32\elitegdp32.exe
C:\windows\system32\eliteyit32.exe
C:\Program Files\webHancer\ --> supprime le dossier
C:\Program Files\Common files\updmgr\ --> supprime le dossier
c:\temp\ --> vide ce dossier
C:\Program Files\Media Access\ --> supprime le dossier
C:\Program Files\Internet Optimizer\ --> supprime le dossier
C:\WINDOWS\System32\temp532.exe
C:\Program Files\Dfwdxy\ --> supprime le dossier
C:\WINDOWS\System32\grqa46v7.exe
C:\Program Files\Common Files\CMEII\ --> supprime le dossier
C:\Program Files\BullsEye Network\ --> supprime le dossier
C:\WINDOWS\System32\belgium_nm.exe
C:\WINDOWS\system32\intranet.exe
c:\windows\hud.exe
C:\WINDOWS\etb\ --> supprime le dossier
C:\WINDOWS\system32\msnmsgrs.exe
C:\Program Files\ezula\ --> supprime le dossier

9/ Lance CCleaner puis bouton Analyse ensuite Bouton Lancer le Nettoyage

10/ Lance un scan avec ad-aware SE (à la fin du scan, clic sur Next puis clic droit dans la fenêtre et Select All Objects puis Next puis OK)
idem avec Spybot Search and Destroy (clic sur Corriger les problèmes à la fin du scan)
idem avec ewido (Scan complet du système) et supprime tout ce qu'il trouve. Sauvegarde le rapport sur le bureau.

11/ Redémarre normalement
Si tu as perdu l’accès à internet
Lance LSPfix
Coche la case "I know what I'm doing"
Clique sur le bouton "Finish"
Redémarre normalement

12/ Poste le rapport de ewido et un nouveau rapport HijackThis.

Répondre à esteban54
cocuz   08-10-2005 à 23:23:07
- 0 +

Jcroi ke ouais je bat tous les record...lol en tout cas merci pour ta réponse parce que je commencais a etre désespérée et encore la j'avais deja réglé deux trois truc!je fais tout ce que tu m'as dit demain ou lundi et je poste le résultat merci en tout ca c'est sympa!

Répondre à cocuz
cocuz   11-10-2005 à 18:56:56
- 0 +

Voila j'ai fait tout ce que tu m'as indiqué.

voici le log HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 18:48:19, on 11/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\windows\System32\devldr32.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [The Intranet] intranet.exe
O4 - HKLM\..\RunServices: [The Intranet] intranet.exe
O4 - HKCU\..\Run: [The Intranet] intranet.exe
O4 - HKCU\..\RunServices: [The Intranet] intranet.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.be/net/import/ImageUploader3.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] owdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D1504D9-7CB3-4D02-9673-0D14C397612E}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D1504D9-7CB3-4D02-9673-0D14C397612E}: NameServer = 195.238.2.22 195.238.2.21
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intranet Service (IntranetService) - Unknown owner - intranet.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

et le rapport ewido:

+ Created on: 18:43:25, 11/10/2005
+ Report-Checksum: A1E6F279

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\TypeLib\\ -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2E30AC01-99D7-4E9C-B13E-94E1701B0AC9} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2E30AC01-99D7-4E9C-B13E-94E1701B0AC9}\TypeLib\\ -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8F0A06F6-DF4D-4D54-B8CA-E8EEDBAE6DDB} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8F0A06F6-DF4D-4D54-B8CA-E8EEDBAE6DDB}\TypeLib\\ -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5}\TypeLib\\ -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0}\TypeLib\\ -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CLSID\\ -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Classes\Tldctl2.URLLink.1\CLSID\\ -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\WinFormX.Installer\CLSID\\ -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinFormX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinFormX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT -> Spyware.NaviSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Security -> Spyware.NaviSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Enum -> Spyware.NaviSearch : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-3978503659-1615061138-1316817595-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-3978503659-1615061138-1316817595-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Error during cleaning
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C1ABSHY7\Belgium[2].exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C1ABSHY7\Belgium[3].exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C1ABSHY7\pre[1].exe -> TrojanDropper.Small.aeq : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C1ABSHY7\pre2[2].exe -> TrojanDownloader.Small.bnd : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C1ABSHY7\pre2[3].exe -> TrojanDownloader.Small.bnd : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C1ABSHY7\Belgium[4].exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\236BODGJ\belgium[1].exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\236BODGJ\protector_update[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\236BODGJ\belgium[2].exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\236BODGJ\Belgium[3].exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\236BODGJ\Belgium[4].exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\236BODGJ\pre2[1].exe -> TrojanDownloader.Small.bnd : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\236BODGJ\pre2[2].exe -> TrojanDownloader.Small.bnd : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\236BODGJ\Belgium[5].exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IJWFSJ8T\protector_update[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IJWFSJ8T\Belgium[1].exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IJWFSJ8T\Belgium[2].exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IJWFSJ8T\Belgium[3].exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IJWFSJ8T\Belgium[4].exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IJWFSJ8T\pre2[1].exe -> TrojanDownloader.Small.bnd : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IJWFSJ8T\silent_setup[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SXYJ0PUF\Belgium[1].exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SXYJ0PUF\Belgium[2].exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SXYJ0PUF\Belgium[3].exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SXYJ0PUF\proxy_inst[2].exe -> TrojanDropper.Small.aeq : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SXYJ0PUF\pre2[2].exe -> TrojanDownloader.Small.bnd : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SXYJ0PUF\silent_setup[2].exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SXYJ0PUF\Belgium[4].exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SXYJ0PUF\Belgium[5].exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\drivers\df_kmd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
C:\WINDOWS\system32\lukfd.exe -> Worm.Kelvir.bd : Cleaned with backup
C:\WINDOWS\system32\wasptis.exe -> Trojan.VB.vv : Cleaned with backup
C:\WINDOWS\system32\EGDHTML_1026.dll -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\P2P Networking -> Spyware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\MARSHAL3.DLL -> Spyware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\P2P Networking.eng -> Spyware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\eliteamp32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitelaj32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitewje32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitevbv32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\eliteaam32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitebsr32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitedso32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitexkp32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\eliteamg32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitefjg32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitersv32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitefpz32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitehlu32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitecxo32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitehzn32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitepdt32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitexnw32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\eliteutd32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\eliterag32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitesud32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\eliteyzk32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitenrk32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitetry32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\eliteyzx32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitecop32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitemdk32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5VNetInstaller.exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
C:\WINDOWS\NDNuninstall5_20.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall5_40.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\belgium.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\WINDOWS\silent_setup.exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\NDNuninstall5_64.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_10.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S299AAG3\pre[2].exe -> TrojanDropper.Small.aeq : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S299AAG3\pre2[2].exe -> TrojanDownloader.Small.bnd : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S299AAG3\silent_setup[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S299AAG3\Belgium[1].exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZHVFH36N\Belgium[1].exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZHVFH36N\Belgium[2].exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZDTT5JUQ\Belgium[1].exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZDTT5JUQ\Belgium[2].exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7SBUVNXG\silent_setup[2].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7SBUVNXG\silent_setup[3].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7SBUVNXG\Belgium[1].exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Belgacom\Desktop\temp532.exe -> Dialer.Generic : Cleaned with backup
C:\Program Files\MyWay\myBar\2.bin\MY2NS.EXE -> Spyware.MyWay : Cleaned with backup
C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL -> Spyware.MyWay : Cleaned with backup
C:\Program Files\MyWay\myBar\2.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay : Cleaned with backup
C:\Program Files\MyWay\myBar\2.bin\NPMYWAY.DLL -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0001013.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0002001.dll -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0003427.exe -> TrojanDownloader.Agent.tv : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0006599.vxd/C:/WINDOWS/System32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0006599.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0006599.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0006599.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0006599.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0006599.vxd/C:/WINDOWS/System32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0006599.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0009012.vxd/C:/WINDOWS/System32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0009012.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0009012.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0009012.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0009012.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0009012.vxd/C:/WINDOWS/System32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0009012.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0016012.vxd/C:/WINDOWS/System32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0016012.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0016012.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0016012.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0016012.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0016012.vxd/C:/WINDOWS/System32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0016012.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0016028.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0016029.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0016035.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0016039.EXE -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0016040.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0016041.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0017001.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019016.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019017.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019018.exe -> Dialer.Generic : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019019.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019020.exe -> Backdoor.VBbot.b : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019022.exe -> Backdoor.SdBot : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019023.exe -> TrojanDownloader.Agent.tv : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019025.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019041.exe -> Trojan.Small.cy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019042.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019043.exe -> Trojan.Small.cy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019044.exe -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019045.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019389.dll -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019390.dll -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019391.exe -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019392.dll -> Spyware.SideFind : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019393.dll -> Spyware.SideFind : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019394.exe -> TrojanDownloader.IstBar.jd : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019395.exe -> Spyware.PowerScan : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019396.exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019397.dll -> Spyware.AdMir : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019398.dll -> TrojanDownloader.IstBar.ik : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019399.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019576.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019577.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019578.exe -> TrojanDownloader.Keenval.e : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019581.exe -> Spyware.404Search.h : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019582.dll -> Spyware.404Search : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019588.dll -> TrojanDownloader.Wintrim.w : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019589.dll -> Spyware.Cydoor : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019590.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019591.dll -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019592.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019593.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019594.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019595.dll -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019596.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019597.exe -> TrojanDownloader.IstBar.ij : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019598.exe -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019599.exe -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019603.dll -> TrojanDownloader.Dyfuca.dt : Cleaned with backup
C:\System Volume Information\_restore{9AB0A5AF-6ECA-4F88-95DE-84E7F51BCC36}\RP1\A0019605.exe -> Adware.eZula : Cleaned with backup
C:\FOUND.032\FILE0001.CHK -> Spyware.BargainBuddy : Cleaned with backup
C:\FOUND.032\FILE0030.CHK -> Spyware.BargainBuddy : Cleaned with backup
C:\FOUND.037\FILE0000.CHK -> Spyware.BargainBuddy : Cleaned with backup
D:\Kazaa\TopSearch.dll -> Spyware.Altnet : Cleaned with backup
D:\checkgfie5344.exe -> TrojanDropper.Small.aeq : Cleaned with backup

Y'avait en effet un max d'infections.

Je n'ai pas fait de scan avec spybot parce que au départ je n'arrivais pas à l'installer, je n'ai réussi a l'installer qu'en mode sans échec mais là je n'avais pas accès aux mises à jour (puisque pas accès a internet en mode sans échec) et il n'a rien voulu scanner sans ces mises a jour. Si il faut quand meme que je le fasse maintenant dis le.

A l'étape 6, il y a plusieurs cases que tu m'avais dis de cocher et que je n'ai pas trouvée, à l'étape 8 idem.

Toujours à l'étape 8, je n'ai pas réussi a enlever newdotnet. J'ai reçu un message qui disait que le programme était occupé ou que le disque était peut-etre complet (enfin un truc dans le style parce que c'était en anglais...)

voila je pense que j'ai tout dit.

Répondre à cocuz
esteban54   11-10-2005 à 20:32:36
- 0 +

Bonsoir,

0/ Fais ceci :
Démarrer/Exécuter/ tape sc delete IntranetService puis Entrée

1/ Essaie à nouveau ceci :
Lance LSPfix
Déconnecte-toi d'Internet et ferme toutes les fenêtres d'Internet Explorer.
Coche la case "I know what I'm doing"
Sélectionne toutes les instances des dll qui commence par newdotnet
et fais-les glisser du panneau de gauche "keep" au panneau de droite "Remove". Ensuite clique sur le bouton "Finish".
Si elles sont déjà du côté "Remove" alors clique directement sur "Finish".

2/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.

3/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation

O4 - HKLM\..\Run: [The Intranet] intranet.exe
O4 - HKLM\..\RunServices: [The Intranet] intranet.exe
O4 - HKCU\..\Run: [The Intranet] intranet.exe
O4 - HKCU\..\RunServices: [The Intranet] intranet.exe

4/ ensuite supprime les fichiers et/ou dossiers suivants :

C:\windows\system32\intranet.exe --> supprime ce fichier si présent
C:\Program Files\NewDotNet\ --> essaie à nouveau de supprimer ce dossier

5/ Lance CCleaner puis bouton Analyse ensuite Bouton Lancer le Nettoyage

6/ Redémarre normalement puis fais un scan en ligne chez Panda

7/ Poste le rapport de Panda avec un nouveau rapport HijackThis.

Répondre à esteban54
cocuz   11-10-2005 à 22:56:41
- 0 +

le fichier a supprimer intranet.exe ds system 32 était absent. Newdotnet supprimé.

voila le rapport de panda


Détecté Désinfecté
Virus 0 0
Logiciel espion 0 0
Outils de piratage 0 0
Numéroteurs 0 0
Risques de sécurité 0 0
Fichiers suspects 0 0

et voici le hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 22:54:57, on 11/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\windows\System32\devldr32.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\KMaestro\KMaestro.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.be/net/import/ImageUploader3.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] owdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D1504D9-7CB3-4D02-9673-0D14C397612E}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D1504D9-7CB3-4D02-9673-0D14C397612E}: NameServer = 195.238.2.22 195.238.2.21
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Répondre à cocuz
esteban54   11-10-2005 à 23:04:06
- 0 +

impec.
plus rien d'infectieux dans ce rapport.

Répondre à esteban54
cocuz   11-10-2005 à 23:27:27
- 0 +

merci bcp vraiment super ce site!!!!
une vraie bénédiction!!!

Répondre à cocuz
esteban54   11-10-2005 à 23:33:07
- 0 +

Content d'avoir pu t'aider.
;-)

Répondre à esteban54
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > log hijackthis a analyser svp
Aller à :

Il y a 306 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,248 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens