winfixer 2005
Dernière réponse : dans Sécurité
salut
je me doute ke la kestion doit revenir souvent
mais depuis qque temps j'ai souvent cette fenetre winfixer qui s'ouvre (toujours qd je vais sur le site ogame.fr), je la ferme a chaque fois mais je ne peux m'assurer que je l'ai pas activer une fois.....;bref ne sait pas
quel sont les symptomes et si c'est ça comment le virer
merci d'avance et attention je suis une bille en informatique
je me doute ke la kestion doit revenir souvent
mais depuis qque temps j'ai souvent cette fenetre winfixer qui s'ouvre (toujours qd je vais sur le site ogame.fr), je la ferme a chaque fois mais je ne peux m'assurer que je l'ai pas activer une fois.....;bref ne sait pas
quel sont les symptomes et si c'est ça comment le virer
merci d'avance et attention je suis une bille en informatique
Autres pages sur : winfixer 2005
Lassé par la pub ? Créez un compte
le voilà
Logfile of HijackThis v1.99.1
Scan saved at 15:00:30, on 18/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe
C:\Program Files\Trend Micro\PC-cillin 9\PCCCLIENT.EXE
C:\Program Files\Trend Micro\PC-cillin 9\PCCGUIDE.EXE
C:\Program Files\Trend Micro\PC-cillin 9\POP3TRAP.EXE
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\olivier\Bureau\Internet\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&affjump=1&affil...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.isearch.com/index.php?app=SE&affjump=1&affil...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&affjump=1&affil...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O1 - Hosts: 66.159.18.17 www.greatfreehost.com
O1 - Hosts: 66.159.18.17 greatfreehost.com
O1 - Hosts: 66.159.18.17 www.hotfreehost.com
O1 - Hosts: 66.159.18.17 hotfreehost.com
O1 - Hosts: 66.159.18.17 www.agreathost.net
O1 - Hosts: 66.159.18.17 agreathost.net
O1 - Hosts: 66.159.18.17 www32.smutserver.com
O1 - Hosts: 66.159.18.17 www31.smutserver.com
O1 - Hosts: 66.159.18.17 www30.smutserver.com
O1 - Hosts: 66.159.18.17 www29.smutserver.com
O1 - Hosts: 66.159.18.17 www28.smutserver.com
O1 - Hosts: 66.159.18.17 www27.smutserver.com
O1 - Hosts: 66.159.18.17 www26.smutserver.com
O1 - Hosts: 66.159.18.17 www25.smutserver.com
O1 - Hosts: 66.159.18.17 www24.smutserver.com
O1 - Hosts: 66.159.18.17 www23.smutserver.com
O1 - Hosts: 66.159.18.17 www22.smutserver.com
O1 - Hosts: 66.159.18.17 www21.smutserver.com
O1 - Hosts: 66.159.18.17 www20.smutserver.com
O1 - Hosts: 66.159.18.17 www19.smutserver.com
O1 - Hosts: 66.159.18.17 www15.smutserver.com
O1 - Hosts: 66.159.18.17 www18.smutserver.com
O1 - Hosts: 66.159.18.17 www17.smutserver.com
O1 - Hosts: 66.159.18.17 www14.smutserver.com
O1 - Hosts: 66.159.18.17 www9.smutserver.com
O1 - Hosts: 66.159.18.17 www13.smutserver.com
O1 - Hosts: 66.159.18.17 www12.smutserver.com
O1 - Hosts: 66.159.18.17 www11.smutserver.com
O1 - Hosts: 66.159.18.17 www10.smutserver.com
O1 - Hosts: 66.159.18.17 www8.smutserver.com
O1 - Hosts: 66.159.18.17 www7.smutserver.com
O1 - Hosts: 66.159.18.17 www6.smutserver.com
O1 - Hosts: 66.159.18.17 www5.smutserver.com
O1 - Hosts: 66.159.18.17 www4.smutserver.com
O1 - Hosts: 66.159.18.17 www3.smutserver.com
O1 - Hosts: 66.159.18.17 www16.smutserver.com
O1 - Hosts: 66.159.18.17 www2.smutserver.com
O1 - Hosts: 66.159.18.17 smutserver.com
O1 - Hosts: 66.159.18.17 www1.smutserver.com
O1 - Hosts: 66.159.18.17 www10.kinghost.com
O1 - Hosts: 66.159.18.17 www.smutserver.com
O1 - Hosts: 66.159.18.17 www9.kinghost.com
O1 - Hosts: 66.159.18.17 www7.kinghost.com
O1 - Hosts: 66.159.18.17 www8.kinghost.com
O1 - Hosts: 66.159.18.17 www6.kinghost.com
O1 - Hosts: 66.159.18.17 www5.kinghost.com
O1 - Hosts: 66.159.18.17 www4.kinghost.com
O1 - Hosts: 66.159.18.17 www.kinghost.com
O1 - Hosts: 66.159.18.17 www3.kinghost.com
O1 - Hosts: 66.159.18.17 www2.kinghost.com
O1 - Hosts: 66.159.18.17 www1.kinghost.com
O1 - Hosts: 66.159.18.17 kinghost.com
O1 - Hosts: 66.159.18.17 www.ndhosting.com
O1 - Hosts: 66.159.18.17 www2.ndhosting.com
O1 - Hosts: 66.159.18.17 www3.ndhosting.com
O1 - Hosts: 66.159.18.17 www1.ndhosting.com
O1 - Hosts: 66.159.18.17 ndhosting.com
O1 - Hosts: 66.159.18.17 www.freesmutpages.com
O1 - Hosts: 66.159.18.17 apornhost.com
O1 - Hosts: 66.159.18.17 nasty-pages.com
O1 - Hosts: 66.159.18.17 www.nasty-pages.com
O1 - Hosts: 66.159.18.17 sexyfreehost.com
O1 - Hosts: 66.159.18.17 www.apornhost.com
O1 - Hosts: 66.159.18.17 www.sexyfreehost.com
O1 - Hosts: 66.159.18.17 x4web.com
O1 - Hosts: 66.159.18.17 www.x4web.com
O1 - Hosts: 66.159.18.17 sexplanets.com
O1 - Hosts: 66.159.18.17 www.sexplanets.com
O1 - Hosts: 66.159.18.17 maxismut.com
O1 - Hosts: 66.159.18.17 www.maxismut.com
O1 - Hosts: 66.159.18.17 tgpfriendly.com
O1 - Hosts: 66.159.18.17 www.tgpfriendly.com
O1 - Hosts: 66.159.18.17 tgp-server.com
O1 - Hosts: 66.159.18.17 www.tgp-server.com
O1 - Hosts: 66.159.18.17 magnaplza.com
O1 - Hosts: 66.159.18.17 free-xxx-server.com
O1 - Hosts: 66.159.18.17 www.free-xxx-server.com
O1 - Hosts: 66.159.18.17 www.magnaplza.com
O1 - Hosts: 66.159.18.17 libereco.net
O1 - Hosts: 66.159.18.17 0190-dialer.com
O1 - Hosts: 66.159.18.17 www.0190-dialer.com
O1 - Hosts: 66.159.18.17 www.libereco.net
O1 - Hosts: 66.159.18.17 xxxod.net
O1 - Hosts: 66.159.18.17 altsights.com
O1 - Hosts: 66.159.18.17 www.altsights.com
O1 - Hosts: 66.159.18.17 www.xxxod.net
O1 - Hosts: 66.159.18.17 adulthosting.com
O1 - Hosts: 66.159.18.17 www.adulthosting.com
O1 - Hosts: 66.159.18.17 superhova.com
O1 - Hosts: 66.159.18.17 bestpornhost.com
O1 - Hosts: 66.159.18.17 www.superhova.com
O1 - Hosts: 66.159.18.17 www.bestpornhost.com
O1 - Hosts: 66.159.18.17 hostingfree.com
O1 - Hosts: 66.159.18.17 www.hostingfree.com
O1 - Hosts: 66.159.18.17 xfreehosting.com
O1 - Hosts: 66.159.18.17 www.xfreehosting.com
O1 - Hosts: 66.159.18.17 blinghosting.com
O1 - Hosts: 66.159.18.17 www.blinghosting.com
O1 - Hosts: 66.159.18.17 x-x-x-hosting.com
O1 - Hosts: 66.159.18.17 www.x-x-x-hosting.com
O1 - Hosts: 66.159.18.17 pornparks.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O2 - BHO: ohb Class - {98640C3B-0699-4D51-ADB4-A6FC48ACB966} - C:\WINDOWS\System32\nst5.dll
O2 - BHO: Scriptlet.Tools - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bin\bin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [System startup] charmapx.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKLM\..\RunServices: [System startup] charmapx.exe
O4 - HKLM\..\RunServices: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - Global Startup: 3D!Turbo Experience.lnk = C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: Interface Chat Voila - http://chat9.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: Interface Chat Wanadoo - http://chat9.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1069A2A4-E332-4E55-B895-29ADC6278014}: NameServer = 80.10.246.1 80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{1069A2A4-E332-4E55-B895-29ADC6278014}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe
Logfile of HijackThis v1.99.1
Scan saved at 15:00:30, on 18/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe
C:\Program Files\Trend Micro\PC-cillin 9\PCCCLIENT.EXE
C:\Program Files\Trend Micro\PC-cillin 9\PCCGUIDE.EXE
C:\Program Files\Trend Micro\PC-cillin 9\POP3TRAP.EXE
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\olivier\Bureau\Internet\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&affjump=1&affil...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.isearch.com/index.php?app=SE&affjump=1&affil...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&affjump=1&affil...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O1 - Hosts: 66.159.18.17 www.greatfreehost.com
O1 - Hosts: 66.159.18.17 greatfreehost.com
O1 - Hosts: 66.159.18.17 www.hotfreehost.com
O1 - Hosts: 66.159.18.17 hotfreehost.com
O1 - Hosts: 66.159.18.17 www.agreathost.net
O1 - Hosts: 66.159.18.17 agreathost.net
O1 - Hosts: 66.159.18.17 www32.smutserver.com
O1 - Hosts: 66.159.18.17 www31.smutserver.com
O1 - Hosts: 66.159.18.17 www30.smutserver.com
O1 - Hosts: 66.159.18.17 www29.smutserver.com
O1 - Hosts: 66.159.18.17 www28.smutserver.com
O1 - Hosts: 66.159.18.17 www27.smutserver.com
O1 - Hosts: 66.159.18.17 www26.smutserver.com
O1 - Hosts: 66.159.18.17 www25.smutserver.com
O1 - Hosts: 66.159.18.17 www24.smutserver.com
O1 - Hosts: 66.159.18.17 www23.smutserver.com
O1 - Hosts: 66.159.18.17 www22.smutserver.com
O1 - Hosts: 66.159.18.17 www21.smutserver.com
O1 - Hosts: 66.159.18.17 www20.smutserver.com
O1 - Hosts: 66.159.18.17 www19.smutserver.com
O1 - Hosts: 66.159.18.17 www15.smutserver.com
O1 - Hosts: 66.159.18.17 www18.smutserver.com
O1 - Hosts: 66.159.18.17 www17.smutserver.com
O1 - Hosts: 66.159.18.17 www14.smutserver.com
O1 - Hosts: 66.159.18.17 www9.smutserver.com
O1 - Hosts: 66.159.18.17 www13.smutserver.com
O1 - Hosts: 66.159.18.17 www12.smutserver.com
O1 - Hosts: 66.159.18.17 www11.smutserver.com
O1 - Hosts: 66.159.18.17 www10.smutserver.com
O1 - Hosts: 66.159.18.17 www8.smutserver.com
O1 - Hosts: 66.159.18.17 www7.smutserver.com
O1 - Hosts: 66.159.18.17 www6.smutserver.com
O1 - Hosts: 66.159.18.17 www5.smutserver.com
O1 - Hosts: 66.159.18.17 www4.smutserver.com
O1 - Hosts: 66.159.18.17 www3.smutserver.com
O1 - Hosts: 66.159.18.17 www16.smutserver.com
O1 - Hosts: 66.159.18.17 www2.smutserver.com
O1 - Hosts: 66.159.18.17 smutserver.com
O1 - Hosts: 66.159.18.17 www1.smutserver.com
O1 - Hosts: 66.159.18.17 www10.kinghost.com
O1 - Hosts: 66.159.18.17 www.smutserver.com
O1 - Hosts: 66.159.18.17 www9.kinghost.com
O1 - Hosts: 66.159.18.17 www7.kinghost.com
O1 - Hosts: 66.159.18.17 www8.kinghost.com
O1 - Hosts: 66.159.18.17 www6.kinghost.com
O1 - Hosts: 66.159.18.17 www5.kinghost.com
O1 - Hosts: 66.159.18.17 www4.kinghost.com
O1 - Hosts: 66.159.18.17 www.kinghost.com
O1 - Hosts: 66.159.18.17 www3.kinghost.com
O1 - Hosts: 66.159.18.17 www2.kinghost.com
O1 - Hosts: 66.159.18.17 www1.kinghost.com
O1 - Hosts: 66.159.18.17 kinghost.com
O1 - Hosts: 66.159.18.17 www.ndhosting.com
O1 - Hosts: 66.159.18.17 www2.ndhosting.com
O1 - Hosts: 66.159.18.17 www3.ndhosting.com
O1 - Hosts: 66.159.18.17 www1.ndhosting.com
O1 - Hosts: 66.159.18.17 ndhosting.com
O1 - Hosts: 66.159.18.17 www.freesmutpages.com
O1 - Hosts: 66.159.18.17 apornhost.com
O1 - Hosts: 66.159.18.17 nasty-pages.com
O1 - Hosts: 66.159.18.17 www.nasty-pages.com
O1 - Hosts: 66.159.18.17 sexyfreehost.com
O1 - Hosts: 66.159.18.17 www.apornhost.com
O1 - Hosts: 66.159.18.17 www.sexyfreehost.com
O1 - Hosts: 66.159.18.17 x4web.com
O1 - Hosts: 66.159.18.17 www.x4web.com
O1 - Hosts: 66.159.18.17 sexplanets.com
O1 - Hosts: 66.159.18.17 www.sexplanets.com
O1 - Hosts: 66.159.18.17 maxismut.com
O1 - Hosts: 66.159.18.17 www.maxismut.com
O1 - Hosts: 66.159.18.17 tgpfriendly.com
O1 - Hosts: 66.159.18.17 www.tgpfriendly.com
O1 - Hosts: 66.159.18.17 tgp-server.com
O1 - Hosts: 66.159.18.17 www.tgp-server.com
O1 - Hosts: 66.159.18.17 magnaplza.com
O1 - Hosts: 66.159.18.17 free-xxx-server.com
O1 - Hosts: 66.159.18.17 www.free-xxx-server.com
O1 - Hosts: 66.159.18.17 www.magnaplza.com
O1 - Hosts: 66.159.18.17 libereco.net
O1 - Hosts: 66.159.18.17 0190-dialer.com
O1 - Hosts: 66.159.18.17 www.0190-dialer.com
O1 - Hosts: 66.159.18.17 www.libereco.net
O1 - Hosts: 66.159.18.17 xxxod.net
O1 - Hosts: 66.159.18.17 altsights.com
O1 - Hosts: 66.159.18.17 www.altsights.com
O1 - Hosts: 66.159.18.17 www.xxxod.net
O1 - Hosts: 66.159.18.17 adulthosting.com
O1 - Hosts: 66.159.18.17 www.adulthosting.com
O1 - Hosts: 66.159.18.17 superhova.com
O1 - Hosts: 66.159.18.17 bestpornhost.com
O1 - Hosts: 66.159.18.17 www.superhova.com
O1 - Hosts: 66.159.18.17 www.bestpornhost.com
O1 - Hosts: 66.159.18.17 hostingfree.com
O1 - Hosts: 66.159.18.17 www.hostingfree.com
O1 - Hosts: 66.159.18.17 xfreehosting.com
O1 - Hosts: 66.159.18.17 www.xfreehosting.com
O1 - Hosts: 66.159.18.17 blinghosting.com
O1 - Hosts: 66.159.18.17 www.blinghosting.com
O1 - Hosts: 66.159.18.17 x-x-x-hosting.com
O1 - Hosts: 66.159.18.17 www.x-x-x-hosting.com
O1 - Hosts: 66.159.18.17 pornparks.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O2 - BHO: ohb Class - {98640C3B-0699-4D51-ADB4-A6FC48ACB966} - C:\WINDOWS\System32\nst5.dll
O2 - BHO: Scriptlet.Tools - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bin\bin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [System startup] charmapx.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKLM\..\RunServices: [System startup] charmapx.exe
O4 - HKLM\..\RunServices: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - Global Startup: 3D!Turbo Experience.lnk = C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: Interface Chat Voila - http://chat9.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: Interface Chat Wanadoo - http://chat9.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1069A2A4-E332-4E55-B895-29ADC6278014}: NameServer = 80.10.246.1 80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{1069A2A4-E332-4E55-B895-29ADC6278014}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe
fixe ceci
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&affjump=1&affil...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.isearch.com/index.php?app=SE&affjump=1&affil...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&affjump=1&affil...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O1 - Hosts: 66.159.18.17 www.greatfreehost.com
O1 - Hosts: 66.159.18.17 greatfreehost.com
O1 - Hosts: 66.159.18.17 www.hotfreehost.com
O1 - Hosts: 66.159.18.17 hotfreehost.com
O1 - Hosts: 66.159.18.17 www.agreathost.net
O1 - Hosts: 66.159.18.17 agreathost.net
O1 - Hosts: 66.159.18.17 www32.smutserver.com
O1 - Hosts: 66.159.18.17 www31.smutserver.com
O1 - Hosts: 66.159.18.17 www30.smutserver.com
O1 - Hosts: 66.159.18.17 www29.smutserver.com
O1 - Hosts: 66.159.18.17 www28.smutserver.com
O1 - Hosts: 66.159.18.17 www27.smutserver.com
O1 - Hosts: 66.159.18.17 www26.smutserver.com
O1 - Hosts: 66.159.18.17 www25.smutserver.com
O1 - Hosts: 66.159.18.17 www24.smutserver.com
O1 - Hosts: 66.159.18.17 www23.smutserver.com
O1 - Hosts: 66.159.18.17 www22.smutserver.com
O1 - Hosts: 66.159.18.17 www21.smutserver.com
O1 - Hosts: 66.159.18.17 www20.smutserver.com
O1 - Hosts: 66.159.18.17 www19.smutserver.com
O1 - Hosts: 66.159.18.17 www15.smutserver.com
O1 - Hosts: 66.159.18.17 www18.smutserver.com
O1 - Hosts: 66.159.18.17 www17.smutserver.com
O1 - Hosts: 66.159.18.17 www14.smutserver.com
O1 - Hosts: 66.159.18.17 www9.smutserver.com
O1 - Hosts: 66.159.18.17 www13.smutserver.com
O1 - Hosts: 66.159.18.17 www12.smutserver.com
O1 - Hosts: 66.159.18.17 www11.smutserver.com
O1 - Hosts: 66.159.18.17 www10.smutserver.com
O1 - Hosts: 66.159.18.17 www8.smutserver.com
O1 - Hosts: 66.159.18.17 www7.smutserver.com
O1 - Hosts: 66.159.18.17 www6.smutserver.com
O1 - Hosts: 66.159.18.17 www5.smutserver.com
O1 - Hosts: 66.159.18.17 www4.smutserver.com
O1 - Hosts: 66.159.18.17 www3.smutserver.com
O1 - Hosts: 66.159.18.17 www16.smutserver.com
O1 - Hosts: 66.159.18.17 www2.smutserver.com
O1 - Hosts: 66.159.18.17 smutserver.com
O1 - Hosts: 66.159.18.17 www1.smutserver.com
O1 - Hosts: 66.159.18.17 www10.kinghost.com
O1 - Hosts: 66.159.18.17 www.smutserver.com
O1 - Hosts: 66.159.18.17 www9.kinghost.com
O1 - Hosts: 66.159.18.17 www7.kinghost.com
O1 - Hosts: 66.159.18.17 www8.kinghost.com
O1 - Hosts: 66.159.18.17 www6.kinghost.com
O1 - Hosts: 66.159.18.17 www5.kinghost.com
O1 - Hosts: 66.159.18.17 www4.kinghost.com
O1 - Hosts: 66.159.18.17 www.kinghost.com
O1 - Hosts: 66.159.18.17 www3.kinghost.com
O1 - Hosts: 66.159.18.17 www2.kinghost.com
O1 - Hosts: 66.159.18.17 www1.kinghost.com
O1 - Hosts: 66.159.18.17 kinghost.com
O1 - Hosts: 66.159.18.17 www.ndhosting.com
O1 - Hosts: 66.159.18.17 www2.ndhosting.com
O1 - Hosts: 66.159.18.17 www3.ndhosting.com
O1 - Hosts: 66.159.18.17 www1.ndhosting.com
O1 - Hosts: 66.159.18.17 ndhosting.com
O1 - Hosts: 66.159.18.17 www.freesmutpages.com
O1 - Hosts: 66.159.18.17 apornhost.com
O1 - Hosts: 66.159.18.17 nasty-pages.com
O1 - Hosts: 66.159.18.17 www.nasty-pages.com
O1 - Hosts: 66.159.18.17 sexyfreehost.com
O1 - Hosts: 66.159.18.17 www.apornhost.com
O1 - Hosts: 66.159.18.17 www.sexyfreehost.com
O1 - Hosts: 66.159.18.17 x4web.com
O1 - Hosts: 66.159.18.17 www.x4web.com
O1 - Hosts: 66.159.18.17 sexplanets.com
O1 - Hosts: 66.159.18.17 www.sexplanets.com
O1 - Hosts: 66.159.18.17 maxismut.com
O1 - Hosts: 66.159.18.17 www.maxismut.com
O1 - Hosts: 66.159.18.17 tgpfriendly.com
O1 - Hosts: 66.159.18.17 www.tgpfriendly.com
O1 - Hosts: 66.159.18.17 tgp-server.com
O1 - Hosts: 66.159.18.17 www.tgp-server.com
O1 - Hosts: 66.159.18.17 magnaplza.com
O1 - Hosts: 66.159.18.17 free-xxx-server.com
O1 - Hosts: 66.159.18.17 www.free-xxx-server.com
O1 - Hosts: 66.159.18.17 www.magnaplza.com
O1 - Hosts: 66.159.18.17 libereco.net
O1 - Hosts: 66.159.18.17 0190-dialer.com
O1 - Hosts: 66.159.18.17 www.0190-dialer.com
O1 - Hosts: 66.159.18.17 www.libereco.net
O1 - Hosts: 66.159.18.17 xxxod.net
O1 - Hosts: 66.159.18.17 altsights.com
O1 - Hosts: 66.159.18.17 www.altsights.com
O1 - Hosts: 66.159.18.17 www.xxxod.net
O1 - Hosts: 66.159.18.17 adulthosting.com
O1 - Hosts: 66.159.18.17 www.adulthosting.com
O1 - Hosts: 66.159.18.17 superhova.com
O1 - Hosts: 66.159.18.17 bestpornhost.com
O1 - Hosts: 66.159.18.17 www.superhova.com
O1 - Hosts: 66.159.18.17 www.bestpornhost.com
O1 - Hosts: 66.159.18.17 hostingfree.com
O1 - Hosts: 66.159.18.17 www.hostingfree.com
O1 - Hosts: 66.159.18.17 xfreehosting.com
O1 - Hosts: 66.159.18.17 www.xfreehosting.com
O1 - Hosts: 66.159.18.17 blinghosting.com
O1 - Hosts: 66.159.18.17 www.blinghosting.com
O1 - Hosts: 66.159.18.17 x-x-x-hosting.com
O1 - Hosts: 66.159.18.17 www.x-x-x-hosting.com
O1 - Hosts: 66.159.18.17 pornparks.com
O2 - BHO: ohb Class - {98640C3B-0699-4D51-ADB4-A6FC48ACB966} - C:\WINDOWS\System32\nst5.dll
O2 - BHO: Scriptlet.Tools - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bin\bin.dll
O4 - HKLM\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKLM\..\RunServices: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKCU\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
supprime ceci
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
redemare et reposte un log
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&affjump=1&affil...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.isearch.com/index.php?app=SE&affjump=1&affil...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&affjump=1&affil...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O1 - Hosts: 66.159.18.17 www.greatfreehost.com
O1 - Hosts: 66.159.18.17 greatfreehost.com
O1 - Hosts: 66.159.18.17 www.hotfreehost.com
O1 - Hosts: 66.159.18.17 hotfreehost.com
O1 - Hosts: 66.159.18.17 www.agreathost.net
O1 - Hosts: 66.159.18.17 agreathost.net
O1 - Hosts: 66.159.18.17 www32.smutserver.com
O1 - Hosts: 66.159.18.17 www31.smutserver.com
O1 - Hosts: 66.159.18.17 www30.smutserver.com
O1 - Hosts: 66.159.18.17 www29.smutserver.com
O1 - Hosts: 66.159.18.17 www28.smutserver.com
O1 - Hosts: 66.159.18.17 www27.smutserver.com
O1 - Hosts: 66.159.18.17 www26.smutserver.com
O1 - Hosts: 66.159.18.17 www25.smutserver.com
O1 - Hosts: 66.159.18.17 www24.smutserver.com
O1 - Hosts: 66.159.18.17 www23.smutserver.com
O1 - Hosts: 66.159.18.17 www22.smutserver.com
O1 - Hosts: 66.159.18.17 www21.smutserver.com
O1 - Hosts: 66.159.18.17 www20.smutserver.com
O1 - Hosts: 66.159.18.17 www19.smutserver.com
O1 - Hosts: 66.159.18.17 www15.smutserver.com
O1 - Hosts: 66.159.18.17 www18.smutserver.com
O1 - Hosts: 66.159.18.17 www17.smutserver.com
O1 - Hosts: 66.159.18.17 www14.smutserver.com
O1 - Hosts: 66.159.18.17 www9.smutserver.com
O1 - Hosts: 66.159.18.17 www13.smutserver.com
O1 - Hosts: 66.159.18.17 www12.smutserver.com
O1 - Hosts: 66.159.18.17 www11.smutserver.com
O1 - Hosts: 66.159.18.17 www10.smutserver.com
O1 - Hosts: 66.159.18.17 www8.smutserver.com
O1 - Hosts: 66.159.18.17 www7.smutserver.com
O1 - Hosts: 66.159.18.17 www6.smutserver.com
O1 - Hosts: 66.159.18.17 www5.smutserver.com
O1 - Hosts: 66.159.18.17 www4.smutserver.com
O1 - Hosts: 66.159.18.17 www3.smutserver.com
O1 - Hosts: 66.159.18.17 www16.smutserver.com
O1 - Hosts: 66.159.18.17 www2.smutserver.com
O1 - Hosts: 66.159.18.17 smutserver.com
O1 - Hosts: 66.159.18.17 www1.smutserver.com
O1 - Hosts: 66.159.18.17 www10.kinghost.com
O1 - Hosts: 66.159.18.17 www.smutserver.com
O1 - Hosts: 66.159.18.17 www9.kinghost.com
O1 - Hosts: 66.159.18.17 www7.kinghost.com
O1 - Hosts: 66.159.18.17 www8.kinghost.com
O1 - Hosts: 66.159.18.17 www6.kinghost.com
O1 - Hosts: 66.159.18.17 www5.kinghost.com
O1 - Hosts: 66.159.18.17 www4.kinghost.com
O1 - Hosts: 66.159.18.17 www.kinghost.com
O1 - Hosts: 66.159.18.17 www3.kinghost.com
O1 - Hosts: 66.159.18.17 www2.kinghost.com
O1 - Hosts: 66.159.18.17 www1.kinghost.com
O1 - Hosts: 66.159.18.17 kinghost.com
O1 - Hosts: 66.159.18.17 www.ndhosting.com
O1 - Hosts: 66.159.18.17 www2.ndhosting.com
O1 - Hosts: 66.159.18.17 www3.ndhosting.com
O1 - Hosts: 66.159.18.17 www1.ndhosting.com
O1 - Hosts: 66.159.18.17 ndhosting.com
O1 - Hosts: 66.159.18.17 www.freesmutpages.com
O1 - Hosts: 66.159.18.17 apornhost.com
O1 - Hosts: 66.159.18.17 nasty-pages.com
O1 - Hosts: 66.159.18.17 www.nasty-pages.com
O1 - Hosts: 66.159.18.17 sexyfreehost.com
O1 - Hosts: 66.159.18.17 www.apornhost.com
O1 - Hosts: 66.159.18.17 www.sexyfreehost.com
O1 - Hosts: 66.159.18.17 x4web.com
O1 - Hosts: 66.159.18.17 www.x4web.com
O1 - Hosts: 66.159.18.17 sexplanets.com
O1 - Hosts: 66.159.18.17 www.sexplanets.com
O1 - Hosts: 66.159.18.17 maxismut.com
O1 - Hosts: 66.159.18.17 www.maxismut.com
O1 - Hosts: 66.159.18.17 tgpfriendly.com
O1 - Hosts: 66.159.18.17 www.tgpfriendly.com
O1 - Hosts: 66.159.18.17 tgp-server.com
O1 - Hosts: 66.159.18.17 www.tgp-server.com
O1 - Hosts: 66.159.18.17 magnaplza.com
O1 - Hosts: 66.159.18.17 free-xxx-server.com
O1 - Hosts: 66.159.18.17 www.free-xxx-server.com
O1 - Hosts: 66.159.18.17 www.magnaplza.com
O1 - Hosts: 66.159.18.17 libereco.net
O1 - Hosts: 66.159.18.17 0190-dialer.com
O1 - Hosts: 66.159.18.17 www.0190-dialer.com
O1 - Hosts: 66.159.18.17 www.libereco.net
O1 - Hosts: 66.159.18.17 xxxod.net
O1 - Hosts: 66.159.18.17 altsights.com
O1 - Hosts: 66.159.18.17 www.altsights.com
O1 - Hosts: 66.159.18.17 www.xxxod.net
O1 - Hosts: 66.159.18.17 adulthosting.com
O1 - Hosts: 66.159.18.17 www.adulthosting.com
O1 - Hosts: 66.159.18.17 superhova.com
O1 - Hosts: 66.159.18.17 bestpornhost.com
O1 - Hosts: 66.159.18.17 www.superhova.com
O1 - Hosts: 66.159.18.17 www.bestpornhost.com
O1 - Hosts: 66.159.18.17 hostingfree.com
O1 - Hosts: 66.159.18.17 www.hostingfree.com
O1 - Hosts: 66.159.18.17 xfreehosting.com
O1 - Hosts: 66.159.18.17 www.xfreehosting.com
O1 - Hosts: 66.159.18.17 blinghosting.com
O1 - Hosts: 66.159.18.17 www.blinghosting.com
O1 - Hosts: 66.159.18.17 x-x-x-hosting.com
O1 - Hosts: 66.159.18.17 www.x-x-x-hosting.com
O1 - Hosts: 66.159.18.17 pornparks.com
O2 - BHO: ohb Class - {98640C3B-0699-4D51-ADB4-A6FC48ACB966} - C:\WINDOWS\System32\nst5.dll
O2 - BHO: Scriptlet.Tools - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bin\bin.dll
O4 - HKLM\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKLM\..\RunServices: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKCU\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
supprime ceci
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
redemare et reposte un log
bon j'ai fait ça
ms ne comprends points ce que je fais
px tu me dire ce que j'ai?
encore mille merci
Logfile of HijackThis v1.99.1
Scan saved at 15:35:44, on 18/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\olivier\Bureau\Internet\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O1 - Hosts: 66.159.20.51 astalavista.box.sk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [System startup] charmapx.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [System startup] charmapx.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - Global Startup: 3D!Turbo Experience.lnk = C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: Interface Chat Voila - http://chat9.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: Interface Chat Wanadoo - http://chat9.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1069A2A4-E332-4E55-B895-29ADC6278014}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{1069A2A4-E332-4E55-B895-29ADC6278014}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe
ms ne comprends points ce que je fais
px tu me dire ce que j'ai?
encore mille merci
Logfile of HijackThis v1.99.1
Scan saved at 15:35:44, on 18/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\olivier\Bureau\Internet\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O1 - Hosts: 66.159.20.51 astalavista.box.sk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [System startup] charmapx.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [System startup] charmapx.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - Global Startup: 3D!Turbo Experience.lnk = C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: Interface Chat Voila - http://chat9.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: Interface Chat Wanadoo - http://chat9.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1069A2A4-E332-4E55-B895-29ADC6278014}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{1069A2A4-E332-4E55-B895-29ADC6278014}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe
je ne sais tjrs pas les symptomes et surtout si le site ogame.fr est sur ou pas
j'en viens et scan derriere
Logfile of HijackThis v1.99.1
Scan saved at 15:50:35, on 18/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\olivier\Bureau\Internet\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [System startup] charmapx.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [System startup] charmapx.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - Global Startup: 3D!Turbo Experience.lnk = C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: Interface Chat Voila - http://chat9.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: Interface Chat Wanadoo - http://chat9.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1069A2A4-E332-4E55-B895-29ADC6278014}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{1069A2A4-E332-4E55-B895-29ADC6278014}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe
j'en viens et scan derriere
Logfile of HijackThis v1.99.1
Scan saved at 15:50:35, on 18/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\olivier\Bureau\Internet\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [System startup] charmapx.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [System startup] charmapx.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - Global Startup: 3D!Turbo Experience.lnk = C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: Interface Chat Voila - http://chat9.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: Interface Chat Wanadoo - http://chat9.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1069A2A4-E332-4E55-B895-29ADC6278014}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{1069A2A4-E332-4E55-B895-29ADC6278014}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe
je ne sais pas ce que c'est winfixer
mais je sais que qd j'ouvre "ogame" il y a une fenetre qui s'ouvre en me disant que je suis infecté et me demande de telecharger winfixer alors j ne le fais pas ms une fois ou deux j'ai pu craqué je ne sais plus
donc juste savoir si fermer la fenetre suffisait à ne pas etre infecté
encore mille merci de ta connaissance et de ta patience
mais je sais que qd j'ouvre "ogame" il y a une fenetre qui s'ouvre en me disant que je suis infecté et me demande de telecharger winfixer alors j ne le fais pas ms une fois ou deux j'ai pu craqué je ne sais plus
donc juste savoir si fermer la fenetre suffisait à ne pas etre infecté
encore mille merci de ta connaissance et de ta patience
Lassé par la pub ? Créez un compte
