virus "look2me", quelqu'un peut m'aider?
Dernière réponse : dans Sécurité
Salut !
d'après ce que j'ai entendu, on m'as dit que j'avais un virus qui s'appele "look2me".
J'ai des publicité qui s'ouvrent tout le temp, et j'ai des fenêtres qui s'ouvrent toutes seules et qui generalement finissent par /yyy105 ou mes pages internet changent ou alors ca m'envoit vers d'autres sites...
est ce que quelqu'un pourrait m'aider s'il vous plait ?
mercii lol !
![:hello:]( ":hello:")
d'après ce que j'ai entendu, on m'as dit que j'avais un virus qui s'appele "look2me".
J'ai des publicité qui s'ouvrent tout le temp, et j'ai des fenêtres qui s'ouvrent toutes seules et qui generalement finissent par /yyy105 ou mes pages internet changent ou alors ca m'envoit vers d'autres sites...
est ce que quelqu'un pourrait m'aider s'il vous plait ?
mercii lol !
Autres pages sur : virus look2me aider
Lassé par la pub ? Créez un compte
Bonjour
Télécharge HijackThis v1.99.1
http://telechargement.zebulon.fr/160-Patch-fran%E7ais-pour-HijackThis-1.99.1.html
Tutorial
http://sitethemacs.free.fr/aide_enregistrement_de_hijackthi.htm
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm
Fais un scan et poste l'analyse ici.
Télécharge HijackThis v1.99.1
http://telechargement.zebulon.fr/160-Patch-fran%E7ais-pour-HijackThis-1.99.1.html
Tutorial
http://sitethemacs.free.fr/aide_enregistrement_de_hijackthi.htm
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm
Fais un scan et poste l'analyse ici.
re!
alors voila mon rapport :
Logfile of HijackThis v1.99.1
Scan saved at 23:28:25, on 01/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
G:\messenger plus!\MsgPlus.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
G:\quick time\iTunesHelper.exe
C:\windows\mousepad6.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
G:\shareaza\Shareaza\Shareaza.exe
C:\Program Files\Messenger\msmsgs.exe
G:\skype\Phone\Skype.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\svchost.exe
c:\windows\mousepad7.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\FICHIE~1\wiok\wiokm.exe
C:\PROGRA~1\FICHIE~1\wiok\wioka.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\FIREFOX\FIREFOX.EXE
G:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yoursearchspace.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Local Area Network] OpenGL.exe
O4 - HKLM\..\Run: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\Run: [RBc Test] bldc32a.exe
O4 - HKLM\..\Run: [System Update Service] update.pif
O4 - HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\Run: [Windows System Security] sys32.pif
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [MS Sys Security] mswin.pif
O4 - HKLM\..\Run: [FWDMON.EXE] C:\WINDOWS\System32\fwdmon.exe
O4 - HKLM\..\Run: [Windows Security] ms32.pif
O4 - HKLM\..\Run: [Wind Security] mswi32.pif
O4 - HKLM\..\Run: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\Run: [Alive SYstem] C:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\pz2.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [KAVPersonal50] "G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [qvwdhgu] C:\WINDOWS\System32\sfrwywu.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\quick time\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] c:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] c:\windows\mousepad7.exe
O4 - HKLM\..\Run: [newname] c:\windows\newname7.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Local Area Network] OpenGL.exe
O4 - HKLM\..\RunServices: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [RBc Test] bldc32a.exe
O4 - HKLM\..\RunServices: [System Update Service] update.pif
O4 - HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\RunServices: [Windows System Security] sys32.pif
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKLM\..\RunServices: [MS Sys Security] mswin.pif
O4 - HKLM\..\RunServices: [Windows Security] ms32.pif
O4 - HKLM\..\RunServices: [Wind Security] mswi32.pif
O4 - HKLM\..\RunServices: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Windows Security] ms32.pif
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Wind Security] mswi32.pif
O4 - HKCU\..\Run: [SVC Service] svc32.pif
O4 - HKCU\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKCU\..\Run: [Shareaza] "G:\shareaza\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "G:\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wiok] C:\PROGRA~1\FICHIE~1\wiok\wiokm.exe
O4 - HKCU\..\RunServices: [Windows Security] ms32.pif
O4 - HKCU\..\RunServices: [Wind Security] mswi32.pif
O4 - HKCU\..\RunServices: [SVC Service] svc32.pif
O4 - HKCU\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: svchost.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.ca...
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\en0ql1d51.dll
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T2hhbmE\command.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
mercii :-D
alors voila mon rapport :
Logfile of HijackThis v1.99.1
Scan saved at 23:28:25, on 01/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
G:\messenger plus!\MsgPlus.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
G:\quick time\iTunesHelper.exe
C:\windows\mousepad6.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
G:\shareaza\Shareaza\Shareaza.exe
C:\Program Files\Messenger\msmsgs.exe
G:\skype\Phone\Skype.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\svchost.exe
c:\windows\mousepad7.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\FICHIE~1\wiok\wiokm.exe
C:\PROGRA~1\FICHIE~1\wiok\wioka.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\FIREFOX\FIREFOX.EXE
G:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yoursearchspace.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Local Area Network] OpenGL.exe
O4 - HKLM\..\Run: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\Run: [RBc Test] bldc32a.exe
O4 - HKLM\..\Run: [System Update Service] update.pif
O4 - HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\Run: [Windows System Security] sys32.pif
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [MS Sys Security] mswin.pif
O4 - HKLM\..\Run: [FWDMON.EXE] C:\WINDOWS\System32\fwdmon.exe
O4 - HKLM\..\Run: [Windows Security] ms32.pif
O4 - HKLM\..\Run: [Wind Security] mswi32.pif
O4 - HKLM\..\Run: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\Run: [Alive SYstem] C:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\pz2.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [KAVPersonal50] "G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [qvwdhgu] C:\WINDOWS\System32\sfrwywu.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\quick time\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] c:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] c:\windows\mousepad7.exe
O4 - HKLM\..\Run: [newname] c:\windows\newname7.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Local Area Network] OpenGL.exe
O4 - HKLM\..\RunServices: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [RBc Test] bldc32a.exe
O4 - HKLM\..\RunServices: [System Update Service] update.pif
O4 - HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\RunServices: [Windows System Security] sys32.pif
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKLM\..\RunServices: [MS Sys Security] mswin.pif
O4 - HKLM\..\RunServices: [Windows Security] ms32.pif
O4 - HKLM\..\RunServices: [Wind Security] mswi32.pif
O4 - HKLM\..\RunServices: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Windows Security] ms32.pif
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Wind Security] mswi32.pif
O4 - HKCU\..\Run: [SVC Service] svc32.pif
O4 - HKCU\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKCU\..\Run: [Shareaza] "G:\shareaza\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "G:\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wiok] C:\PROGRA~1\FICHIE~1\wiok\wiokm.exe
O4 - HKCU\..\RunServices: [Windows Security] ms32.pif
O4 - HKCU\..\RunServices: [Wind Security] mswi32.pif
O4 - HKCU\..\RunServices: [SVC Service] svc32.pif
O4 - HKCU\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: svchost.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.ca...
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\en0ql1d51.dll
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T2hhbmE\command.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
mercii :-D
Waouhhhh :-o
Effectivement, Look2me, mais aussi beaucoup, beaucoup d'autres. :-(
On commence.
Prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant ce fix.
Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 1 minute". Clique OK
* Il se relancera après la minute, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
#Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.
Effectivement, Look2me, mais aussi beaucoup, beaucoup d'autres. :-(
On commence.
Prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant ce fix.
Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 1 minute". Clique OK
* Il se relancera après la minute, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
#Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.
Je dirais plutot :haaa:
On va essayer de faire un peu de "menage automatique" pour avoir moins de travail parce que la.
Installe Ewido
Décoche lors de l'installation les deux cases.
Lance Ewido puis mets le à jour.
Fais un Scan complet du système.
Sauvegarde puis colle le rappport.
On va essayer de faire un peu de "menage automatique" pour avoir moins de travail parce que la.
Installe Ewido
Décoche lors de l'installation les deux cases.
Lance Ewido puis mets le à jour.
Fais un Scan complet du système.
Sauvegarde puis colle le rappport.
j'ai fait tout ce que tu m'as dit, voila le rapport de look2me-destroyer :
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 02/04/2006 00:05:09
Infected! C:\WINDOWS\system32\j0p0la7m1d.dll
Infected! C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837487.dll
Infected! C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837489.dll
Infected! C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837490.dll
Infected! C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837515.dll
Infected! C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0837542.dll
Infected! C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0838549.dll
Infected! C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0838568.dll
Infected! C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0838573.dll
Infected! C:\WINDOWS\system32\j0p0la7m1d.dll
Infected! C:\WINDOWS\system32\kndhept.dll
Infected! C:\WINDOWS\system32\lv0009dme.dll
Infected! C:\WINDOWS\system32\n0r2la9o1d.dll
Infected! C:\WINDOWS\system32\pkcn20.dll
Infected! C:\WINDOWS\system32\swell32.dll
Infected! C:\WINDOWS\system32\uxbui.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\j0p0la7m1d.dll
C:\WINDOWS\system32\j0p0la7m1d.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837487.dll
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837487.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837489.dll
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837489.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837490.dll
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837490.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837515.dll
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837515.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0837542.dll
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0837542.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0838549.dll
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0838549.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0838568.dll
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0838568.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0838573.dll
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0838573.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\j0p0la7m1d.dll
C:\WINDOWS\system32\j0p0la7m1d.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\kndhept.dll
C:\WINDOWS\system32\kndhept.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\lv0009dme.dll
C:\WINDOWS\system32\lv0009dme.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\n0r2la9o1d.dll
C:\WINDOWS\system32\n0r2la9o1d.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\pkcn20.dll
C:\WINDOWS\system32\pkcn20.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\swell32.dll
C:\WINDOWS\system32\swell32.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\uxbui.dll
C:\WINDOWS\system32\uxbui.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DFCA045B-AC64-42D1-9690-771A527524FE}"
HKCR\Clsid\{DFCA045B-AC64-42D1-9690-771A527524FE}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8FB1A931-999D-4FA9-95A1-664C79214F5A}"
HKCR\Clsid\{8FB1A931-999D-4FA9-95A1-664C79214F5A}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{10918B5E-8FF0-492C-B311-905E35FE8F90}"
HKCR\Clsid\{10918B5E-8FF0-492C-B311-905E35FE8F90}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D1A03277-67EE-4077-855D-E419A1A84479}"
HKCR\Clsid\{D1A03277-67EE-4077-855D-E419A1A84479}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D944D578-3223-469E-BE96-0B4FA968215B}"
HKCR\Clsid\{D944D578-3223-469E-BE96-0B4FA968215B}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrateurs - Succeeded
et le noueau rapport Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 00:21:18, on 02/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\T2hhbmE\command.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
G:\messenger plus!\MsgPlus.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
G:\quick time\iTunesHelper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\windows\mousepad7.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
G:\shareaza\Shareaza\Shareaza.exe
C:\PROGRA~1\FICHIE~1\wiok\wiokm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\svchost.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
C:\PROGRA~1\FICHIE~1\wiok\wioka.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yoursearchspace.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Local Area Network] OpenGL.exe
O4 - HKLM\..\Run: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\Run: [RBc Test] bldc32a.exe
O4 - HKLM\..\Run: [System Update Service] update.pif
O4 - HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\Run: [Windows System Security] sys32.pif
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [MS Sys Security] mswin.pif
O4 - HKLM\..\Run: [FWDMON.EXE] C:\WINDOWS\System32\fwdmon.exe
O4 - HKLM\..\Run: [Windows Security] ms32.pif
O4 - HKLM\..\Run: [Wind Security] mswi32.pif
O4 - HKLM\..\Run: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\Run: [Alive SYstem] C:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\pz2.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [KAVPersonal50] "G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [qvwdhgu] C:\WINDOWS\System32\sfrwywu.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\quick time\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname7.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Local Area Network] OpenGL.exe
O4 - HKLM\..\RunServices: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [RBc Test] bldc32a.exe
O4 - HKLM\..\RunServices: [System Update Service] update.pif
O4 - HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\RunServices: [Windows System Security] sys32.pif
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKLM\..\RunServices: [MS Sys Security] mswin.pif
O4 - HKLM\..\RunServices: [Windows Security] ms32.pif
O4 - HKLM\..\RunServices: [Wind Security] mswi32.pif
O4 - HKLM\..\RunServices: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Windows Security] ms32.pif
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Wind Security] mswi32.pif
O4 - HKCU\..\Run: [SVC Service] svc32.pif
O4 - HKCU\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKCU\..\Run: [Shareaza] "G:\shareaza\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "G:\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [wiok] C:\PROGRA~1\FICHIE~1\wiok\wiokm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Windows Security] ms32.pif
O4 - HKCU\..\RunServices: [Wind Security] mswi32.pif
O4 - HKCU\..\RunServices: [SVC Service] svc32.pif
O4 - HKCU\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: svchost.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.ca...
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T2hhbmE\command.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
voila!! encore merci ;-)
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 02/04/2006 00:05:09
Infected! C:\WINDOWS\system32\j0p0la7m1d.dll
Infected! C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837487.dll
Infected! C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837489.dll
Infected! C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837490.dll
Infected! C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837515.dll
Infected! C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0837542.dll
Infected! C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0838549.dll
Infected! C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0838568.dll
Infected! C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0838573.dll
Infected! C:\WINDOWS\system32\j0p0la7m1d.dll
Infected! C:\WINDOWS\system32\kndhept.dll
Infected! C:\WINDOWS\system32\lv0009dme.dll
Infected! C:\WINDOWS\system32\n0r2la9o1d.dll
Infected! C:\WINDOWS\system32\pkcn20.dll
Infected! C:\WINDOWS\system32\swell32.dll
Infected! C:\WINDOWS\system32\uxbui.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\j0p0la7m1d.dll
C:\WINDOWS\system32\j0p0la7m1d.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837487.dll
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837487.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837489.dll
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837489.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837490.dll
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837490.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837515.dll
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP380\A0837515.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0837542.dll
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0837542.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0838549.dll
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0838549.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0838568.dll
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0838568.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0838573.dll
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP381\A0838573.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\j0p0la7m1d.dll
C:\WINDOWS\system32\j0p0la7m1d.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\kndhept.dll
C:\WINDOWS\system32\kndhept.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\lv0009dme.dll
C:\WINDOWS\system32\lv0009dme.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\n0r2la9o1d.dll
C:\WINDOWS\system32\n0r2la9o1d.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\pkcn20.dll
C:\WINDOWS\system32\pkcn20.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\swell32.dll
C:\WINDOWS\system32\swell32.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\uxbui.dll
C:\WINDOWS\system32\uxbui.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DFCA045B-AC64-42D1-9690-771A527524FE}"
HKCR\Clsid\{DFCA045B-AC64-42D1-9690-771A527524FE}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8FB1A931-999D-4FA9-95A1-664C79214F5A}"
HKCR\Clsid\{8FB1A931-999D-4FA9-95A1-664C79214F5A}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{10918B5E-8FF0-492C-B311-905E35FE8F90}"
HKCR\Clsid\{10918B5E-8FF0-492C-B311-905E35FE8F90}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D1A03277-67EE-4077-855D-E419A1A84479}"
HKCR\Clsid\{D1A03277-67EE-4077-855D-E419A1A84479}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D944D578-3223-469E-BE96-0B4FA968215B}"
HKCR\Clsid\{D944D578-3223-469E-BE96-0B4FA968215B}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrateurs - Succeeded
et le noueau rapport Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 00:21:18, on 02/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\T2hhbmE\command.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
G:\messenger plus!\MsgPlus.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
G:\quick time\iTunesHelper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\windows\mousepad7.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
G:\shareaza\Shareaza\Shareaza.exe
C:\PROGRA~1\FICHIE~1\wiok\wiokm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\svchost.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
C:\PROGRA~1\FICHIE~1\wiok\wioka.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yoursearchspace.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Local Area Network] OpenGL.exe
O4 - HKLM\..\Run: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\Run: [RBc Test] bldc32a.exe
O4 - HKLM\..\Run: [System Update Service] update.pif
O4 - HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\Run: [Windows System Security] sys32.pif
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [MS Sys Security] mswin.pif
O4 - HKLM\..\Run: [FWDMON.EXE] C:\WINDOWS\System32\fwdmon.exe
O4 - HKLM\..\Run: [Windows Security] ms32.pif
O4 - HKLM\..\Run: [Wind Security] mswi32.pif
O4 - HKLM\..\Run: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\Run: [Alive SYstem] C:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\pz2.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [KAVPersonal50] "G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [qvwdhgu] C:\WINDOWS\System32\sfrwywu.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\quick time\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname7.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Local Area Network] OpenGL.exe
O4 - HKLM\..\RunServices: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [RBc Test] bldc32a.exe
O4 - HKLM\..\RunServices: [System Update Service] update.pif
O4 - HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\RunServices: [Windows System Security] sys32.pif
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKLM\..\RunServices: [MS Sys Security] mswin.pif
O4 - HKLM\..\RunServices: [Windows Security] ms32.pif
O4 - HKLM\..\RunServices: [Wind Security] mswi32.pif
O4 - HKLM\..\RunServices: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Windows Security] ms32.pif
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Wind Security] mswi32.pif
O4 - HKCU\..\Run: [SVC Service] svc32.pif
O4 - HKCU\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKCU\..\Run: [Shareaza] "G:\shareaza\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "G:\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [wiok] C:\PROGRA~1\FICHIE~1\wiok\wiokm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Windows Security] ms32.pif
O4 - HKCU\..\RunServices: [Wind Security] mswi32.pif
O4 - HKCU\..\RunServices: [SVC Service] svc32.pif
O4 - HKCU\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: svchost.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.ca...
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T2hhbmE\command.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
voila!! encore merci ;-)
Si tu parles anglais, le tuto de Merjin, le fondateur d'HijackThis.
http://www.merijn.org/files/BFU.rtf
Comme tu peux le voir, ce qui change, ce sont les scripts.
Les plus utilisés sont
EGDACCESS
et
alcanshorty
Si tu fais un clic gauche sur les liens, tu ouvres une page internet dans laquelle tu vois les fichiers qui sont recherchés.
Dans la manip, il faut faire un clic droit pour les télécharger.
Il est aussi possible de créer ses propres scripts.
http://www.merijn.org/files/BFU.rtf
Comme tu peux le voir, ce qui change, ce sont les scripts.
Les plus utilisés sont
EGDACCESS
et
alcanshorty
Si tu fais un clic gauche sur les liens, tu ouvres une page internet dans laquelle tu vois les fichiers qui sont recherchés.
Dans la manip, il faut faire un clic droit pour les télécharger.
Il est aussi possible de créer ses propres scripts.
Bien, plus de Look2me.
OOn continue dans le débroussaillage.
1 Télécharge
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
Ewido
http://www.ewido.net/fr/download/
Tu l'installes et tu le mets à jour.
Brute Force Uninstaller (de Merijn)
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)
FAIS UN CLIC-DROIT ICI et choisis "Enregistrer la cible sous..." afin de télécharger Alcanshorty.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : Alcanshorty.bfu et BFU.exe (très important).
2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
3 Lance le nettoyage avec CCleaner.
4 Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
Sous Scriptline to execute copie/colle cette ligne :
c:\bfu\Alcanshorty.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.
Clique Exit pour fermer le programme BFU.
5 Lance Ewido.
Fais un scan en mode complet.
Sauvegardes le rapport.
6 Redémarre normalement et poste un nouveau log HijackThis avec le rapport d'Ewido.n continue.
OOn continue dans le débroussaillage.
1 Télécharge
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
Ewido
http://www.ewido.net/fr/download/
Tu l'installes et tu le mets à jour.
Brute Force Uninstaller (de Merijn)
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)
FAIS UN CLIC-DROIT ICI et choisis "Enregistrer la cible sous..." afin de télécharger Alcanshorty.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : Alcanshorty.bfu et BFU.exe (très important).
2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
3 Lance le nettoyage avec CCleaner.
4 Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
Sous Scriptline to execute copie/colle cette ligne :
c:\bfu\Alcanshorty.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.
Clique Exit pour fermer le programme BFU.
5 Lance Ewido.
Fais un scan en mode complet.
Sauvegardes le rapport.
6 Redémarre normalement et poste un nouveau log HijackThis avec le rapport d'Ewido.n continue.
Re
Je viens de me rendre compte qu'IDN refuse encore les liens. Il y a de plus en plus de lien cassés.
Pour télécharger Alcanshorty.bfu, va sur ce lien et fais le clic droit sur le premier site (celui de Metallica)
http://www.google.fr/search?hl=fr&q=Alcanshorty.bfu+&bt...
Je viens de me rendre compte qu'IDN refuse encore les liens. Il y a de plus en plus de lien cassés.
Pour télécharger Alcanshorty.bfu, va sur ce lien et fais le clic droit sur le premier site (celui de Metallica)
http://www.google.fr/search?hl=fr&q=Alcanshorty.bfu+&bt...
Clic droit-> Enregistre sous ici
Edit: ne marche pas :-D
Lance BFU
Clique sur le bouton a cote du dossier
Colle ce lien
Clique sur Ok puis Execute
Edit: ne marche pas :-D
Lance BFU
Clique sur le bouton a cote du dossier
Colle ce lien
Clique sur Ok puis Execute
après avoir fait tout cke tu m'as dit, voila mon rapport hjt :
Logfile of HijackThis v1.99.1
Scan saved at 04:13:14, on 02/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
G:\messenger plus!\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
G:\quick time\iTunesHelper.exe
C:\windows\mousepad7.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
G:\shareaza\Shareaza\Shareaza.exe
C:\Program Files\Messenger\msmsgs.exe
G:\skype\Phone\Skype.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yoursearchspace.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Local Area Network] OpenGL.exe
O4 - HKLM\..\Run: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\Run: [RBc Test] bldc32a.exe
O4 - HKLM\..\Run: [System Update Service] update.pif
O4 - HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\Run: [Windows System Security] sys32.pif
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [MS Sys Security] mswin.pif
O4 - HKLM\..\Run: [FWDMON.EXE] C:\WINDOWS\System32\fwdmon.exe
O4 - HKLM\..\Run: [Windows Security] ms32.pif
O4 - HKLM\..\Run: [Wind Security] mswi32.pif
O4 - HKLM\..\Run: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\Run: [Alive SYstem] C:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\pz2.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [KAVPersonal50] "G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [qvwdhgu] C:\WINDOWS\System32\sfrwywu.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\quick time\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Local Area Network] OpenGL.exe
O4 - HKLM\..\RunServices: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [RBc Test] bldc32a.exe
O4 - HKLM\..\RunServices: [System Update Service] update.pif
O4 - HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\RunServices: [Windows System Security] sys32.pif
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKLM\..\RunServices: [MS Sys Security] mswin.pif
O4 - HKLM\..\RunServices: [Windows Security] ms32.pif
O4 - HKLM\..\RunServices: [Wind Security] mswi32.pif
O4 - HKLM\..\RunServices: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Windows Security] ms32.pif
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Wind Security] mswi32.pif
O4 - HKCU\..\Run: [SVC Service] svc32.pif
O4 - HKCU\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKCU\..\Run: [Shareaza] "G:\shareaza\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "G:\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Windows Security] ms32.pif
O4 - HKCU\..\RunServices: [Wind Security] mswi32.pif
O4 - HKCU\..\RunServices: [SVC Service] svc32.pif
O4 - HKCU\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.ca...
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T2hhbmE\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
mais par contre, le rapport ewido je l'ai bien enregisté seulment il est beaucoup trop long donc jpeu pa l'envoyé à moins ed poster au moin 10messages! lol :-?
Logfile of HijackThis v1.99.1
Scan saved at 04:13:14, on 02/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
G:\messenger plus!\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
G:\quick time\iTunesHelper.exe
C:\windows\mousepad7.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
G:\shareaza\Shareaza\Shareaza.exe
C:\Program Files\Messenger\msmsgs.exe
G:\skype\Phone\Skype.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yoursearchspace.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Local Area Network] OpenGL.exe
O4 - HKLM\..\Run: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\Run: [RBc Test] bldc32a.exe
O4 - HKLM\..\Run: [System Update Service] update.pif
O4 - HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\Run: [Windows System Security] sys32.pif
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [MS Sys Security] mswin.pif
O4 - HKLM\..\Run: [FWDMON.EXE] C:\WINDOWS\System32\fwdmon.exe
O4 - HKLM\..\Run: [Windows Security] ms32.pif
O4 - HKLM\..\Run: [Wind Security] mswi32.pif
O4 - HKLM\..\Run: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\Run: [Alive SYstem] C:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\pz2.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [KAVPersonal50] "G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [qvwdhgu] C:\WINDOWS\System32\sfrwywu.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\quick time\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Local Area Network] OpenGL.exe
O4 - HKLM\..\RunServices: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [RBc Test] bldc32a.exe
O4 - HKLM\..\RunServices: [System Update Service] update.pif
O4 - HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\RunServices: [Windows System Security] sys32.pif
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKLM\..\RunServices: [MS Sys Security] mswin.pif
O4 - HKLM\..\RunServices: [Windows Security] ms32.pif
O4 - HKLM\..\RunServices: [Wind Security] mswi32.pif
O4 - HKLM\..\RunServices: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Windows Security] ms32.pif
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Wind Security] mswi32.pif
O4 - HKCU\..\Run: [SVC Service] svc32.pif
O4 - HKCU\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKCU\..\Run: [Shareaza] "G:\shareaza\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "G:\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Windows Security] ms32.pif
O4 - HKCU\..\RunServices: [Wind Security] mswi32.pif
O4 - HKCU\..\RunServices: [SVC Service] svc32.pif
O4 - HKCU\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.ca...
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T2hhbmE\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
mais par contre, le rapport ewido je l'ai bien enregisté seulment il est beaucoup trop long donc jpeu pa l'envoyé à moins ed poster au moin 10messages! lol :-?
Bonjour
Ewido a fait un gros travail comme d'habitude. Mais ton rapport est toujours très chargé.
1 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
2 Relance un scan HijackThis et coche les lignes ci-dessous :
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yoursearchspace.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Local Area Network] OpenGL.exe
O4 - HKLM\..\Run: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\Run: [RBc Test] bldc32a.exe
O4 - HKLM\..\Run: [System Update Service] update.pif
O4 - HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\Run: [Windows System Security] sys32.pif
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [MS Sys Security] mswin.pif
O4 - HKLM\..\Run: [FWDMON.EXE] C:\WINDOWS\System32\fwdmon.exe
O4 - HKLM\..\Run: [Windows Security] ms32.pif
O4 - HKLM\..\Run: [Wind Security] mswi32.pif
O4 - HKLM\..\Run: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\Run: [Alive SYstem] C:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\pz2.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [qvwdhgu] C:\WINDOWS\System32\sfrwywu.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\RunServices: [Local Area Network] OpenGL.exe
O4 - HKLM\..\RunServices: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [RBc Test] bldc32a.exe
O4 - HKLM\..\RunServices: [System Update Service] update.pif
O4 - HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\RunServices: [Windows System Security] sys32.pif
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKLM\..\RunServices: [MS Sys Security] mswin.pif
O4 - HKLM\..\RunServices: [Windows Security] ms32.pif
O4 - HKLM\..\RunServices: [Wind Security] mswi32.pif
O4 - HKLM\..\RunServices: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Windows Security] ms32.pif
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Wind Security] mswi32.pif
O4 - HKCU\..\Run: [SVC Service] svc32.pif
O4 - HKCU\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKCU\..\RunServices: [Windows Security] ms32.pif
O4 - HKCU\..\RunServices: [Wind Security] mswi32.pif
O4 - HKCU\..\RunServices: [SVC Service] svc32.pif
O4 - HKCU\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.ca...
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T2hhbmE\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
3 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer
4 Tu clique sur Démarrer puis Exécuter, tu tapes services.msc et tu cliques sur OK.
Dans la liste des services, cherche et sélectionne
"Command Service" / double clique sur la ligne
/ vérifie dans Chemin d'accès des fichiers exécutables qu'il
s'agit bien de "C:\WINDOWS\T2hhbmE\command.exe" / dans Type de démarrage,
sélectionne Désactiver / valide la modification.
Recommence avec
Network Monitor et C:\Program Files\Network Monitor\netmon.exe
5 Désinstalle ces applications (si tu les trouves) dans Ajout-Suppression de programmes :
Toolbar888
Windows ControlAd
winupdates
outlook
Network Monitor
6 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :
C:\Program Files\Network Monitor
C:\Program Files\Toolbar888
C:\Program Files\Windows ControlAd
C:\Program Files\winupdates
C:\Program Files\outlook
C:\WINDOWS\System32\fwdmon.exe
C:\WINDOWS\System32\scchost.exe --> respecte bien l'orthographe.
C:\WINDOWS\System32\sfrwywu.exe
C:\pz2.exe
C:\WINDOWS\T2hhbmE
C:\WINDOWS\Nail.exe
C:\WINDOWS\etb
C:\windows\keyboard7.exe
C:\windows\mousepad7.exe
bldc32a.exe
hhs32.pif
mrhsvc.exe
msdos.pif
mswi32.pif
mswin.pif
ms32.pif
OpenGL.exe
svc32.pif
sys32.pif
update.pif
updates.pif
wininit.exe
winlog.exe
wkz.exe
Pour ces derniers, probablement dans C:\WINDOWS\System32 ou C:\WINDOWS
7 Lance le nettoyage avec CCleaner.
Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.
8 Redémarre normalement et poste un nouveau log HijackThis.
Ewido a fait un gros travail comme d'habitude. Mais ton rapport est toujours très chargé.
1 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
2 Relance un scan HijackThis et coche les lignes ci-dessous :
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yoursearchspace.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Local Area Network] OpenGL.exe
O4 - HKLM\..\Run: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\Run: [RBc Test] bldc32a.exe
O4 - HKLM\..\Run: [System Update Service] update.pif
O4 - HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\Run: [Windows System Security] sys32.pif
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [MS Sys Security] mswin.pif
O4 - HKLM\..\Run: [FWDMON.EXE] C:\WINDOWS\System32\fwdmon.exe
O4 - HKLM\..\Run: [Windows Security] ms32.pif
O4 - HKLM\..\Run: [Wind Security] mswi32.pif
O4 - HKLM\..\Run: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\Run: [Alive SYstem] C:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\pz2.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [qvwdhgu] C:\WINDOWS\System32\sfrwywu.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\RunServices: [Local Area Network] OpenGL.exe
O4 - HKLM\..\RunServices: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [RBc Test] bldc32a.exe
O4 - HKLM\..\RunServices: [System Update Service] update.pif
O4 - HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\RunServices: [Windows System Security] sys32.pif
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKLM\..\RunServices: [MS Sys Security] mswin.pif
O4 - HKLM\..\RunServices: [Windows Security] ms32.pif
O4 - HKLM\..\RunServices: [Wind Security] mswi32.pif
O4 - HKLM\..\RunServices: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Windows Security] ms32.pif
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Wind Security] mswi32.pif
O4 - HKCU\..\Run: [SVC Service] svc32.pif
O4 - HKCU\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKCU\..\RunServices: [Windows Security] ms32.pif
O4 - HKCU\..\RunServices: [Wind Security] mswi32.pif
O4 - HKCU\..\RunServices: [SVC Service] svc32.pif
O4 - HKCU\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.ca...
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T2hhbmE\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
3 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer
4 Tu clique sur Démarrer puis Exécuter, tu tapes services.msc et tu cliques sur OK.
Dans la liste des services, cherche et sélectionne
"Command Service" / double clique sur la ligne
/ vérifie dans Chemin d'accès des fichiers exécutables qu'il
s'agit bien de "C:\WINDOWS\T2hhbmE\command.exe" / dans Type de démarrage,
sélectionne Désactiver / valide la modification.
Recommence avec
Network Monitor et C:\Program Files\Network Monitor\netmon.exe
5 Désinstalle ces applications (si tu les trouves) dans Ajout-Suppression de programmes :
Toolbar888
Windows ControlAd
winupdates
outlook
Network Monitor
6 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :
C:\Program Files\Network Monitor
C:\Program Files\Toolbar888
C:\Program Files\Windows ControlAd
C:\Program Files\winupdates
C:\Program Files\outlook
C:\WINDOWS\System32\fwdmon.exe
C:\WINDOWS\System32\scchost.exe --> respecte bien l'orthographe.
C:\WINDOWS\System32\sfrwywu.exe
C:\pz2.exe
C:\WINDOWS\T2hhbmE
C:\WINDOWS\Nail.exe
C:\WINDOWS\etb
C:\windows\keyboard7.exe
C:\windows\mousepad7.exe
bldc32a.exe
hhs32.pif
mrhsvc.exe
msdos.pif
mswi32.pif
mswin.pif
ms32.pif
OpenGL.exe
svc32.pif
sys32.pif
update.pif
updates.pif
wininit.exe
winlog.exe
wkz.exe
Pour ces derniers, probablement dans C:\WINDOWS\System32 ou C:\WINDOWS
7 Lance le nettoyage avec CCleaner.
Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.
8 Redémarre normalement et poste un nouveau log HijackThis.
Ree!
sayé j'ai fait tout sa , alors voici mon rapport hjt :
Logfile of HijackThis v1.99.1
Scan saved at 04:42:01, on 08/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\LXSUPMON.EXE
G:\messenger plus!\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
G:\quick time\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
G:\shareaza\Shareaza\Shareaza.exe
G:\skype\Phone\Skype.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
G:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yoursearchspace.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Local Area Network] OpenGL.exe
O4 - HKLM\..\Run: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\Run: [RBc Test] bldc32a.exe
O4 - HKLM\..\Run: [System Update Service] update.pif
O4 - HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\Run: [Windows System Security] sys32.pif
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [MS Sys Security] mswin.pif
O4 - HKLM\..\Run: [FWDMON.EXE] C:\WINDOWS\System32\fwdmon.exe
O4 - HKLM\..\Run: [Windows Security] ms32.pif
O4 - HKLM\..\Run: [Wind Security] mswi32.pif
O4 - HKLM\..\Run: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\Run: [Alive SYstem] C:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\pz2.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [KAVPersonal50] "G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [qvwdhgu] C:\WINDOWS\System32\sfrwywu.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\quick time\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Local Area Network] OpenGL.exe
O4 - HKLM\..\RunServices: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [RBc Test] bldc32a.exe
O4 - HKLM\..\RunServices: [System Update Service] update.pif
O4 - HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\RunServices: [Windows System Security] sys32.pif
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKLM\..\RunServices: [MS Sys Security] mswin.pif
O4 - HKLM\..\RunServices: [Windows Security] ms32.pif
O4 - HKLM\..\RunServices: [Wind Security] mswi32.pif
O4 - HKLM\..\RunServices: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Windows Security] ms32.pif
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Wind Security] mswi32.pif
O4 - HKCU\..\Run: [SVC Service] svc32.pif
O4 - HKCU\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKCU\..\Run: [Shareaza] "G:\shareaza\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "G:\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Windows Security] ms32.pif
O4 - HKCU\..\RunServices: [Wind Security] mswi32.pif
O4 - HKCU\..\RunServices: [SVC Service] svc32.pif
O4 - HKCU\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.ca...
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\mhwsock.dll (file missing)
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
il y a encore beaucoup de virus ? :-o
Mercii! :-P
sayé j'ai fait tout sa , alors voici mon rapport hjt :
Logfile of HijackThis v1.99.1
Scan saved at 04:42:01, on 08/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\LXSUPMON.EXE
G:\messenger plus!\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
G:\quick time\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
G:\shareaza\Shareaza\Shareaza.exe
G:\skype\Phone\Skype.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
G:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yoursearchspace.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Local Area Network] OpenGL.exe
O4 - HKLM\..\Run: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\Run: [RBc Test] bldc32a.exe
O4 - HKLM\..\Run: [System Update Service] update.pif
O4 - HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\Run: [Windows System Security] sys32.pif
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [MS Sys Security] mswin.pif
O4 - HKLM\..\Run: [FWDMON.EXE] C:\WINDOWS\System32\fwdmon.exe
O4 - HKLM\..\Run: [Windows Security] ms32.pif
O4 - HKLM\..\Run: [Wind Security] mswi32.pif
O4 - HKLM\..\Run: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\Run: [Alive SYstem] C:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\pz2.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [KAVPersonal50] "G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [qvwdhgu] C:\WINDOWS\System32\sfrwywu.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\quick time\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Local Area Network] OpenGL.exe
O4 - HKLM\..\RunServices: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [RBc Test] bldc32a.exe
O4 - HKLM\..\RunServices: [System Update Service] update.pif
O4 - HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\RunServices: [Windows System Security] sys32.pif
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKLM\..\RunServices: [MS Sys Security] mswin.pif
O4 - HKLM\..\RunServices: [Windows Security] ms32.pif
O4 - HKLM\..\RunServices: [Wind Security] mswi32.pif
O4 - HKLM\..\RunServices: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Windows Security] ms32.pif
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Wind Security] mswi32.pif
O4 - HKCU\..\Run: [SVC Service] svc32.pif
O4 - HKCU\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKCU\..\Run: [Shareaza] "G:\shareaza\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "G:\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Windows Security] ms32.pif
O4 - HKCU\..\RunServices: [Wind Security] mswi32.pif
O4 - HKCU\..\RunServices: [SVC Service] svc32.pif
O4 - HKCU\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.ca...
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\mhwsock.dll (file missing)
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
il y a encore beaucoup de virus ? :-o
Mercii! :-P
Bonjour
Je ne comprend pas, c'est comme si tu n'avais rien fais.
On fais différemment pour l'instant.
Fais une analyse antivirus en ligne sur BitDefender
http://www.bitdefender.fr/scan8/ie.html
Colle son rapport ici.
Je ne comprend pas, c'est comme si tu n'avais rien fais.
On fais différemment pour l'instant.
Fais une analyse antivirus en ligne sur BitDefender
http://www.bitdefender.fr/scan8/ie.html
Colle son rapport ici.
Fichier analysé
Statut
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP386\A0849315.exe
Infecté par: Trojan.Dropper.Vb.KK
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP386\A0849315.exe
Echec de la désinfection
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP386\A0849315.exe
Supprimé
C:\WINDOWS\system32\guard.tmp
Détecté avec: Adware.Dinky.A.Trojan
C:\WINDOWS\system32\guard.tmp
Supprimé
C:\WINDOWS\system32\mc-110-12-0000137.exe
Infecté par: Trojan.Downloader.Agent.FE
C:\WINDOWS\system32\mc-110-12-0000137.exe
Echec de la désinfection
C:\WINDOWS\system32\mc-110-12-0000137.exe
Supprimé
C:\WINDOWS\z.bat
Infecté par: Trojan.Bat.Secdrop.E
C:\WINDOWS\z.bat
Echec de la désinfection
C:\WINDOWS\z.bat
Supprimé
BitDefender Online Scanner - Rapport virus en temps réel
Généré à: Sun, Apr 09, 2006 - 01:47:33
Info d'analyse
Fichiers scannés
597393
Infectés Fichiers
4
Virus Détectés
Trojan.Downloader.Agent.FE
1
Trojan.Bat.Secdrop.E
1
Adware.Dinky.A.Trojan
1
Trojan.Dropper.Vb.KK
1
Statut
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP386\A0849315.exe
Infecté par: Trojan.Dropper.Vb.KK
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP386\A0849315.exe
Echec de la désinfection
C:\System Volume Information\_restore{986F5467-C01A-44C5-95C4-3FE8141FF6CD}\RP386\A0849315.exe
Supprimé
C:\WINDOWS\system32\guard.tmp
Détecté avec: Adware.Dinky.A.Trojan
C:\WINDOWS\system32\guard.tmp
Supprimé
C:\WINDOWS\system32\mc-110-12-0000137.exe
Infecté par: Trojan.Downloader.Agent.FE
C:\WINDOWS\system32\mc-110-12-0000137.exe
Echec de la désinfection
C:\WINDOWS\system32\mc-110-12-0000137.exe
Supprimé
C:\WINDOWS\z.bat
Infecté par: Trojan.Bat.Secdrop.E
C:\WINDOWS\z.bat
Echec de la désinfection
C:\WINDOWS\z.bat
Supprimé
BitDefender Online Scanner - Rapport virus en temps réel
Généré à: Sun, Apr 09, 2006 - 01:47:33
Info d'analyse
Fichiers scannés
597393
Infectés Fichiers
4
Virus Détectés
Trojan.Downloader.Agent.FE
1
Trojan.Bat.Secdrop.E
1
Adware.Dinky.A.Trojan
1
Trojan.Dropper.Vb.KK
1
Logfile of HijackThis v1.99.1
Scan saved at 15:02:03, on 09/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
G:\messenger plus!\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
G:\quick time\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
G:\shareaza\Shareaza\Shareaza.exe
C:\Program Files\Messenger\msmsgs.exe
G:\skype\Phone\Skype.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
G:\Firefox\firefox.exe
G:\quick time\iTunes.exe
G:\emulee\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yoursearchspace.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Local Area Network] OpenGL.exe
O4 - HKLM\..\Run: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\Run: [RBc Test] bldc32a.exe
O4 - HKLM\..\Run: [System Update Service] update.pif
O4 - HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\Run: [Windows System Security] sys32.pif
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [MS Sys Security] mswin.pif
O4 - HKLM\..\Run: [FWDMON.EXE] C:\WINDOWS\System32\fwdmon.exe
O4 - HKLM\..\Run: [Windows Security] ms32.pif
O4 - HKLM\..\Run: [Wind Security] mswi32.pif
O4 - HKLM\..\Run: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\Run: [Alive SYstem] C:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\pz2.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [KAVPersonal50] "G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [qvwdhgu] C:\WINDOWS\System32\sfrwywu.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\quick time\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Local Area Network] OpenGL.exe
O4 - HKLM\..\RunServices: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [RBc Test] bldc32a.exe
O4 - HKLM\..\RunServices: [System Update Service] update.pif
O4 - HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\RunServices: [Windows System Security] sys32.pif
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKLM\..\RunServices: [MS Sys Security] mswin.pif
O4 - HKLM\..\RunServices: [Windows Security] ms32.pif
O4 - HKLM\..\RunServices: [Wind Security] mswi32.pif
O4 - HKLM\..\RunServices: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Windows Security] ms32.pif
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Wind Security] mswi32.pif
O4 - HKCU\..\Run: [SVC Service] svc32.pif
O4 - HKCU\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKCU\..\Run: [Shareaza] "G:\shareaza\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "G:\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Windows Security] ms32.pif
O4 - HKCU\..\RunServices: [Wind Security] mswi32.pif
O4 - HKCU\..\RunServices: [SVC Service] svc32.pif
O4 - HKCU\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\mhwsock.dll (file missing)
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Scan saved at 15:02:03, on 09/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
G:\messenger plus!\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
G:\quick time\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
G:\shareaza\Shareaza\Shareaza.exe
C:\Program Files\Messenger\msmsgs.exe
G:\skype\Phone\Skype.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
G:\Firefox\firefox.exe
G:\quick time\iTunes.exe
G:\emulee\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yoursearchspace.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Local Area Network] OpenGL.exe
O4 - HKLM\..\Run: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\Run: [RBc Test] bldc32a.exe
O4 - HKLM\..\Run: [System Update Service] update.pif
O4 - HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\Run: [Windows System Security] sys32.pif
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [MS Sys Security] mswin.pif
O4 - HKLM\..\Run: [FWDMON.EXE] C:\WINDOWS\System32\fwdmon.exe
O4 - HKLM\..\Run: [Windows Security] ms32.pif
O4 - HKLM\..\Run: [Wind Security] mswi32.pif
O4 - HKLM\..\Run: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\Run: [Alive SYstem] C:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\pz2.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [KAVPersonal50] "G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [qvwdhgu] C:\WINDOWS\System32\sfrwywu.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\quick time\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Local Area Network] OpenGL.exe
O4 - HKLM\..\RunServices: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [RBc Test] bldc32a.exe
O4 - HKLM\..\RunServices: [System Update Service] update.pif
O4 - HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\RunServices: [Windows System Security] sys32.pif
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKLM\..\RunServices: [MS Sys Security] mswin.pif
O4 - HKLM\..\RunServices: [Windows Security] ms32.pif
O4 - HKLM\..\RunServices: [Wind Security] mswi32.pif
O4 - HKLM\..\RunServices: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Windows Security] ms32.pif
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Wind Security] mswi32.pif
O4 - HKCU\..\Run: [SVC Service] svc32.pif
O4 - HKCU\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKCU\..\Run: [Shareaza] "G:\shareaza\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MessengerPlus3] "G:\messenger plus!\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "G:\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Windows Security] ms32.pif
O4 - HKCU\..\RunServices: [Wind Security] mswi32.pif
O4 - HKCU\..\RunServices: [SVC Service] svc32.pif
O4 - HKCU\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.20\WlanCU.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\mhwsock.dll (file missing)
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - G:\Kaspersky Antivirus Personal\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Bonsoir
On recommence. Encore beaucoup de travail.
1 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
2 Désinstalle ces applications (si tu les trouves) dans Ajout-Suppression de programmes :
Toolbar888
Windows ControlAd
winupdates
outlook
3 Relance un scan HijackThis et coche les lignes ci-dessous :
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yoursearchspace.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Local Area Network] OpenGL.exe
O4 - HKLM\..\Run: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\Run: [RBc Test] bldc32a.exe
O4 - HKLM\..\Run: [System Update Service] update.pif
O4 - HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\Run: [Windows System Security] sys32.pif
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [MS Sys Security] mswin.pif
O4 - HKLM\..\Run: [FWDMON.EXE] C:\WINDOWS\System32\fwdmon.exe
O4 - HKLM\..\Run: [Windows Security] ms32.pif
O4 - HKLM\..\Run: [Wind Security] mswi32.pif
O4 - HKLM\..\Run: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\Run: [Alive SYstem] C:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\pz2.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [qvwdhgu] C:\WINDOWS\System32\sfrwywu.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottim
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [Local Area Network] OpenGL.exe
O4 - HKLM\..\RunServices: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [RBc Test] bldc32a.exe
O4 - HKLM\..\RunServices: [System Update Service] update.pif
O4 - HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\RunServices: [Windows System Security] sys32.pif
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKLM\..\RunServices: [MS Sys Security] mswin.pif
O4 - HKLM\..\RunServices: [Windows Security] ms32.pif
O4 - HKLM\..\RunServices: [Wind Security] mswi32.pif
O4 - HKLM\..\RunServices: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Windows Security] ms32.pif
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Wind Security] mswi32.pif
O4 - HKCU\..\Run: [SVC Service] svc32.pif
O4 - HKCU\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKCU\..\RunServices: [Windows Security] ms32.pif
O4 - HKCU\..\RunServices: [Wind Security] mswi32.pif
O4 - HKCU\..\RunServices: [SVC Service] svc32.pif
O4 - HKCU\..\RunServices: [HTML32 Help System] hhs32.pif
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.ca...
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\mhwsock.dll (file missing)
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
4 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer
5 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :
C:\Program Files\Toolbar888
C:\Program Files\Windows ControlAd
C:\Program Files\winupdates
C:\Program Files\outlook
C:\WINDOWS\System32\P2P Networking
C:\WINDOWS\System32\fwdmon.exe
C:\WINDOWS\System32\scchost.exe
C:\WINDOWS\System32\sfrwywu.exe
C:\WINDOWS\etb
C:\pz2.exe
OpenGL.exe
wkz.exe
wininit.exe
bldc32a.exe
msdos.pif
sys32.pif
updates.pif
mswin.pif
mrhsvc.exe
winlog.exe
ms32.pif
mswi32.pif
svc32.pif
hhs32.pif
Pour ces derniers, fais une recherche. Probablement dans C:\WINDOWS\System32 ou C:\WINDOWS
6 Lance le nettoyage avec CCleaner.
Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.
7 Lance Ewido.
Fais un scan en mode complet.
Sauvegardes le rapport.
8 Redémarre normalement et poste un nouveau log HijackThis avec le rapport d'Ewido.
On recommence. Encore beaucoup de travail.
1 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
2 Désinstalle ces applications (si tu les trouves) dans Ajout-Suppression de programmes :
Toolbar888
Windows ControlAd
winupdates
outlook
3 Relance un scan HijackThis et coche les lignes ci-dessous :
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yoursearchspace.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Local Area Network] OpenGL.exe
O4 - HKLM\..\Run: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\Run: [RBc Test] bldc32a.exe
O4 - HKLM\..\Run: [System Update Service] update.pif
O4 - HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\Run: [Windows System Security] sys32.pif
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [MS Sys Security] mswin.pif
O4 - HKLM\..\Run: [FWDMON.EXE] C:\WINDOWS\System32\fwdmon.exe
O4 - HKLM\..\Run: [Windows Security] ms32.pif
O4 - HKLM\..\Run: [Wind Security] mswi32.pif
O4 - HKLM\..\Run: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\Run: [Alive SYstem] C:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\pz2.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [qvwdhgu] C:\WINDOWS\System32\sfrwywu.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottim
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [Local Area Network] OpenGL.exe
O4 - HKLM\..\RunServices: [MicroSoft Toolbar] wkz.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [RBc Test] bldc32a.exe
O4 - HKLM\..\RunServices: [System Update Service] update.pif
O4 - HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\RunServices: [Windows System Security] sys32.pif
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKLM\..\RunServices: [MS Sys Security] mswin.pif
O4 - HKLM\..\RunServices: [Windows Security] ms32.pif
O4 - HKLM\..\RunServices: [Wind Security] mswi32.pif
O4 - HKLM\..\RunServices: [Manager Host Service] mrhsvc.exe
O4 - HKLM\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Windows Security] ms32.pif
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Wind Security] mswi32.pif
O4 - HKCU\..\Run: [SVC Service] svc32.pif
O4 - HKCU\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKCU\..\RunServices: [Windows Security] ms32.pif
O4 - HKCU\..\RunServices: [Wind Security] mswi32.pif
O4 - HKCU\..\RunServices: [SVC Service] svc32.pif
O4 - HKCU\..\RunServices: [HTML32 Help System] hhs32.pif
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.ca...
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\mhwsock.dll (file missing)
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
4 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer
5 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :
C:\Program Files\Toolbar888
C:\Program Files\Windows ControlAd
C:\Program Files\winupdates
C:\Program Files\outlook
C:\WINDOWS\System32\P2P Networking
C:\WINDOWS\System32\fwdmon.exe
C:\WINDOWS\System32\scchost.exe
C:\WINDOWS\System32\sfrwywu.exe
C:\WINDOWS\etb
C:\pz2.exe
OpenGL.exe
wkz.exe
wininit.exe
bldc32a.exe
msdos.pif
sys32.pif
updates.pif
mswin.pif
mrhsvc.exe
winlog.exe
ms32.pif
mswi32.pif
svc32.pif
hhs32.pif
Pour ces derniers, fais une recherche. Probablement dans C:\WINDOWS\System32 ou C:\WINDOWS
6 Lance le nettoyage avec CCleaner.
Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.
7 Lance Ewido.
Fais un scan en mode complet.
Sauvegardes le rapport.
8 Redémarre normalement et poste un nouveau log HijackThis avec le rapport d'Ewido.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumRapport hijack virus peut etre
- articlesPeut on avoir un virus sur mac
- ForumPeut on avoir 2 anti virus
- ForumVirus qui peut lire mon rapport
- ForumAnti virus peut etre perime
- ForumNavigation lente peut etre un virus
- ForumPc ralenti peut etre un virus
- ForumOrdi peut etre infecter par un virus
- ForumSecteur d'amorcage peut etre virus
- ForumVirus facebook peut plus me connecter
- Voir plus
