paquet de virus, spyware, hacking tools, etc... vraiment besoin d'aide!
Dernière réponse : dans Sécurité
Bonjour, hier je me suis fait avoir et j'ai ouvert un fichier vraiment terrible... ça a installer une centaine de spyware, virus, hacking tools, etc sur mon ordi et j'ai réussi a me débarasser d'une partie mais le reste je sais vraiment pas quoi faire. Je vous post mon hijackthis!
Logfile of HijackThis v1.99.1
Scan saved at 18:18:29, on 2006-06-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Q2FybA\command.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\1941132f.exe
C:\WINDOWS\wbzvjtxA.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\DOCUME~1\Carl\MYDOCU~1\ICROSO~1\iexplore.exe
C:\Documents and Settings\Carl\My Documents\s?stem32\?ttrib.exe
C:\Program Files\Network Monitor\wnetmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Carl\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [1941132f.exe] C:\WINDOWS\system32\1941132f.exe
O4 - HKLM\..\Run: [wbzvjtxA] C:\WINDOWS\wbzvjtxA.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [1941132f.exe] C:\Documents and Settings\Carl\Local Settings\Application Data\1941132f.exe
O4 - HKCU\..\Run: [Eoas] "C:\DOCUME~1\Carl\MYDOCU~1\ICROSO~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Umnvkm] C:\Documents and Settings\Carl\My Documents\s?stem32\?ttrib.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\jtns0757e.dll (file missing)
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\mvrql9951.dll
O20 - Winlogon Notify: winuqw32 - C:\WINDOWS\SYSTEM32\winuqw32.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2FybA\command.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: rpcapd - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wbzvjtx.exe
Merci à l'avance!
Logfile of HijackThis v1.99.1
Scan saved at 18:18:29, on 2006-06-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Q2FybA\command.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\1941132f.exe
C:\WINDOWS\wbzvjtxA.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\DOCUME~1\Carl\MYDOCU~1\ICROSO~1\iexplore.exe
C:\Documents and Settings\Carl\My Documents\s?stem32\?ttrib.exe
C:\Program Files\Network Monitor\wnetmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Carl\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [1941132f.exe] C:\WINDOWS\system32\1941132f.exe
O4 - HKLM\..\Run: [wbzvjtxA] C:\WINDOWS\wbzvjtxA.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [1941132f.exe] C:\Documents and Settings\Carl\Local Settings\Application Data\1941132f.exe
O4 - HKCU\..\Run: [Eoas] "C:\DOCUME~1\Carl\MYDOCU~1\ICROSO~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Umnvkm] C:\Documents and Settings\Carl\My Documents\s?stem32\?ttrib.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\jtns0757e.dll (file missing)
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\mvrql9951.dll
O20 - Winlogon Notify: winuqw32 - C:\WINDOWS\SYSTEM32\winuqw32.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2FybA\command.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: rpcapd - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wbzvjtx.exe
Merci à l'avance!
Autres pages sur : paquet virus spyware hacking tools vraiment besoin aide
Lassé par la pub ? Créez un compte
Télécharge Look2Me-Destroyer.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 1 minute". Clique OK
* Il se relancera après la minute, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré (Look2Me-Destroyer.txt), situé sur le Bureau, ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.
http://www.atribune.org/ccount/click.php?id=7
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 1 minute". Clique OK
* Il se relancera après la minute, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré (Look2Me-Destroyer.txt), situé sur le Bureau, ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.
Merci pour la réponse rapide.
Voici le rapport look2me-destroyer et le nouveau rapport hijackthis! (tous les icônes dans mon lancement rapide ont disparu et j'ai toujours beaucoup de pop-ups)
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 2006-06-02 18:43:18
Infected! C:\WINDOWS\system32\jtns0757e.dll
Infected! C:\WINDOWS\system32\mvrql9951.dll
Infected! C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021909.dll
Infected! C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021926.dll
Infected! C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021930.dll
Infected! C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021946.dll
Infected! C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021963.dll
Infected! C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021967.dll
Infected! C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021976.dll
Infected! C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021985.dll
Infected! C:\WINDOWS\system32\fppo0373e.dll
Infected! C:\WINDOWS\system32\k4440ehqeh4e0.dll
Infected! C:\WINDOWS\system32\mjvfw32.dll
Infected! C:\WINDOWS\system32\mvrql9951.dll
Infected! C:\WINDOWS\system32\szssetup.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\mvrql9951.dll
C:\WINDOWS\system32\mvrql9951.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021909.dll
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021909.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021926.dll
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021926.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021930.dll
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021930.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021946.dll
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021946.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021963.dll
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021963.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021967.dll
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021967.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021976.dll
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021976.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021985.dll
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021985.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\fppo0373e.dll
C:\WINDOWS\system32\fppo0373e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\k4440ehqeh4e0.dll
C:\WINDOWS\system32\k4440ehqeh4e0.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\mjvfw32.dll
C:\WINDOWS\system32\mjvfw32.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\mvrql9951.dll
C:\WINDOWS\system32\mvrql9951.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\szssetup.dll
C:\WINDOWS\system32\szssetup.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Applets
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunServices
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7E598541-0D5A-4F8A-8808-FAB9E12489FA}"
HKCR\Clsid\{7E598541-0D5A-4F8A-8808-FAB9E12489FA}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
Logfile of HijackThis v1.99.1
Scan saved at 18:49:11, on 2006-06-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\1941132f.exe
C:\WINDOWS\wbzvjtxA.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\DOCUME~1\Carl\MYDOCU~1\ICROSO~1\iexplore.exe
C:\Documents and Settings\Carl\My Documents\s?stem32\?ttrib.exe
C:\Program Files\AvRack\wrtlrack.exe
C:\WINDOWS\Q2FybA\command.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Carl\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [1941132f.exe] C:\WINDOWS\system32\1941132f.exe
O4 - HKLM\..\Run: [wbzvjtxA] C:\WINDOWS\wbzvjtxA.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [1941132f.exe] C:\Documents and Settings\Carl\Local Settings\Application Data\1941132f.exe
O4 - HKCU\..\Run: [Eoas] "C:\DOCUME~1\Carl\MYDOCU~1\ICROSO~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Umnvkm] C:\Documents and Settings\Carl\My Documents\s?stem32\?ttrib.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: winuqw32 - C:\WINDOWS\SYSTEM32\winuqw32.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2FybA\command.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: rpcapd - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wbzvjtx.exe
Voici le rapport look2me-destroyer et le nouveau rapport hijackthis! (tous les icônes dans mon lancement rapide ont disparu et j'ai toujours beaucoup de pop-ups)
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 2006-06-02 18:43:18
Infected! C:\WINDOWS\system32\jtns0757e.dll
Infected! C:\WINDOWS\system32\mvrql9951.dll
Infected! C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021909.dll
Infected! C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021926.dll
Infected! C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021930.dll
Infected! C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021946.dll
Infected! C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021963.dll
Infected! C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021967.dll
Infected! C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021976.dll
Infected! C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021985.dll
Infected! C:\WINDOWS\system32\fppo0373e.dll
Infected! C:\WINDOWS\system32\k4440ehqeh4e0.dll
Infected! C:\WINDOWS\system32\mjvfw32.dll
Infected! C:\WINDOWS\system32\mvrql9951.dll
Infected! C:\WINDOWS\system32\szssetup.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\mvrql9951.dll
C:\WINDOWS\system32\mvrql9951.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021909.dll
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021909.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021926.dll
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021926.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021930.dll
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021930.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021946.dll
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021946.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021963.dll
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021963.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021967.dll
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021967.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021976.dll
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021976.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021985.dll
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021985.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\fppo0373e.dll
C:\WINDOWS\system32\fppo0373e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\k4440ehqeh4e0.dll
C:\WINDOWS\system32\k4440ehqeh4e0.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\mjvfw32.dll
C:\WINDOWS\system32\mjvfw32.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\mvrql9951.dll
C:\WINDOWS\system32\mvrql9951.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\szssetup.dll
C:\WINDOWS\system32\szssetup.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Applets
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunServices
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7E598541-0D5A-4F8A-8808-FAB9E12489FA}"
HKCR\Clsid\{7E598541-0D5A-4F8A-8808-FAB9E12489FA}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
Logfile of HijackThis v1.99.1
Scan saved at 18:49:11, on 2006-06-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\1941132f.exe
C:\WINDOWS\wbzvjtxA.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\DOCUME~1\Carl\MYDOCU~1\ICROSO~1\iexplore.exe
C:\Documents and Settings\Carl\My Documents\s?stem32\?ttrib.exe
C:\Program Files\AvRack\wrtlrack.exe
C:\WINDOWS\Q2FybA\command.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Carl\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [1941132f.exe] C:\WINDOWS\system32\1941132f.exe
O4 - HKLM\..\Run: [wbzvjtxA] C:\WINDOWS\wbzvjtxA.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [1941132f.exe] C:\Documents and Settings\Carl\Local Settings\Application Data\1941132f.exe
O4 - HKCU\..\Run: [Eoas] "C:\DOCUME~1\Carl\MYDOCU~1\ICROSO~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Umnvkm] C:\Documents and Settings\Carl\My Documents\s?stem32\?ttrib.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: winuqw32 - C:\WINDOWS\SYSTEM32\winuqw32.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2FybA\command.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: rpcapd - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wbzvjtx.exe
Maintenant:
1/ Télécharge Smitfraudfix
siri.urz.free.fr/Fix/SmitfraudFix.php
Dézippe-le sur le Bureau.
Ouvre le dossier SmitfraudFix et lance SmitfraudFix.cmd
Choisis l'Option 1 (Recherche)
Si tu vois des lignes avec PRESENT! Continue
Redémarre en mode sans échec.
2/ Relance SmitfraudFix et choisis cette fois l’Option 2 et réponds oui à chaque question
Sauvegarde puis poste le rapport.
3/ Poste un rapport Hijackthis
1/ Télécharge Smitfraudfix
siri.urz.free.fr/Fix/SmitfraudFix.php
Dézippe-le sur le Bureau.
Ouvre le dossier SmitfraudFix et lance SmitfraudFix.cmd
Choisis l'Option 1 (Recherche)
Si tu vois des lignes avec PRESENT! Continue
Redémarre en mode sans échec.
2/ Relance SmitfraudFix et choisis cette fois l’Option 2 et réponds oui à chaque question
Sauvegarde puis poste le rapport.
3/ Poste un rapport Hijackthis
J'ai fait rechercher avec smitfraudfix et il n'y a pas de ligne PRESENT! alors je vous post le rapport.
Merci
SmitFraudFix v2.53
Scan done at 19:06:14,76, 2006-06-02
Run from C:\Documents and Settings\Carl\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Carl\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Carl\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Merci
SmitFraudFix v2.53
Scan done at 19:06:14,76, 2006-06-02
Run from C:\Documents and Settings\Carl\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Carl\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Carl\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O20 - Winlogon Notify: winuqw32 - C:\WINDOWS\SYSTEM32\winuqw32.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2FybA\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
Redémarre en mode sans échec, (en tapotant F8 au démarrage).
Assures-toi que tu as accès aux fichiers cachés.
-Explorateur windows->outils->options des dossiers->affichage
"Afficher les fichiers cachés"->coché
"Masquer les extensions.."->décoché
"Masquer les fichiers protégers du système"->décoché
Supprimes manuellement les fichiers suivants:
C:\Program Files\SurfSideKick 3
C:\Program Files\ipwins\ipwins.exe
C:\WINDOWS\Q2FybA\command.exe
C:\Program Files\Network Monitor\netmon.exe
Vide ta corbeille.
Redémarre ton pc.
Apres repost un log hijackthis car il y a d autre ligne suspect.
Et fais un scan avec Ewido
Telecharge ewido sur ce site:
www.infos-du-net.com/telecharger/Ewido-Anti-Malware.htm...
Fais les mise a jour puis fais un scan et post le rapport
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O20 - Winlogon Notify: winuqw32 - C:\WINDOWS\SYSTEM32\winuqw32.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2FybA\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
Redémarre en mode sans échec, (en tapotant F8 au démarrage).
Assures-toi que tu as accès aux fichiers cachés.
-Explorateur windows->outils->options des dossiers->affichage
"Afficher les fichiers cachés"->coché
"Masquer les extensions.."->décoché
"Masquer les fichiers protégers du système"->décoché
Supprimes manuellement les fichiers suivants:
C:\Program Files\SurfSideKick 3
C:\Program Files\ipwins\ipwins.exe
C:\WINDOWS\Q2FybA\command.exe
C:\Program Files\Network Monitor\netmon.exe
Vide ta corbeille.
Redémarre ton pc.
Apres repost un log hijackthis car il y a d autre ligne suspect.
Et fais un scan avec Ewido
Telecharge ewido sur ce site:
www.infos-du-net.com/telecharger/Ewido-Anti-Malware.htm...
Fais les mise a jour puis fais un scan et post le rapport
j'ai réussi a supprimer ce que tu m'as demandé mais j'ai pas réussi pour surfsidekick 3 parce que ça dit qu'il est utilisé par un autre programme et j'ai essayer Ewido et spybot et ça ne fonctionne pas. Tu m'as dit qu'il y a d'autre trucs alors voici mes rapports. Merci!
Logfile of HijackThis v1.99.1
Scan saved at 20:50:47, on 2006-06-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\Carl\My Documents\s?stem32\?ttrib.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Installation des programmes\ewido anti-malware\ewidoguard.exe
C:\Installation des programmes\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Carl\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [1941132f.exe] C:\Documents and Settings\Carl\Local Settings\Application Data\1941132f.exe
O4 - HKCU\..\Run: [Eoas] "C:\DOCUME~1\Carl\MYDOCU~1\ICROSO~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Umnvkm] C:\Documents and Settings\Carl\My Documents\s?stem32\?ttrib.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Installation des programmes\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Installation des programmes\ewido anti-malware\ewidoguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: rpcapd - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 20:47:40, 2006-06-02
+ Report-Checksum: CB6227BC
+ Scan result:
C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : Ignored
C:\Program Files\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : Ignored
C:\Program Files\SurfSideKick 3\SskBho.dll -> Adware.SurfSide : Ignored
C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : Ignored
[888] C:\WINDOWS\system32\winuqw32.dll -> Trojan.Agent.qt : Error during cleaning
C:\Program Files\AvRack\__delete_on_reboot__classic.exe -> Adware.Agent : Cleaned with backup
C:\SS1001.exe -> Dropper.Small.qn : Cleaned with backup
C:\warebundle.exe -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx -> Dropper.PurityScan.ae : Cleaned with backup
C:\WINDOWS\drsmartload45a.exe -> Downloader.Adload.bo : Cleaned with backup
C:\WINDOWS\drsmartload46a.exe -> Downloader.Adload.bo : Cleaned with backup
C:\WINDOWS\drsmartload849a.exe -> Downloader.Adload.bo : Cleaned with backup
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\Q2FybA\asappsrv.dll -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\system32\oins.exe -> Downloader.PurityScan.cp : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__1941132f.exe -> Downloader.Tiny.bw : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__winuqw32.dll -> Trojan.Agent.qt : Cleaned with backup
C:\WINDOWS\Temp\Cookies\carl@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WINDOWS\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 20:50:47, on 2006-06-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\Carl\My Documents\s?stem32\?ttrib.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Installation des programmes\ewido anti-malware\ewidoguard.exe
C:\Installation des programmes\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Carl\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [1941132f.exe] C:\Documents and Settings\Carl\Local Settings\Application Data\1941132f.exe
O4 - HKCU\..\Run: [Eoas] "C:\DOCUME~1\Carl\MYDOCU~1\ICROSO~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Umnvkm] C:\Documents and Settings\Carl\My Documents\s?stem32\?ttrib.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Installation des programmes\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Installation des programmes\ewido anti-malware\ewidoguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: rpcapd - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 20:47:40, 2006-06-02
+ Report-Checksum: CB6227BC
+ Scan result:
C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : Ignored
C:\Program Files\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : Ignored
C:\Program Files\SurfSideKick 3\SskBho.dll -> Adware.SurfSide : Ignored
C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : Ignored
[888] C:\WINDOWS\system32\winuqw32.dll -> Trojan.Agent.qt : Error during cleaning
C:\Program Files\AvRack\__delete_on_reboot__classic.exe -> Adware.Agent : Cleaned with backup
C:\SS1001.exe -> Dropper.Small.qn : Cleaned with backup
C:\warebundle.exe -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx -> Dropper.PurityScan.ae : Cleaned with backup
C:\WINDOWS\drsmartload45a.exe -> Downloader.Adload.bo : Cleaned with backup
C:\WINDOWS\drsmartload46a.exe -> Downloader.Adload.bo : Cleaned with backup
C:\WINDOWS\drsmartload849a.exe -> Downloader.Adload.bo : Cleaned with backup
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\Q2FybA\asappsrv.dll -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\system32\oins.exe -> Downloader.PurityScan.cp : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__1941132f.exe -> Downloader.Tiny.bw : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__winuqw32.dll -> Trojan.Agent.qt : Cleaned with backup
C:\WINDOWS\Temp\Cookies\carl@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WINDOWS\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
::Report End
Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
Redémarre en mode sans échec, (en tapotant F8 au démarrage).
Assures-toi que tu as accès aux fichiers cachés.
-Explorateur windows->outils->options des dossiers->affichage
"Afficher les fichiers cachés"->coché
"Masquer les extensions.."->décoché
"Masquer les fichiers protégers du système"->décoché
Lance ewido et fais analyse puis processus , regarde tout ce qui est en rapport avec surfsidekick 3 et termine ces processus.
Puis supprimes manuellement les fichiers suivants:
C:\Program Files\SurfSideKick 3
Vide ta corbeille.
Redémarre ton pc.
Et repost un nouveau log
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
Redémarre en mode sans échec, (en tapotant F8 au démarrage).
Assures-toi que tu as accès aux fichiers cachés.
-Explorateur windows->outils->options des dossiers->affichage
"Afficher les fichiers cachés"->coché
"Masquer les extensions.."->décoché
"Masquer les fichiers protégers du système"->décoché
Lance ewido et fais analyse puis processus , regarde tout ce qui est en rapport avec surfsidekick 3 et termine ces processus.
Puis supprimes manuellement les fichiers suivants:
C:\Program Files\SurfSideKick 3
Vide ta corbeille.
Redémarre ton pc.
Et repost un nouveau log
Alors entre temps j'ai réussi à me débarasser de surfsidekick 3 mais il y a encore bcp de spyware quand je fais un panda scan. voici le scan de HJT et panda. Merci!
Logfile of HijackThis v1.99.1
Scan saved at 08:44:16, on 2006-06-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\Carl\My Documents\s?stem32\?ttrib.exe
C:\Installation des programmes\ewido anti-malware\ewidoctrl.exe
C:\Installation des programmes\ewido anti-malware\ewidoguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Carl\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [1941132f.exe] C:\Documents and Settings\Carl\Local Settings\Application Data\1941132f.exe
O4 - HKCU\..\Run: [Eoas] "C:\DOCUME~1\Carl\MYDOCU~1\ICROSO~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Umnvkm] C:\Documents and Settings\Carl\My Documents\s?stem32\?ttrib.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Installation des programmes\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Installation des programmes\ewido anti-malware\ewidoguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: rpcapd - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Incident Status Location
Adware:adware/mediatickets Not disinfected c:\windows\downloaded program files\MediaTicketsInstaller.INF
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/webhancer Not disinfected Windows Registry
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Carl\Cookies\carl@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Carl\Cookies\carl@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Carl\Cookies\carl@ad.yieldmanager[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Carl\Cookies\carl@cassava[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Carl\Cookies\carl@errorsafe[1].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Carl\Cookies\carl@kmpads[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Carl\Cookies\carl@winfixer[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Carl\Cookies\carl@www.advnt01[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Carl\Cookies\carl@xiti[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@888[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@apmebf[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@cassava[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@realmedia[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@winfixer[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@xiti[1].txt
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\0LELGPMD\rmtag3[1].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\0LELGPMD\rmtag3[3].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\KVWPGJ2V\rmtag3[1].js
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\UFK3A9IJ\116[1].avi
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\YXS7M743\rmtag3[1].js
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\~nsu.tmp\Au_.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\CT01SLUF\Trelew[1].exe
Adware:Adware/MediaTickets Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\OHY7KDQB\support[1].htm
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\P8X9ZX5R\!update-3895[1].0000
Adware:Adware/CommAd Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\P8X9ZX5R\installer[1].exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\P8X9ZX5R\SmitfraudFix[1].zip[SmitfraudFix/Process.exe]
Adware:Adware/NewAds Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\UDOVI1YR\maxidr[1].avi
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\UDOVI1YR\winz32[1].exe
Adware:Adware/NewAds Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\UR4NHMB2\mc-110-12-0000228[1].exe
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\UR4NHMB2\rmtag3[1].js
Adware:Adware/NewAds Not disinfected C:\Program Files\Windows\WinUpdate.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-602162358-527237240-682003330-1003\Dc9\Process.exe
Virus:Trj/Downloader.HPZ Not disinfected C:\WINDOWS\pf78.exe[pms111x.exe]
Virus:Trj/VB.MC Not disinfected C:\WINDOWS\pf78.exe[SYSC00.exe]
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Q2FybA\kZIVvE.vbs
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\WINDOWS\Temp\rp31.tmp
Logfile of HijackThis v1.99.1
Scan saved at 08:44:16, on 2006-06-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\Carl\My Documents\s?stem32\?ttrib.exe
C:\Installation des programmes\ewido anti-malware\ewidoctrl.exe
C:\Installation des programmes\ewido anti-malware\ewidoguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Carl\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [1941132f.exe] C:\Documents and Settings\Carl\Local Settings\Application Data\1941132f.exe
O4 - HKCU\..\Run: [Eoas] "C:\DOCUME~1\Carl\MYDOCU~1\ICROSO~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Umnvkm] C:\Documents and Settings\Carl\My Documents\s?stem32\?ttrib.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Installation des programmes\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Installation des programmes\ewido anti-malware\ewidoguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: rpcapd - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Incident Status Location
Adware:adware/mediatickets Not disinfected c:\windows\downloaded program files\MediaTicketsInstaller.INF
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/webhancer Not disinfected Windows Registry
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Carl\Cookies\carl@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Carl\Cookies\carl@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Carl\Cookies\carl@ad.yieldmanager[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Carl\Cookies\carl@cassava[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Carl\Cookies\carl@errorsafe[1].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Carl\Cookies\carl@kmpads[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Carl\Cookies\carl@winfixer[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Carl\Cookies\carl@www.advnt01[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Carl\Cookies\carl@xiti[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@888[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@apmebf[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@cassava[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@realmedia[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@winfixer[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@xiti[1].txt
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\0LELGPMD\rmtag3[1].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\0LELGPMD\rmtag3[3].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\KVWPGJ2V\rmtag3[1].js
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\UFK3A9IJ\116[1].avi
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\YXS7M743\rmtag3[1].js
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\~nsu.tmp\Au_.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\CT01SLUF\Trelew[1].exe
Adware:Adware/MediaTickets Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\OHY7KDQB\support[1].htm
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\P8X9ZX5R\!update-3895[1].0000
Adware:Adware/CommAd Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\P8X9ZX5R\installer[1].exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\P8X9ZX5R\SmitfraudFix[1].zip[SmitfraudFix/Process.exe]
Adware:Adware/NewAds Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\UDOVI1YR\maxidr[1].avi
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\UDOVI1YR\winz32[1].exe
Adware:Adware/NewAds Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\UR4NHMB2\mc-110-12-0000228[1].exe
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\UR4NHMB2\rmtag3[1].js
Adware:Adware/NewAds Not disinfected C:\Program Files\Windows\WinUpdate.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-602162358-527237240-682003330-1003\Dc9\Process.exe
Virus:Trj/Downloader.HPZ Not disinfected C:\WINDOWS\pf78.exe[pms111x.exe]
Virus:Trj/VB.MC Not disinfected C:\WINDOWS\pf78.exe[SYSC00.exe]
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Q2FybA\kZIVvE.vbs
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\WINDOWS\Temp\rp31.tmp
fais deja ca :
1.1/Spybot-Search & Destroy
Telecharge le sur ce site:
www.infos-du-net.com/telecharger/Spybot-Search-Destroy....
Fais les mise a jour.
Fais un scan et supprime toutes les menaces detecter.
1.2/Ad-Aware
Telecharge le sur ce site:
www.infos-du-net.com/telecharger/Ad-aware-SE-Personal.h...
Fais les mise a jour.
Fais un scan supprimes toutes les menaces detecter.
2/Nettoyer le disque dur![:(]( ":(")
pas obligatoire)
2.1/CCleaner
Telecharge ccleaner sur ce site:
www.infos-du-net.com/telecharger/CCleaner.html
Il nettoie ton ordi de tout les fichiers temporaires inutiles.
Fais une analyse puis lance le nettoyage.
Ca va eliminer les cookies et peut etre certains adaware
1.1/Spybot-Search & Destroy
Telecharge le sur ce site:
www.infos-du-net.com/telecharger/Spybot-Search-Destroy....
Fais les mise a jour.
Fais un scan et supprime toutes les menaces detecter.
1.2/Ad-Aware
Telecharge le sur ce site:
www.infos-du-net.com/telecharger/Ad-aware-SE-Personal.h...
Fais les mise a jour.
Fais un scan supprimes toutes les menaces detecter.
2/Nettoyer le disque dur
pas obligatoire)2.1/CCleaner
Telecharge ccleaner sur ce site:
www.infos-du-net.com/telecharger/CCleaner.html
Il nettoie ton ordi de tout les fichiers temporaires inutiles.
Fais une analyse puis lance le nettoyage.
Ca va eliminer les cookies et peut etre certains adaware
Alors j'ai fait tout ce que tu m'as demandé mais le scan de panda dit qu'il reste encore plusieurs spyware. désolé si je suis p-e achalant mais j'aimerais bcp que mon ordi soit clean. Merci!
Incident Status Location
Adware:adware/mediatickets Not disinfected c:\windows\downloaded program files\MediaTicketsInstaller.INF
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/webhancer Not disinfected Windows Registry
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Carl\Cookies\carl@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Carl\Cookies\carl@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Carl\Cookies\carl@ad.yieldmanager[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Carl\Cookies\carl@cassava[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Carl\Cookies\carl@errorsafe[1].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Carl\Cookies\carl@kmpads[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Carl\Cookies\carl@winfixer[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Carl\Cookies\carl@www.advnt01[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Carl\Cookies\carl@xiti[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@888[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@apmebf[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@cassava[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@realmedia[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@winfixer[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@xiti[1].txt
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\0LELGPMD\rmtag3[1].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\0LELGPMD\rmtag3[3].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\KVWPGJ2V\rmtag3[1].js
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\UFK3A9IJ\116[1].avi
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\YXS7M743\rmtag3[1].js
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\~nsu.tmp\Au_.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\CT01SLUF\Trelew[1].exe
Adware:Adware/MediaTickets Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\OHY7KDQB\support[1].htm
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\P8X9ZX5R\!update-3895[1].0000
Adware:Adware/CommAd Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\P8X9ZX5R\installer[1].exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\P8X9ZX5R\SmitfraudFix[1].zip[SmitfraudFix/Process.exe]
Adware:Adware/NewAds Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\UDOVI1YR\maxidr[1].avi
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\UDOVI1YR\winz32[1].exe
Adware:Adware/NewAds Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\UR4NHMB2\mc-110-12-0000228[1].exe
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\UR4NHMB2\rmtag3[1].js
Adware:Adware/NewAds Not disinfected C:\Program Files\Windows\WinUpdate.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-602162358-527237240-682003330-1003\Dc9\Process.exe
Virus:Trj/Downloader.HPZ Not disinfected C:\WINDOWS\pf78.exe[pms111x.exe]
Virus:Trj/VB.MC Not disinfected C:\WINDOWS\pf78.exe[SYSC00.exe]
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Q2FybA\kZIVvE.vbs
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\WINDOWS\Temp\rp31.tmp
Incident Status Location
Adware:adware/mediatickets Not disinfected c:\windows\downloaded program files\MediaTicketsInstaller.INF
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/webhancer Not disinfected Windows Registry
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Carl\Cookies\carl@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Carl\Cookies\carl@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Carl\Cookies\carl@ad.yieldmanager[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Carl\Cookies\carl@cassava[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Carl\Cookies\carl@errorsafe[1].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Carl\Cookies\carl@kmpads[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Carl\Cookies\carl@winfixer[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Carl\Cookies\carl@www.advnt01[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Carl\Cookies\carl@xiti[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@888[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@apmebf[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@cassava[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@realmedia[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@winfixer[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Cookies\carl@xiti[1].txt
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\0LELGPMD\rmtag3[1].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\0LELGPMD\rmtag3[3].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\KVWPGJ2V\rmtag3[1].js
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\UFK3A9IJ\116[1].avi
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\YXS7M743\rmtag3[1].js
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\Carl\Local Settings\Temp\~nsu.tmp\Au_.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\CT01SLUF\Trelew[1].exe
Adware:Adware/MediaTickets Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\OHY7KDQB\support[1].htm
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\P8X9ZX5R\!update-3895[1].0000
Adware:Adware/CommAd Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\P8X9ZX5R\installer[1].exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\P8X9ZX5R\SmitfraudFix[1].zip[SmitfraudFix/Process.exe]
Adware:Adware/NewAds Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\UDOVI1YR\maxidr[1].avi
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\UDOVI1YR\winz32[1].exe
Adware:Adware/NewAds Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\UR4NHMB2\mc-110-12-0000228[1].exe
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\UR4NHMB2\rmtag3[1].js
Adware:Adware/NewAds Not disinfected C:\Program Files\Windows\WinUpdate.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-602162358-527237240-682003330-1003\Dc9\Process.exe
Virus:Trj/Downloader.HPZ Not disinfected C:\WINDOWS\pf78.exe[pms111x.exe]
Virus:Trj/VB.MC Not disinfected C:\WINDOWS\pf78.exe[SYSC00.exe]
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Q2FybA\kZIVvE.vbs
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\WINDOWS\Temp\rp31.tmp
Bonjour,
1/ Télécharge et installe CCleaner
http://www.clubic.com/telecharger-fiche14492-ccleaner-c...
2/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
3/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
c:\windows\downloaded program files\MediaTicketsInstaller.INF
C:\Program Files\Windows\WinUpdate.exe
C:\WINDOWS\pf78.exe
C:\WINDOWS\Q2FybA <== le dossier
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\Temp\rp31.tmp
2/ Vide ta corbeille et supprime SmitfraudFix tu en a plus besoin
3/ Lance CCleaner puis bouton Analyse ensuite Bouton Lancer le Nettoyage
4/ Redemarre normalement
6/ Telecharge Spyware Terminator
http://www.spywareterminator.com/
Installe le dans son répertoire.
Tutorial
http://www.malekal.com/tutorial_SpywareTerminator.html
7/ Fait un scan en ligne chez Kaspersky et poste le rapport ainsi qu'un nouveau log HJT
http://webscanner.kaspersky.fr/
1/ Télécharge et installe CCleaner
http://www.clubic.com/telecharger-fiche14492-ccleaner-c...
2/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
3/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
c:\windows\downloaded program files\MediaTicketsInstaller.INF
C:\Program Files\Windows\WinUpdate.exe
C:\WINDOWS\pf78.exe
C:\WINDOWS\Q2FybA <== le dossier
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\Temp\rp31.tmp
2/ Vide ta corbeille et supprime SmitfraudFix tu en a plus besoin
3/ Lance CCleaner puis bouton Analyse ensuite Bouton Lancer le Nettoyage
4/ Redemarre normalement
6/ Telecharge Spyware Terminator
http://www.spywareterminator.com/
Installe le dans son répertoire.
Tutorial
http://www.malekal.com/tutorial_SpywareTerminator.html
7/ Fait un scan en ligne chez Kaspersky et poste le rapport ainsi qu'un nouveau log HJT
http://webscanner.kaspersky.fr/
Merci Bob. Voila mon kaspersky et HJT!
(le fichier c:\windows\downloaded program files\MediaTicketsInstaller.INF) n'existe pas.
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, June 03, 2006 10:57:43 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 3/06/2006
Kaspersky Anti-Virus database records: 186495
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 29621
Number of viruses found: 17
Number of infected objects: 41
Number of suspicious objects: 2
Duration of the scan process: 00:20:14
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/MTE3NDI6ODoxNg.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\UFK3A9IJ\116[1].avi/stream/data0001/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\UFK3A9IJ\116[1].avi/stream/data0001 Infected: Trojan.Win32.Scapur.k skipped
C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\UFK3A9IJ\116[1].avi/stream Infected: Trojan.Win32.Scapur.k skipped
C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\UFK3A9IJ\116[1].avi NSIS: infected - 3 skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP10\A0001125.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.np skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP10\A0001125.exe/stream/data0007 Infected: Trojan-Downloader.Win32.Zlob.nl skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP10\A0001125.exe/stream Infected: Trojan-Downloader.Win32.Zlob.nl skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP10\A0001125.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP10\A0001125.exe UPX: infected - 3 skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP10\A0001125.exe PE_Patch.UPX: infected - 3 skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP15\A0021377.exe Infected: Trojan-Downloader.Win32.Zlob.nl skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021893.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021894.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021895.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021912.exe Infected: Trojan-Downloader.Win32.Adload.bx skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021913.exe Infected: Trojan.Win32.StartPage.aju skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021914.exe Infected: Trojan-Downloader.Win32.VB.abm skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021916.exe Infected: Trojan-Downloader.Win32.Agent.amv skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021919.exe Infected: Trojan-Downloader.Win32.Zlob.qx skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021923.dll Infected: not-virus:Hoax.Win32.Renos.cw skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021940.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022147.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022148.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022151.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022151.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022151.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022151.exe PE_Patch.UPX: infected - 1 skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022176.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022181.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022186.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022187.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022188.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022191.exe Infected: Trojan-Downloader.Win32.PurityScan.cp skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022193.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022194.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022195.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022266.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022266.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022266.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022266.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022266.exe NSIS: infected - 4 skipped
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 10:59:35, on 2006-06-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Installation des programmes\ewido anti-malware\ewidoctrl.exe
C:\Installation des programmes\ewido anti-malware\ewidoguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Installation des programmes\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Carl\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Installation des programmes\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Installation des programmes\ewido anti-malware\ewidoguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: rpcapd - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
(le fichier c:\windows\downloaded program files\MediaTicketsInstaller.INF) n'existe pas.
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, June 03, 2006 10:57:43 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 3/06/2006
Kaspersky Anti-Virus database records: 186495
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 29621
Number of viruses found: 17
Number of infected objects: 41
Number of suspicious objects: 2
Duration of the scan process: 00:20:14
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/MTE3NDI6ODoxNg.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\UFK3A9IJ\116[1].avi/stream/data0001/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\UFK3A9IJ\116[1].avi/stream/data0001 Infected: Trojan.Win32.Scapur.k skipped
C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\UFK3A9IJ\116[1].avi/stream Infected: Trojan.Win32.Scapur.k skipped
C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\UFK3A9IJ\116[1].avi NSIS: infected - 3 skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP10\A0001125.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.np skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP10\A0001125.exe/stream/data0007 Infected: Trojan-Downloader.Win32.Zlob.nl skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP10\A0001125.exe/stream Infected: Trojan-Downloader.Win32.Zlob.nl skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP10\A0001125.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP10\A0001125.exe UPX: infected - 3 skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP10\A0001125.exe PE_Patch.UPX: infected - 3 skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP15\A0021377.exe Infected: Trojan-Downloader.Win32.Zlob.nl skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021893.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021894.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021895.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021912.exe Infected: Trojan-Downloader.Win32.Adload.bx skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021913.exe Infected: Trojan.Win32.StartPage.aju skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021914.exe Infected: Trojan-Downloader.Win32.VB.abm skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021916.exe Infected: Trojan-Downloader.Win32.Agent.amv skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021919.exe Infected: Trojan-Downloader.Win32.Zlob.qx skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021923.dll Infected: not-virus:Hoax.Win32.Renos.cw skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0021940.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022147.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022148.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022151.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022151.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022151.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022151.exe PE_Patch.UPX: infected - 1 skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022176.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022181.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022186.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022187.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022188.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022191.exe Infected: Trojan-Downloader.Win32.PurityScan.cp skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022193.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022194.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022195.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022266.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022266.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022266.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022266.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{C267F86D-8E1B-4AC3-A6A5-45EE29C0F553}\RP28\A0022266.exe NSIS: infected - 4 skipped
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 10:59:35, on 2006-06-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Installation des programmes\ewido anti-malware\ewidoctrl.exe
C:\Installation des programmes\ewido anti-malware\ewidoguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Installation des programmes\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Carl\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Installation des programmes\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Installation des programmes\ewido anti-malware\ewidoguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: rpcapd - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumBesoin d'aide ralentissement. virus
- ForumPub spyware secure besoin d'aide
- ForumVirus et spyware
- ForumVirus spyware
- ForumAidez moi virus spyware secure
- ForumAidez moi virus spyware ou pop-up
- ForumVirus infecte par virus,spyware ou vers
- ForumVirus infecte par divers virus et spyware
- ForumVirus ou spyware
- ForumBesoin aide virus win 32 agent
- Voir plus
