(résolu)j'ai plein de pop-up, jai aussi attrapé surfsidekick
Dernière réponse : dans Sécurité
j'aimerais que quelqu'un jette un coup d'oeil a mon log report de hijack car moi je n'y connais rien mais je pense que ya quelque chose qui doit pas tourner rond parce que jai plein de pop-up. Merci d'avance voici le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 16:13:29, on 2006-09-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\wtkigckA.exe
C:\WINDOWS\win3207243207380.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\Duce6.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bruno M\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr-ca\msntb.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [USRpdA] "C:\WINDOWS\SYSTEM32\USRmlnkA.exe" RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ink Monitor] "C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATI DeviceDetect] "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [wtkigckA] C:\WINDOWS\wtkigckA.exe
O4 - HKLM\..\Run: [odx97eba] "RUNDLL32.EXE" w00d5b40.dll,n 00497eb60000000a00d5b40
O4 - HKLM\..\Run: [win3207243207380] C:\WINDOWS\win3207243207380.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://canigetafuku.spaces.msn.com//PhotoUpload/MsnPUpl...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16092d6015ae65c0ec23/netzip...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Propriétaire\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://dcon.futuremark.com/global/msc37.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 16:13:29, on 2006-09-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\wtkigckA.exe
C:\WINDOWS\win3207243207380.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\Duce6.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bruno M\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr-ca\msntb.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [USRpdA] "C:\WINDOWS\SYSTEM32\USRmlnkA.exe" RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ink Monitor] "C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATI DeviceDetect] "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [wtkigckA] C:\WINDOWS\wtkigckA.exe
O4 - HKLM\..\Run: [odx97eba] "RUNDLL32.EXE" w00d5b40.dll,n 00497eb60000000a00d5b40
O4 - HKLM\..\Run: [win3207243207380] C:\WINDOWS\win3207243207380.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://canigetafuku.spaces.msn.com//PhotoUpload/MsnPUpl...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16092d6015ae65c0ec23/netzip...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Propriétaire\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://dcon.futuremark.com/global/msc37.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Autres pages sur : resolu plein pop jai attrape surfsidekick
Lassé par la pub ? Créez un compte
Bonsoir,
commence par faire ça :
1/ Télécharge et installe CCleaner
2/ Télécharge et installe ewido
Mets-le à jour (Bouton Update en haut puis bouton Start Update)
3/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
4/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wtkigckA] C:\WINDOWS\wtkigckA.exe
O4 - HKLM\..\Run: [odx97eba] "RUNDLL32.EXE" w00d5b40.dll,n 00497eb60000000a00d5b40
O4 - HKLM\..\Run: [win3207243207380] C:\WINDOWS\win3207243207380.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
5/ Assure-toi que tu as accès aux fichiers cachés.
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
"Afficher les fichiers et dossiers cachés" ->coché
"Masquer les extensions des fichiers dont le type est connu" ->décoché
"Masquer les fichiers protégés du système d'exploitation" ->décoché)
6/ ensuite supprime les fichiers et/ou dossiers suivants si présents :
C:\WINDOWS\wtkigckA.exe
C:\WINDOWS\system32\w00d5b40.dll
C:\WINDOWS\win3207243207380.exe
C:\WINDOWS\Duce6.exe
7/ Lance CCleaner puis bouton Analyse ensuite Bouton Lancer le Nettoyage
8/ Lance ewido :
Bouton Scanner
Puis onglet Settings
Dans la section How to Act, clique sur Recommanded Actions. Sélectionne Quarantine.
Reviens à l'onglet Scan. Clique sur "Complete System Scan"
A la fin du scan, choisis l'option "Apply All Actions" en bas.
Clique sur "Save Report", puis "Save Report As" afin de sauvegarder le rapport sur le bureau.
9/ Redémarre normalement, et :
- Poste le rapport d'ewido
- Renomme le fichier HijackThis.exe par exemple en Scanner.exe
(le renommer permet de faire apparaître des infections qui se cachent dès qu'elles détecte HijackThis.exe)
Lance Scanner.exe
Clique sur "Do a system scan and save a logfile" et poste le rapport avec copier/coller
commence par faire ça :
1/ Télécharge et installe CCleaner
2/ Télécharge et installe ewido
Mets-le à jour (Bouton Update en haut puis bouton Start Update)
3/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
4/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wtkigckA] C:\WINDOWS\wtkigckA.exe
O4 - HKLM\..\Run: [odx97eba] "RUNDLL32.EXE" w00d5b40.dll,n 00497eb60000000a00d5b40
O4 - HKLM\..\Run: [win3207243207380] C:\WINDOWS\win3207243207380.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
5/ Assure-toi que tu as accès aux fichiers cachés.
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
"Afficher les fichiers et dossiers cachés" ->coché
"Masquer les extensions des fichiers dont le type est connu" ->décoché
"Masquer les fichiers protégés du système d'exploitation" ->décoché)
6/ ensuite supprime les fichiers et/ou dossiers suivants si présents :
C:\WINDOWS\wtkigckA.exe
C:\WINDOWS\system32\w00d5b40.dll
C:\WINDOWS\win3207243207380.exe
C:\WINDOWS\Duce6.exe
7/ Lance CCleaner puis bouton Analyse ensuite Bouton Lancer le Nettoyage
8/ Lance ewido :
Bouton Scanner
Puis onglet Settings
Dans la section How to Act, clique sur Recommanded Actions. Sélectionne Quarantine.
Reviens à l'onglet Scan. Clique sur "Complete System Scan"
A la fin du scan, choisis l'option "Apply All Actions" en bas.
Clique sur "Save Report", puis "Save Report As" afin de sauvegarder le rapport sur le bureau.
9/ Redémarre normalement, et :
- Poste le rapport d'ewido
- Renomme le fichier HijackThis.exe par exemple en Scanner.exe
(le renommer permet de faire apparaître des infections qui se cachent dès qu'elles détecte HijackThis.exe)
Lance Scanner.exe
Clique sur "Do a system scan and save a logfile" et poste le rapport avec copier/coller
voici le rapport d'ewido:
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 18:00:31 2006-09-18
+ Scan result:
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP366\A0036842.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP349\A0034709.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP357\A0035923.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP342\A0032578.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP342\A0032587.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP342\A0032588.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP342\A0032590.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP348\A0033697.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP348\A0034681.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP348\A0034683.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP348\A0034685.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP349\A0034717.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034814.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034815.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034817.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034823.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034825.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP355\A0034856.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP355\A0034857.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP355\A0034868.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP356\A0034894.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP366\A0036847.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP340\A0032545.exe -> Downloader.Adload.fg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP342\A0032589.exe -> Downloader.Adload.fg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP348\A0033700.exe -> Downloader.Adload.fg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP348\A0034682.exe -> Downloader.Adload.fg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034822.exe -> Downloader.Adload.fg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034834.exe -> Downloader.Adload.fg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP355\A0034855.exe -> Downloader.Adload.fg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP366\A0036838.dll -> Downloader.Agent.awb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP366\A0036840.dll -> Downloader.Agent.awb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP342\A0032575.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP348\A0034679.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034782.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034810.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP355\A0034864.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP358\A0035981.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP366\A0036839.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP366\A0036841.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP340\A0032537.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP342\A0032576.exe -> Trojan.LdPinch.arr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP348\A0034675.exe -> Trojan.LdPinch.arr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034793.exe -> Trojan.LdPinch.arr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034816.exe -> Trojan.LdPinch.arr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP355\A0034866.exe -> Trojan.LdPinch.arr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP358\A0035974.exe -> Trojan.LdPinch.arr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP366\A0036844.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP366\A0036845.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP342\A0032580.PIF -> Worm.Licat.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP368\A0036865.rbf -> Worm.Licat.c : Cleaned with backup (quarantined).
::Report end
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 18:00:31 2006-09-18
+ Scan result:
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP366\A0036842.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP349\A0034709.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP357\A0035923.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP342\A0032578.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP342\A0032587.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP342\A0032588.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP342\A0032590.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP348\A0033697.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP348\A0034681.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP348\A0034683.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP348\A0034685.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP349\A0034717.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034814.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034815.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034817.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034823.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034825.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP355\A0034856.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP355\A0034857.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP355\A0034868.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP356\A0034894.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP366\A0036847.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP340\A0032545.exe -> Downloader.Adload.fg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP342\A0032589.exe -> Downloader.Adload.fg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP348\A0033700.exe -> Downloader.Adload.fg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP348\A0034682.exe -> Downloader.Adload.fg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034822.exe -> Downloader.Adload.fg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034834.exe -> Downloader.Adload.fg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP355\A0034855.exe -> Downloader.Adload.fg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP366\A0036838.dll -> Downloader.Agent.awb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP366\A0036840.dll -> Downloader.Agent.awb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP342\A0032575.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP348\A0034679.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034782.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034810.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP355\A0034864.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP358\A0035981.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP366\A0036839.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP366\A0036841.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP340\A0032537.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP342\A0032576.exe -> Trojan.LdPinch.arr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP348\A0034675.exe -> Trojan.LdPinch.arr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034793.exe -> Trojan.LdPinch.arr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP353\A0034816.exe -> Trojan.LdPinch.arr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP355\A0034866.exe -> Trojan.LdPinch.arr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP358\A0035974.exe -> Trojan.LdPinch.arr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP366\A0036844.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP366\A0036845.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP342\A0032580.PIF -> Worm.Licat.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C9611B1F-2FB6-489F-80AA-7F4643BB2438}\RP368\A0036865.rbf -> Worm.Licat.c : Cleaned with backup (quarantined).
::Report end
et le rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 18:14:57, on 2006-09-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bruno M\Bureau\scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr-ca\msntb.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [USRpdA] "C:\WINDOWS\SYSTEM32\USRmlnkA.exe" RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ink Monitor] "C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATI DeviceDetect] "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://canigetafuku.spaces.msn.com//PhotoUpload/MsnPUpl...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16092d6015ae65c0ec23/netzip...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Propriétaire\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://dcon.futuremark.com/global/msc37.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 18:14:57, on 2006-09-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bruno M\Bureau\scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr-ca\msntb.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [USRpdA] "C:\WINDOWS\SYSTEM32\USRmlnkA.exe" RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ink Monitor] "C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATI DeviceDetect] "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://canigetafuku.spaces.msn.com//PhotoUpload/MsnPUpl...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16092d6015ae65c0ec23/netzip...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Propriétaire\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://dcon.futuremark.com/global/msc37.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
On procède a une verification :
- Télécharge Clean.zip (de Malekal),
décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Redémarre en mode sans échec
- Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laisse la ouverte.
Redémarre normalement
- Le rapport clean : Poste de travail / double clic sur disque C / double-clic sur rapport_clean.txt et copier/coller le contenu ici C:\rapport_clean.txt
- Télécharge Clean.zip (de Malekal),
décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Redémarre en mode sans échec
- Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laisse la ouverte.
Redémarre normalement
- Le rapport clean : Poste de travail / double clic sur disque C / double-clic sur rapport_clean.txt et copier/coller le contenu ici C:\rapport_clean.txt
Lassé par la pub ? Créez un compte
- Contenus similaires :
- Forum[résolu] Virus "nokia" attrapé par msn
- Forumvirus attrapé sur msn [résolu merci Angeldark ;)]
- ForumVirus attrapé par Window Messenger [Résolu]
- ForumRÉSOLU Virus sur MSN attrapé le 3 décembre 2006... gotgo.exe, etc...
- ForumPlein de virus [Résolu]
- Forum[résolu] Avec quoi ouvrir un fichier .php ? g essayer avc bloc not et plein d au
- ForumCss ( graphique en plein jeu Oo) [Résolu]
- Forum[RESOLU]STALKER écran noir en plein jeu
- ForumPlein de fenêtres et d'onglets qui s'ouvrent.(Résolu)
- Forum[RESOLU]Plein de fenetre pop up qui s'ouvrent !!!
- Voir plus
