|
|
Auteur
|
Message
|
1
|
|
|
|
Bonjour,
Je suis nouveau , je viens de m'inscrire, et j'aimerai avoir de l'aide car mon pc ne marche pas fort:
1. j'ai des fenêtres de publicitées qui s'affichent souvent.
2. un message apparait de temps en tant et me dit que mon pc est contaminé par le virus " serwab "
3. j'ai fais un rapport avec SmitFraudFix v2.73 dt j'ai cela entre autres "GenericRenosFix by S!Ri".
J'ai juste AVG et spybot, mais ça n'a pas l'air de marcher.
Pourriez-vous m'aider s'il vous plait?
Merci.
-->Message édité par yoyo rimpoche le 10/06/2008 18:46:54<--
|
|
|
|
|
-Télécharges HijackThis: 
-Crées un dossier nomm HijackThis et place le dedans.
-Excute le et clique sur Do a scan and save log file.
-Copie et colle ici ton rapport ouvert avec le bloc note. Sans rien faire d'autre.
|
|
|
|
|
Désolé pour le temps que j'ai mis à répondre (j'ai eu un contre temps).
Pour ce qui est de coller mon rapport, je me demande si ce n'est pas dangereux de mettre tout ça ici, car il y a plein de numéros, je veux dire tout le monde peut voir ces numéros ; je m'explique peut etre mal , mais ce que je veux exprimer, c'est que ces n°, ils ne sont pas confidentiels??
Je suis peut etre parano, enfin éclairez moi.
|
|
|
|
|
|
ouais t'es parano,colles le rapport
|
|
|
|
|
Ok, voilà :
Logfile of HijackThis v1.99.1
Scan saved at 01:37:14, on 20/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\ipwins\ipwins.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Fichiers communs\{D0A277F2-07CC-1036-0804-041210200021}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\DOCUME~1\stephan\MESDOC~1\ICROSO~1.NET\logonui.exe
C:\Program Files\?dobe\?vchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TClock\TClock.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\st\Bureau\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: www.google.de
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: google.de
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: googl.de
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: www.googl.de
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: www.google.ch
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: google.ch
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: www.google.nl
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: google.nl
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: www.google.se
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: google.se
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: www.googl.ch
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: googl.ch
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [HaNSoN] EXPL0RER.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Emew] "C:\DOCUME~1\st\MESDOC~1\ICROSO~1.NET\logonui.exe" -vt yax
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Dbwlkchm] C:\Program Files\?dobe\?vchost.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housec(...)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.lanson.net/svideo3.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: winspool.dll C:\WINDOWS\system32\winspool.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: kavsvc - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
voilà ! c'est long comme rapport, sinon, je suis là cette aprèmidi, merci :-)
|
|
|
|
|
télécharges restore host
lances le,puis clicques sur restore originale host
ensuite
- télécharges et installes ewido http://download.ewido.net/ewido-setup.exe
- lance Ewido et mets-le jour
ensuite -Redmarre en mode sans chec, (en tapotant F8 au dmarrage). Si tu ne comprend pas,>>regarde ici<<.
- clique "Complete System Scan"
- quand le scan est termin,clique sur"applic all action" ensuite cliques sur "Save Report" et localise le rapport.
colle le rapport d'ewido ainsi qu'un nouveau rapport hijackthis
|
|
|
|
|
|
ok, je fais ce que tu me dis...
|
|
|
|
|
rapport ewido:
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 16:30:33 20/07/2006
+ Scan result:
C:\Program Files\DAP\DAPBHO.dll -> Adware.IEBar : Cleaned with backup (quarantined).
C:\Documents and Settings\st\Local Settings\Temp\Temporary Internet Files\Content.IE5\5L2CPS5K\remote_load[1].js -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Program Files\Аdobe\ѕvchost.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
[324] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[372] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[384] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[564] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[624] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[636] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[720] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
[996] C:\WINDOWS\system32\winspool.dll -> Adware.PurityScan : Error during cleaning.
C:\WINDOWS\system32\vturpnm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\st\Cookies\st@247realmedia[3].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\st\Cookies\st@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\st\Cookies\st@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\st\Cookies\st@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\stephan\Cookies\st@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\st\Cookies\st@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\st\Local Settings\Temp\Cookies\st@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\st\Cookies\st@abcsearch[2].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\st\Cookies\st@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\st\Cookies\st@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\st\Cookies\st@srv1.ad.adition[2].txt -> TrackingCookie.Adition : Cleaned.
C:\Documents and Settings\st\Cookies\st@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\st\Cookies\st@gde.adocean[2].txt -> TrackingCookie.Adocean : Cleaned.
C:\Documents and Settings\st\Cookies\st@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\st\Cookies\st@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\st\Local Settings\Temp\Cookies\st@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\st\Local Settings\Temp\Cookies\stephan@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\st\Local Settings\Temp\Cookies\st@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\st\Cookies\st@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\st\Local Settings\Temp\Cookies\st@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\st\Cookies\st@install.bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
C:\Documents and Settings\st\Cookies\st@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\st\Cookies\st@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\st\Cookies\stephan@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\st\Local Settings\Temp\Cookies\st@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\st\Cookies\st@ads13.bpath[1].txt -> TrackingCookie.Bpath : Cleaned.
C:\Documents and Settings\st\Cookies\st@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\st\Cookies\st@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\st\Cookies\st@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\st\Cookies\st@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\st\Cookies\st@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\st\Cookies\st@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned.
C:\Documents and Settings\st\Cookies\st@bilbo.counted[1].txt -> TrackingCookie.Counted : Cleaned.
C:\Documents and Settings\st\Cookies\st@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\st\Local Settings\Temp\Cookies\st@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\st\Cookies\st@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\st\Cookies\st@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\st\Local Settings\Temp\Cookies\st@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\st\Cookies\st@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\st\Cookies\st@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\st\Cookies\st@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\st\Cookies\st@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\st\Cookies\st@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\st\Cookies\st@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\st\Cookies\st@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\st\Cookies\st@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\st\Cookies\st@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\st\Cookies\st@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\st\Local Settings\Temp\Cookies\st@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\st\Cookies\st@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\st\Cookies\st@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\st\Cookies\st@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\st\Cookies\st@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\st\Cookies\st@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\st\Local Settings\Temp\Cookies\st@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\st\Cookies\st@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\st\Cookies\st@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\st\Cookies\st@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\st\Cookies\st@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\st\Cookies\st@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\st\Cookies\st@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\st\Cookies\st@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\st\Cookies\st@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\st\Local Settings\Temp\Cookies\st@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\st\Cookies\st@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\st\Cookies\st@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\st\Local Settings\Temp\Cookies\st@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\st\Cookies\st@spylog[1].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\st\Cookies\st@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\st\Cookies\st@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\st\Cookies\st@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\st\Local Settings\Temp\Cookies\st@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\st\Cookies\st@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\st\Cookies\st@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\st\Cookies\st@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\st\Cookies\st@pr.valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\st\Cookies\st@valueclick[3].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\st\Cookies\st@vegasred[2].txt -> TrackingCookie.Vegasred : Cleaned.
C:\Documents and Settings\st\Cookies\st@www.vegasred[1].txt -> TrackingCookie.Vegasred : Cleaned.
C:\Documents and Settings\st\Cookies\st@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\st\Cookies\st@blackbox.weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\st\Cookies\st@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\st\Local Settings\Temp\Cookies\st@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\st\Cookies\st@count.xhit[1].txt -> TrackingCookie.Xhit : Cleaned.
C:\Documents and Settings\st\Cookies\st@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\st\Cookies\st@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\st\Cookies\st@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\st\Cookies\st@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Fichiers communs\{D0A277F2-07CC-1036-0804-041210200021}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).
::Report end
Et celui de hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 16:37:34, on 20/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\stephan\MESDOC~1\ICROSO~1.NET\logonui.exe
C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\TClock\TClock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\st\Bureau\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: www.google.de
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: google.de
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: googl.de
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: www.googl.de
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: www.google.ch
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: google.ch
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: www.google.nl
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: google.nl
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: www.google.se
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: google.se
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: www.googl.ch
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: googl.ch
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [HaNSoN] EXPL0RER.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Emew] "C:\DOCUME~1\stephan\MESDOC~1\ICROSO~1.NET\logonui.exe" -vt yax
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Dbwlkchm] C:\Program Files\?dobe\?vchost.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housec(...)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.lanson.net/svideo3.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: winspool.dll C:\WINDOWS\system32\winspool.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
|
|
|
|
|
Bien , je crois que ça n'a pas marcher :
J'ai encore des fenetres publicitaires qui s'affichent, et de plus, ewido m'a demander a plusieures reprises d'éventuellement supprimer des fichiers , mais comme tu ne me l'avais pas dit de le faire, j'ai coché au moins 20 fois "ignore".
Que dois-je faire maitre ?
|
|
|
|
|
Encore moi, juste pour préciser que j'ai fais un scan avex ewido selectif:
"c" mes documents ect, mais pas mon 2ème disque dur car il est gavé de données et il est d'une taille de 200Giga contre 40 pour le C, et pas non plus les lecteurs de dvd... ai-je fais une erreur?
merci de votre patiente.
|
|
|
|
|
|
Zut , c'est encore moi, j'ai oublié de télécharger "restore host" et de faire la manipulation avant d'attaquer avec ewindo...:-(
|
|
|
|
|
|
bon on reprend,lances restore host puis colles un nouveau rapport hijackthis
|
|
|
|
|
|
Je lance juste restore host , ou je refait toute la manipulation avec ewido ?
|
|
|
|
|
|
juste restore host puis hijackthis
|
|
|
|
|
|
|
voilà, mais je ne peux plus accéder à mes favoris!??, pour retrouver ce salon, je dois utiliser google -> bizarre, bref, voilà mon rapport caporal :
Logfile of HijackThis v1.99.1
Scan saved at 18:58:51, on 20/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\stephan\MESDOC~1\ICROSO~1.NET\logonui.exe
C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\st\Bureau\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [HaNSoN] EXPL0RER.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Emew] "C:\DOCUME~1\st\MESDOC~1\ICROSO~1.NET\logonui.exe" -vt yax
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Dbwlkchm] C:\Program Files\?dobe\?vchost.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housec(...)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.lanson.net/svideo3.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: winspool.dll C:\WINDOWS\system32\winspool.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
|
|
|
|
|
Bonjour,
juste un pti up, pour vous dire que je crois que l'on m'a laisser tomber dans mon problème de virus, alors si quelqu'un de sympa pouvait m'aider car c'est de pire en pire, aidez moi par pitié 
Merci.
|
|
|
|
|
je ne t'ai pas oublié,mais j'ai une vie en dehors du forum et je bosse le week end
relances hijackthis,cliques sur do a system scan only et coches les lignes suivantes
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [HaNSoN] EXPL0RER.EXE
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [Emew] "C:\DOCUME~1\st\MESDOC~1\ICROSO~1.NET\logonui.exe" -vt yax
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Dbwlkchm] C:\Program Files\?dobe\?vchost.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.lanson.net/svideo3.cab
O20 - AppInit_DLLs: winspool.dll C:\WINDOWS\system32\winspool.dll
fermes tous tes programmes et connexions internet et cliques sur fix checked
puis
- télécharges et installes ewido http://download.ewido.net/ewido-setup.exe
- lance Ewido et mets-le jour
ensuite -Redmarre en mode sans chec, (en tapotant F8 au dmarrage). Si tu ne comprend pas,>>regarde ici<<.
- clique "Complete System Scan"
- quand le scan est termin,clique sur"applic all action" ensuite cliques sur "Save Report" et localise le rapport.
colle le rapport d'ewido ainsi qu'un nouveau rapport hijackthis
|
|
|
|
|
Excuse moi, il est vrai que l'on a une vie en dehors du net. Dans l'urgence, j'ai fais un double post, et une personne ma aidée, pour l'instant , je crois que tout va à peu près bien sur mon pc, mais je verrai bien dans le futur.
Un grand merci pour tout le temps passé à m'aider, je trouve ça très altruiste et c'est une bonne chose de nos jours 
J'aurai juste une question : j'ai une boite email sur yahoo, et des fois , je reçois des emails provenant de personnes que je ne connais pas, car j'ai mis en vente sur un site ma voiture: ma question est la suivante : peut on tester le mail avec AVG ou un autre anti virus ? car le virus que j'ai eu provenait justement d'un mail ! Remerci, et bonne continuation dans l'aide que tu apporte aux personnes atteinte par ce drole de phénomène qui est le virus informatique...
|
|
|
|
|
qui t'a aidé?
peux tu coller un nouveau rapport hijackthis pour que je vérifie quelque chose
|
|
|
|
|
Salut, et bien c'est Malekal_morte qui m'a aidé, je copie un nouveau rapport hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 16:42:55, on 22/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\stephan\Bureau\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [HaNSoN] EXPL0RER.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housec(...)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.lanson.net/svideo3.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Voilà, mais je suis étonné que mon pc marche bien maintenant ...
|
|
|
|
|
yoyo rimpoche a écrit :
Salut, et bien c'est Malekal_morte qui m'a aidé, je copie un nouveau rapport hijackthis :
Voilà, mais je suis étonné que mon pc marche bien maintenant ...
ok,ton log montre que tu es toujours infecté
|
|
|
| |
