Demande de connection intempestive
Résolu/Fermé
A voir également:
- Demande de connection intempestive
- Gmail connection - Guide
- Facebook connection - Guide
- Hotmail connection - Guide
- Connection chromecast - Guide
- Probleme de connection - Guide
8 réponses
Logfile of HijackThis v1.99.1
Scan saved at 19:49:33, on 21/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\AVPersonal\AVGUARD.EXE
G:\Program Files\AVPersonal\AVWUPSRV.EXE
G:\WINDOWS\System32\nvsvc32.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Fichiers communs\Symantec Shared\SymTray.exe
G:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\WINDOWS\system32\dla\tfswctrl.exe
G:\WINDOWS\System32\DeltTray.exe
G:\Program Files\AVPersonal\AVGNT.EXE
G:\Program Files\9Telecom\modem_ADSL_USB_Comtrend_CT-350\dslmon.exe
G:\Program Files\Norton SystemWorks\Norton Antivirus NT\NAVAPW32.EXE
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\WINDOWS\System32\winsystem.exe
H:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=135343
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.fr"); (G:\Documents and Settings\fabien\Application Data\Mozilla\Profiles\default\u8i2u9le.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://G%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (G:\Documents and Settings\fabien\Application Data\Mozilla\Profiles\default\u8i2u9le.slt\prefs.js)
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 buldog-stats.com
O1 - Hosts: 127.0.0.3 www.buldog-stats.com
O1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3 www.slutmania.biz
O1 - Hosts: 127.0.0.3 toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.megapornix.com
O1 - Hosts: 127.0.0.3 megapornix.com
O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
O1 - Hosts: 127.0.0.3 sp2fucked.biz
O1 - Hosts: 127.0.0.3 greg-tut.com
O1 - Hosts: 127.0.0.3 www.greg-tut.com
O1 - Hosts: 127.0.0.3 nylonsexy.com
O1 - Hosts: 127.0.0.3 www.nylonsexy.com
O1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3 www.vparivalka.com
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - G:\WINDOWS\ceres.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - G:\WINDOWS\sasetup.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - G:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [NPS Event Checker] G:\PROGRA~1\NORTON~1\NORTON~3\npscheck.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] G:\Program Files\Fichiers communs\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\Run: [LVCOMS] G:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [cyberfamosases] G:\cyberfamosases\cyberfamosases.exe -t
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Power Scan] G:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cdmpgfyh] G:\WINDOWS\cdmpgfyh.exe
O4 - HKLM\..\Run: [StorageGuard] "G:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] G:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [dla] G:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IST Service] G:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [_Cat4] G:\WINDOWS\msmsgr2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\j2re1.4.1_02\bin\jusched.exe
O4 - HKLM\..\Run: [Media Access] G:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [navapp] G:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [beinzv] g:\windows\system32\beinzv.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [AVGCtrl] G:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Windows_Protect] winsystem.exe
O4 - HKLM\..\RunServices: [Windows_Protect] winsystem.exe
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] G:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [PayTime] G:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [Windows_Protect] winsystem.exe
O4 - Global Startup: DSLMON-9Online.LNK = ?
O4 - Global Startup: Protection auto Norton AntiVirus.lnk = G:\Program Files\Norton SystemWorks\Norton Antivirus NT\NAVAPW32.EXE
O8 - Extra context menu item: &Google Search - res://g:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://g:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://g:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://g:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://G:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://G:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006_mainstream.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://03.sharedsource.org/html/UDConn_5.2.1.1.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.contenidospc.com/ruboskizo2.cab
O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1} (IntDialerData Class) - http://www.grupomarineda.net/auto/DialerData.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111568137108
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_pack_XP.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fr.jackpotcity.microgaming.com/fr.jackpotcity/FlashAX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/506389.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - G:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - G:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NAV Alert - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~3\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~3\navapsvc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - G:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norton Program Scheduler - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~3\npssvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
Scan saved at 19:49:33, on 21/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\AVPersonal\AVGUARD.EXE
G:\Program Files\AVPersonal\AVWUPSRV.EXE
G:\WINDOWS\System32\nvsvc32.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Fichiers communs\Symantec Shared\SymTray.exe
G:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\WINDOWS\system32\dla\tfswctrl.exe
G:\WINDOWS\System32\DeltTray.exe
G:\Program Files\AVPersonal\AVGNT.EXE
G:\Program Files\9Telecom\modem_ADSL_USB_Comtrend_CT-350\dslmon.exe
G:\Program Files\Norton SystemWorks\Norton Antivirus NT\NAVAPW32.EXE
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\WINDOWS\System32\winsystem.exe
H:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=135343
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.fr"); (G:\Documents and Settings\fabien\Application Data\Mozilla\Profiles\default\u8i2u9le.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://G%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (G:\Documents and Settings\fabien\Application Data\Mozilla\Profiles\default\u8i2u9le.slt\prefs.js)
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 buldog-stats.com
O1 - Hosts: 127.0.0.3 www.buldog-stats.com
O1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3 www.slutmania.biz
O1 - Hosts: 127.0.0.3 toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.megapornix.com
O1 - Hosts: 127.0.0.3 megapornix.com
O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
O1 - Hosts: 127.0.0.3 sp2fucked.biz
O1 - Hosts: 127.0.0.3 greg-tut.com
O1 - Hosts: 127.0.0.3 www.greg-tut.com
O1 - Hosts: 127.0.0.3 nylonsexy.com
O1 - Hosts: 127.0.0.3 www.nylonsexy.com
O1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3 www.vparivalka.com
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - G:\WINDOWS\ceres.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - G:\WINDOWS\sasetup.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - G:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [NPS Event Checker] G:\PROGRA~1\NORTON~1\NORTON~3\npscheck.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] G:\Program Files\Fichiers communs\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\Run: [LVCOMS] G:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [cyberfamosases] G:\cyberfamosases\cyberfamosases.exe -t
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Power Scan] G:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cdmpgfyh] G:\WINDOWS\cdmpgfyh.exe
O4 - HKLM\..\Run: [StorageGuard] "G:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] G:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [dla] G:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IST Service] G:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [_Cat4] G:\WINDOWS\msmsgr2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\j2re1.4.1_02\bin\jusched.exe
O4 - HKLM\..\Run: [Media Access] G:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [navapp] G:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [beinzv] g:\windows\system32\beinzv.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [AVGCtrl] G:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Windows_Protect] winsystem.exe
O4 - HKLM\..\RunServices: [Windows_Protect] winsystem.exe
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] G:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [PayTime] G:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [Windows_Protect] winsystem.exe
O4 - Global Startup: DSLMON-9Online.LNK = ?
O4 - Global Startup: Protection auto Norton AntiVirus.lnk = G:\Program Files\Norton SystemWorks\Norton Antivirus NT\NAVAPW32.EXE
O8 - Extra context menu item: &Google Search - res://g:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://g:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://g:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://g:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://G:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://G:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006_mainstream.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://03.sharedsource.org/html/UDConn_5.2.1.1.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.contenidospc.com/ruboskizo2.cab
O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1} (IntDialerData Class) - http://www.grupomarineda.net/auto/DialerData.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111568137108
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_pack_XP.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fr.jackpotcity.microgaming.com/fr.jackpotcity/FlashAX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/506389.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - G:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - G:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NAV Alert - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~3\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~3\navapsvc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - G:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norton Program Scheduler - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~3\npssvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
21 mai 2005 à 20:55
21 mai 2005 à 20:55
salut
commence par ceci relance hijack coche tous les O1 - Hosts:
puis telecharge ceci
et ensuite tu fait clik droit dessus et executer
cela devrait remettre comme il faut la zone de securite
http://mvps.org/winhelp2002/DelDomains.inf
ensuite refait un hijack et met le rapport
commence par ceci relance hijack coche tous les O1 - Hosts:
puis telecharge ceci
et ensuite tu fait clik droit dessus et executer
cela devrait remettre comme il faut la zone de securite
http://mvps.org/winhelp2002/DelDomains.inf
ensuite refait un hijack et met le rapport
Merci pour votre aide, mais j'ai 2 problèmes :
1. Hier soir, j'ai coché tous les 01-HOSTS dans HiJackThis, et j'ai cliqué sur le bouton FIX CHECKED. Donc maintenant, quand je relance HiJackThis, je n'ai plus les 01-HOSTS.
2. J'ai bien téléchargé le fichier DelDomains.inf , mais lorsque j'y fais un clic droit, je n'ai pas l'option exécuter. J'ai cliqué sur installer, il semble se passer quelquechose, mais comme je ne peux plus cocher les 01-HOSTS, mon problème n'est toujours pas résolu.
1. Hier soir, j'ai coché tous les 01-HOSTS dans HiJackThis, et j'ai cliqué sur le bouton FIX CHECKED. Donc maintenant, quand je relance HiJackThis, je n'ai plus les 01-HOSTS.
2. J'ai bien téléchargé le fichier DelDomains.inf , mais lorsque j'y fais un clic droit, je n'ai pas l'option exécuter. J'ai cliqué sur installer, il semble se passer quelquechose, mais comme je ne peux plus cocher les 01-HOSTS, mon problème n'est toujours pas résolu.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
22 mai 2005 à 16:13
22 mai 2005 à 16:13
remet un hijack
Logfile of HijackThis v1.99.1
Scan saved at 16:13:52, on 22/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\AVPersonal\AVGUARD.EXE
G:\Program Files\AVPersonal\AVWUPSRV.EXE
G:\WINDOWS\System32\nvsvc32.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Fichiers communs\Symantec Shared\SymTray.exe
G:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\WINDOWS\system32\dla\tfswctrl.exe
G:\WINDOWS\System32\DeltTray.exe
G:\Program Files\AVPersonal\AVGNT.EXE
G:\WINDOWS\System32\winsystem.exe
G:\Program Files\9Telecom\modem_ADSL_USB_Comtrend_CT-350\dslmon.exe
G:\Program Files\Norton SystemWorks\Norton Antivirus NT\NAVAPW32.EXE
G:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=135343
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.fr"); (G:\Documents and Settings\fabien\Application Data\Mozilla\Profiles\default\u8i2u9le.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://G%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (G:\Documents and Settings\fabien\Application Data\Mozilla\Profiles\default\u8i2u9le.slt\prefs.js)
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - G:\WINDOWS\ceres.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - G:\WINDOWS\sasetup.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - G:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [NPS Event Checker] G:\PROGRA~1\NORTON~1\NORTON~3\npscheck.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] G:\Program Files\Fichiers communs\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\Run: [LVCOMS] G:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [cyberfamosases] G:\cyberfamosases\cyberfamosases.exe -t
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Power Scan] G:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cdmpgfyh] G:\WINDOWS\cdmpgfyh.exe
O4 - HKLM\..\Run: [StorageGuard] "G:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] G:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [dla] G:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IST Service] G:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [_Cat4] G:\WINDOWS\msmsgr2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\j2re1.4.1_02\bin\jusched.exe
O4 - HKLM\..\Run: [Media Access] G:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [navapp] G:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [beinzv] g:\windows\system32\beinzv.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [AVGCtrl] G:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Windows_Protect] winsystem.exe
O4 - HKLM\..\RunServices: [Windows_Protect] winsystem.exe
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] G:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [PayTime] G:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [Windows_Protect] winsystem.exe
O4 - Global Startup: DSLMON-9Online.LNK = ?
O4 - Global Startup: Protection auto Norton AntiVirus.lnk = G:\Program Files\Norton SystemWorks\Norton Antivirus NT\NAVAPW32.EXE
O8 - Extra context menu item: &Google Search - res://g:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://g:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://g:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://g:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://G:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://G:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006_mainstream.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://03.sharedsource.org/html/UDConn_5.2.1.1.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.contenidospc.com/ruboskizo2.cab
O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1} (IntDialerData Class) - http://www.grupomarineda.net/auto/DialerData.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111568137108
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_pack_XP.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fr.jackpotcity.microgaming.com/fr.jackpotcity/FlashAX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/506389.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E8C5A2A-5390-4762-9CB6-1435E87D9D4F}: NameServer = 80.118.192.100 80.118.196.36
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - G:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - G:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NAV Alert - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~3\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~3\navapsvc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - G:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norton Program Scheduler - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~3\npssvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
Scan saved at 16:13:52, on 22/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\AVPersonal\AVGUARD.EXE
G:\Program Files\AVPersonal\AVWUPSRV.EXE
G:\WINDOWS\System32\nvsvc32.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Fichiers communs\Symantec Shared\SymTray.exe
G:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\WINDOWS\system32\dla\tfswctrl.exe
G:\WINDOWS\System32\DeltTray.exe
G:\Program Files\AVPersonal\AVGNT.EXE
G:\WINDOWS\System32\winsystem.exe
G:\Program Files\9Telecom\modem_ADSL_USB_Comtrend_CT-350\dslmon.exe
G:\Program Files\Norton SystemWorks\Norton Antivirus NT\NAVAPW32.EXE
G:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=135343
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.fr"); (G:\Documents and Settings\fabien\Application Data\Mozilla\Profiles\default\u8i2u9le.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://G%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (G:\Documents and Settings\fabien\Application Data\Mozilla\Profiles\default\u8i2u9le.slt\prefs.js)
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - G:\WINDOWS\ceres.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - G:\WINDOWS\sasetup.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - G:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [NPS Event Checker] G:\PROGRA~1\NORTON~1\NORTON~3\npscheck.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] G:\Program Files\Fichiers communs\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\Run: [LVCOMS] G:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [cyberfamosases] G:\cyberfamosases\cyberfamosases.exe -t
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Power Scan] G:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cdmpgfyh] G:\WINDOWS\cdmpgfyh.exe
O4 - HKLM\..\Run: [StorageGuard] "G:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] G:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [dla] G:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IST Service] G:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [_Cat4] G:\WINDOWS\msmsgr2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\j2re1.4.1_02\bin\jusched.exe
O4 - HKLM\..\Run: [Media Access] G:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [navapp] G:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [beinzv] g:\windows\system32\beinzv.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [AVGCtrl] G:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Windows_Protect] winsystem.exe
O4 - HKLM\..\RunServices: [Windows_Protect] winsystem.exe
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] G:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [PayTime] G:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [Windows_Protect] winsystem.exe
O4 - Global Startup: DSLMON-9Online.LNK = ?
O4 - Global Startup: Protection auto Norton AntiVirus.lnk = G:\Program Files\Norton SystemWorks\Norton Antivirus NT\NAVAPW32.EXE
O8 - Extra context menu item: &Google Search - res://g:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://g:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://g:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://g:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://G:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://G:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006_mainstream.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://03.sharedsource.org/html/UDConn_5.2.1.1.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.contenidospc.com/ruboskizo2.cab
O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1} (IntDialerData Class) - http://www.grupomarineda.net/auto/DialerData.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111568137108
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_pack_XP.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fr.jackpotcity.microgaming.com/fr.jackpotcity/FlashAX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/506389.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E8C5A2A-5390-4762-9CB6-1435E87D9D4F}: NameServer = 80.118.192.100 80.118.196.36
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - G:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - G:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NAV Alert - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~3\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~3\navapsvc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - G:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norton Program Scheduler - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~3\npssvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
22 mai 2005 à 16:37
22 mai 2005 à 16:37
re deja tu as combien d anti virus
desactive les et n en garde qu un actif c est imperatif
salut
imprime ceci pour ne rien oublier et tous faire
tous faire dans l ordre imperativement
-------------------------
tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore
adaware (1)
spyboot (2)
(ici) http://www.florensac-chasse-trap.com/ section virus
et aussi ceci
CleanUp312.exe (3)
----------------
desactive ta restauration systeme
pour ça tu fais clic droit sur poste de travail
propriété tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
------------
demarre en mode sans echec
mode sans echec pour cela tu tapote la touche f8
des le debut de l allumage du pc sans t arreter
une fenetre vas souvrir tute deplace avec les fleches du clavier sur demarreren mode sans echec
une fois sur le bureau il ni auras pas toutes les couleurs et autres c est normal.si f8 ne marche pas utilise la touche f5
-------------------------
assure toi de ceci
Affiche tous les fichiers et dossiers :
cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer
----------------------
vide tes fichiers temps et tempory internet file sur tous les utilisateur
utilise ceci pour le faire
http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
--------------------
relance hijack coche ces lignes et ensuite clik sur fix
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=135343
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - G:\WINDOWS\ceres.dll (file missing)
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - G:\WINDOWS\sasetup.dll (file missing)
O4 - HKLM\..\Run: [cyberfamosases] G:\cyberfamosases\cyberfamosases.exe -t seulement si tu ne connait pas
O4 - HKLM\..\Run: [cdmpgfyh] G:\WINDOWS\cdmpgfyh.exe
O4 - HKLM\..\Run: [IST Service] G:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [_Cat4] G:\WINDOWS\msmsgr2.exe
O4 - HKLM\..\Run: [Media Access] G:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [beinzv] g:\windows\system32\beinzv.exe
O4 - HKLM\..\Run: [Windows_Protect] winsystem.exe
O4 - HKLM\..\RunServices: [Windows_Protect] winsystem.exe
O4 - HKCU\..\Run: [Windows_Protect] winsystem.exe
O4 - Global Startup: DSLMON-9Online.LNK = ?
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006_mainstream.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://03.sharedsource.org/html/UDConn_5.2.1.1.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.contenidospc.com/ruboskizo2.cab
O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1} (IntDialerData Class) - http://www.grupomarineda.net/auto/DialerData.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111568137108
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_pack_XP.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fr.jackpotcity.microgaming.com/fr.jackpotcity/FlashAX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/506389.exe
----------------------
recherche et suppr ceci
attention seulement les fichiers
G:\WINDOWS\ceres.dll (file missing)
G:\WINDOWS\sasetup.dll
G:\cyberfamosases\cyberfamosases.exe -t seulement si tu ne connait pas
G:\WINDOWS\cdmpgfyh.exe
G:\Program Files\ISTsvc<==le dossier
G:\WINDOWS\msmsgr2.exe
G:\Program Files\Media Access<==le dossier
g:\windows\system32\beinzv.exe
winsystem.exe
---------------
passe adaware et vire tous se qu il trouve
----------
passe spy boot et vire tous se qu il trouvent
-------------
tu vide ta poubelle et tu redemarre en mode normal et refait un hijack
et precise ou en sont tes soucis
--
desactive les et n en garde qu un actif c est imperatif
salut
imprime ceci pour ne rien oublier et tous faire
tous faire dans l ordre imperativement
-------------------------
tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore
adaware (1)
spyboot (2)
(ici) http://www.florensac-chasse-trap.com/ section virus
et aussi ceci
CleanUp312.exe (3)
----------------
desactive ta restauration systeme
pour ça tu fais clic droit sur poste de travail
propriété tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
------------
demarre en mode sans echec
mode sans echec pour cela tu tapote la touche f8
des le debut de l allumage du pc sans t arreter
une fenetre vas souvrir tute deplace avec les fleches du clavier sur demarreren mode sans echec
une fois sur le bureau il ni auras pas toutes les couleurs et autres c est normal.si f8 ne marche pas utilise la touche f5
-------------------------
assure toi de ceci
Affiche tous les fichiers et dossiers :
cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer
----------------------
vide tes fichiers temps et tempory internet file sur tous les utilisateur
utilise ceci pour le faire
http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
--------------------
relance hijack coche ces lignes et ensuite clik sur fix
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=135343
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - G:\WINDOWS\ceres.dll (file missing)
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - G:\WINDOWS\sasetup.dll (file missing)
O4 - HKLM\..\Run: [cyberfamosases] G:\cyberfamosases\cyberfamosases.exe -t seulement si tu ne connait pas
O4 - HKLM\..\Run: [cdmpgfyh] G:\WINDOWS\cdmpgfyh.exe
O4 - HKLM\..\Run: [IST Service] G:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [_Cat4] G:\WINDOWS\msmsgr2.exe
O4 - HKLM\..\Run: [Media Access] G:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [beinzv] g:\windows\system32\beinzv.exe
O4 - HKLM\..\Run: [Windows_Protect] winsystem.exe
O4 - HKLM\..\RunServices: [Windows_Protect] winsystem.exe
O4 - HKCU\..\Run: [Windows_Protect] winsystem.exe
O4 - Global Startup: DSLMON-9Online.LNK = ?
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006_mainstream.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://03.sharedsource.org/html/UDConn_5.2.1.1.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.contenidospc.com/ruboskizo2.cab
O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1} (IntDialerData Class) - http://www.grupomarineda.net/auto/DialerData.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111568137108
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_pack_XP.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fr.jackpotcity.microgaming.com/fr.jackpotcity/FlashAX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/506389.exe
----------------------
recherche et suppr ceci
attention seulement les fichiers
G:\WINDOWS\ceres.dll (file missing)
G:\WINDOWS\sasetup.dll
G:\cyberfamosases\cyberfamosases.exe -t seulement si tu ne connait pas
G:\WINDOWS\cdmpgfyh.exe
G:\Program Files\ISTsvc<==le dossier
G:\WINDOWS\msmsgr2.exe
G:\Program Files\Media Access<==le dossier
g:\windows\system32\beinzv.exe
winsystem.exe
---------------
passe adaware et vire tous se qu il trouve
----------
passe spy boot et vire tous se qu il trouvent
-------------
tu vide ta poubelle et tu redemarre en mode normal et refait un hijack
et precise ou en sont tes soucis
--
Bonjour BallTrap,
j'ai suivi à la lettre la procédure que tu m'as indiqué.
La seule chose que je n'ai pas faite, c'est de supprimer Norton Antivirus, quand je clique sur désinstaller, le msg de confirmation me demande si je veux désinstaller Netscape 7.1 . Bizarre.
Apparemment, mon pb est résolu, merci beaucoup.
Logfile of HijackThis v1.99.1
Scan saved at 08:41:57, on 24/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\AVPersonal\AVGUARD.EXE
G:\Program Files\AVPersonal\AVWUPSRV.EXE
G:\WINDOWS\System32\nvsvc32.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Fichiers communs\Symantec Shared\SymTray.exe
G:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
G:\WINDOWS\system32\dla\tfswctrl.exe
G:\WINDOWS\System32\DeltTray.exe
G:\Program Files\AVPersonal\AVGNT.EXE
G:\Program Files\9Telecom\modem_ADSL_USB_Comtrend_CT-350\dslmon.exe
G:\Program Files\Norton SystemWorks\Norton Antivirus NT\NAVAPW32.EXE
G:\WINDOWS\System32\wuauclt.exe
G:\Program Files\Netscape\Netscape\Netscp.exe
H:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=135343
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.fr"); (G:\Documents and Settings\fabien\Application Data\Mozilla\Profiles\default\u8i2u9le.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://G%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (G:\Documents and Settings\fabien\Application Data\Mozilla\Profiles\default\u8i2u9le.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - G:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [NPS Event Checker] G:\PROGRA~1\NORTON~1\NORTON~3\npscheck.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] G:\Program Files\Fichiers communs\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\Run: [LVCOMS] G:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "G:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] G:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [dla] G:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [_Cat4] G:\WINDOWS\msmsgr2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\j2re1.4.1_02\bin\jusched.exe
O4 - HKLM\..\Run: [Media Access] G:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [navapp] G:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [beinzv] g:\windows\system32\beinzv.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [AVGCtrl] G:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Windows_Protect] winsystem.exe
O4 - HKLM\..\RunServices: [Windows_Protect] winsystem.exe
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] G:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [PayTime] G:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [Windows_Protect] winsystem.exe
O4 - Global Startup: DSLMON-9Online.LNK = ?
O4 - Global Startup: Protection auto Norton AntiVirus.lnk = G:\Program Files\Norton SystemWorks\Norton Antivirus NT\NAVAPW32.EXE
O8 - Extra context menu item: &Google Search - res://g:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://g:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://g:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://g:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://G:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://G:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E8C5A2A-5390-4762-9CB6-1435E87D9D4F}: NameServer = 80.118.196.40 80.118.192.110
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - G:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - G:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NAV Alert - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~3\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~3\navapsvc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - G:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norton Program Scheduler - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~3\npssvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
j'ai suivi à la lettre la procédure que tu m'as indiqué.
La seule chose que je n'ai pas faite, c'est de supprimer Norton Antivirus, quand je clique sur désinstaller, le msg de confirmation me demande si je veux désinstaller Netscape 7.1 . Bizarre.
Apparemment, mon pb est résolu, merci beaucoup.
Logfile of HijackThis v1.99.1
Scan saved at 08:41:57, on 24/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\AVPersonal\AVGUARD.EXE
G:\Program Files\AVPersonal\AVWUPSRV.EXE
G:\WINDOWS\System32\nvsvc32.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Fichiers communs\Symantec Shared\SymTray.exe
G:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
G:\WINDOWS\system32\dla\tfswctrl.exe
G:\WINDOWS\System32\DeltTray.exe
G:\Program Files\AVPersonal\AVGNT.EXE
G:\Program Files\9Telecom\modem_ADSL_USB_Comtrend_CT-350\dslmon.exe
G:\Program Files\Norton SystemWorks\Norton Antivirus NT\NAVAPW32.EXE
G:\WINDOWS\System32\wuauclt.exe
G:\Program Files\Netscape\Netscape\Netscp.exe
H:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=135343
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.fr"); (G:\Documents and Settings\fabien\Application Data\Mozilla\Profiles\default\u8i2u9le.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://G%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (G:\Documents and Settings\fabien\Application Data\Mozilla\Profiles\default\u8i2u9le.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - G:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [NPS Event Checker] G:\PROGRA~1\NORTON~1\NORTON~3\npscheck.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] G:\Program Files\Fichiers communs\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\Run: [LVCOMS] G:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "G:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] G:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [dla] G:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [_Cat4] G:\WINDOWS\msmsgr2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\j2re1.4.1_02\bin\jusched.exe
O4 - HKLM\..\Run: [Media Access] G:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [navapp] G:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [beinzv] g:\windows\system32\beinzv.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [AVGCtrl] G:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Windows_Protect] winsystem.exe
O4 - HKLM\..\RunServices: [Windows_Protect] winsystem.exe
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] G:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [PayTime] G:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [Windows_Protect] winsystem.exe
O4 - Global Startup: DSLMON-9Online.LNK = ?
O4 - Global Startup: Protection auto Norton AntiVirus.lnk = G:\Program Files\Norton SystemWorks\Norton Antivirus NT\NAVAPW32.EXE
O8 - Extra context menu item: &Google Search - res://g:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://g:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://g:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://g:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://G:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://G:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E8C5A2A-5390-4762-9CB6-1435E87D9D4F}: NameServer = 80.118.196.40 80.118.192.110
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - G:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - G:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NAV Alert - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~3\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~3\navapsvc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - G:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norton Program Scheduler - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~3\npssvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
Utilisateur anonyme
24 mai 2005 à 14:57
24 mai 2005 à 14:57
salut,
balltrap n est pas la de la semaine mais je tenais a te dore:
2antivirus = pour synthetisé clairement, c est 2 logiciels qui vont tourner toujours sur ton pc, etant toujours actif mais 2antivirus, comme il font le meme boulot vont se contredire et donc creer des conflits, ainsi il faut que tu gardes qu un seul antivirus !
jte conseille de garder antivir et de supprimer et/ou desactiver norton
a+
balltrap n est pas la de la semaine mais je tenais a te dore:
2antivirus = pour synthetisé clairement, c est 2 logiciels qui vont tourner toujours sur ton pc, etant toujours actif mais 2antivirus, comme il font le meme boulot vont se contredire et donc creer des conflits, ainsi il faut que tu gardes qu un seul antivirus !
jte conseille de garder antivir et de supprimer et/ou desactiver norton
a+
Utilisateur anonyme
24 mai 2005 à 20:00
24 mai 2005 à 20:00
De rien ^^
et pour ton log, passe en mode sans echec relance hijack et essayer de fixer cela:
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=135343
O4 - HKLM\..\Run: [Media Access] G:\Program Files\Media Access\MediaAccK.exe
et supprime entierement
G:\Program Files\Media Access<---------le dossier
ensuite redemarre et refais un log
a+
et pour ton log, passe en mode sans echec relance hijack et essayer de fixer cela:
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=135343
O4 - HKLM\..\Run: [Media Access] G:\Program Files\Media Access\MediaAccK.exe
et supprime entierement
G:\Program Files\Media Access<---------le dossier
ensuite redemarre et refais un log
a+