Coolwwwsearch, résistance... :'(

3 réponses

Albert

13/11/2006 à 00:02

Bonsoir,

je suis a priori enquiquiné par ce truc : coolwwwsearch.smallM
Je n'arrive pas à m'en débarrasser malgré les pages trouvées
sur le net

:o(

Voici mon rapport HijackThis :

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\RegistrySmart\RegistrySmart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\program files\voipbuster.com\voipbuster\voipbuster.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\DR\Local Settings\Temporary Internet Files\Content.IE5\01234567\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
(file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157615936070
O17 - HKLM\System\CCS\Services\Tcpip\..\{182B4701-FE2F-4CC8-B015-CA0B805E8CC2}: NameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{182B4701-FE2F-4CC8-B015-CA0B805E8CC2}: NameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{182B4701-FE2F-4CC8-B015-CA0B805E8CC2}: NameServer = 192.168.0.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers
communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware
4.0\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. -
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. -
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp
Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)

Merci.
Albert

3 réponses

Jacquouille la Fripouille

13/11/2006 à 19:33

*Bonjour Albert*
Dans news:, tu as tapoté sur
ton clavier pour écrire :

Bonsoir,

je suis a priori enquiquiné par ce truc : coolwwwsearch.smallM
Je n'arrive pas à m'en débarrasser malgré les pages trouvées
sur le net

Tu as essayé CWShredder.
C'est *le* truc contre les malwares CWS :
http://www.intermute.com/products/cwshredder.html
--
Jacquouille la Fripouille

Jacquouille la Fripouille

13/11/2006 à 19:36

*Bonjour Albert*
Dans news:, tu as tapoté sur
ton clavier pour écrire :

Bonsoir,

je suis a priori enquiquiné par ce truc : coolwwwsearch.smallM
Je n'arrive pas à m'en débarrasser malgré les pages trouvées
sur le net

La même, mais en français :
http://fr.trendmicro-europe.com/consumer/products/cws_shredder.php
:o)
--
Jacquouille la Fripouille

giovanni

15/11/2006 à 11:28

essaie ca

http://www.spywareremove.com/removeCoolWebSearch.html

"Albert" <Dessart> a écrit dans le message de news:

Bonsoir,

je suis a priori enquiquiné par ce truc : coolwwwsearch.smallM
Je n'arrive pas à m'en débarrasser malgré les pages trouvées
sur le net

:o(

Voici mon rapport HijackThis :

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesMicro ApplicationCloneur ExpertTrueImageMonitor.exe
C:Program FilesFichiers communsAcronisSchedule2schedhlp.exe
C:Program FilesJavajre1.5.0_06binjusched.exe
C:Program FilesTrend MicroInternet Security 12pccguide.exe
C:Program FilesASUSProbeAsusProb.exe
C:Program FilesFichiers communsRealUpdate_OBrealsched.exe
C:Program FilesRegistrySmartRegistrySmart.exe
C:WINDOWSsystem32ctfmon.exe
C:PROGRA~1LavasoftAD-AWA~1Ad-Watch.exe
C:program filesvoipbuster.comvoipbustervoipbuster.exe
C:Program FilesFichiers communsAcronisSchedule2schedul2.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpobnz08.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
C:Program Filesewido anti-spyware 4.0guard.exe
C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
C:Program FilesFichiers communsMicrosoft SharedVS7DEBUGMDM.EXE
C:PROGRA~1TRENDM~1INTERN~1PcCtlCom.exe
C:WINDOWSsystem32devldr32.exe
C:WINDOWSsystem32svchost.exe
C:PROGRA~1TRENDM~1INTERN~1Tmntsrv.exe
C:PROGRA~1TRENDM~1INTERN~1tmproxy.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpoevm08.exe
C:PROGRA~1TRENDM~1INTERN~1TmPfw.exe
C:Program FilesOutlook Expressmsimn.exe
C:Documents and SettingsDRLocal SettingsTemporary Internet
FilesContent.IE51234567HijackThis.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32HPZipm12.exe
C:Program FilesHewlett-PackardDigital ImagingBinhpoSTS08.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.orange.fr/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkIdi157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkIdT896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkIdT896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft.com/fwlink/?LinkIdi157
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page > R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat
7.0ActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: Windows Live Toolbar Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live
Toolbarmsntb.dll
O3 - Toolbar: Windows Live Toolbar -
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live
Toolbarmsntb.dll
O4 - HKLM..Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM..Run: [Cloneur Expert Monitor] "C:Program FilesMicro
ApplicationCloneur ExpertTrueImageMonitor.exe"
O4 - HKLM..Run: [Acronis Scheduler2 Service] "C:Program FilesFichiers
communsAcronisSchedule2schedhlp.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [pccguide.exe] "C:Program FilesTrend MicroInternet
Security 12pccguide.exe"
O4 - HKLM..Run: [ASUS Probe] C:Program FilesASUSProbeAsusProb.exe
O4 - HKLM..Run: [InCD] C:Program FilesAheadInCDInCD.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesFichiers
communsRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [WinVNC] "C:Program
FilesUltraVNCWinVNC.exe" -servicehelper
O4 - HKLM..Run: [RegistrySmart] "C:Program
FilesRegistrySmartRegistrySmart.exe" -boot
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [AWMON] "C:PROGRA~1LavasoftAD-AWA~1Ad-Watch.exe"
O4 - HKCU..Run: [VoipBuster] "C:program
filesvoipbuster.comvoipbustervoipbuster.exe" -nosplash -minimized
O4 - Global Startup: hp psc 2000 Series.lnk = C:Program
FilesHewlett-PackardDigital Imagingbinhpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:Program
FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:Program
FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%Network Diagnosticxpnetdiag.exe
(file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network
Diagnosticxpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157615936070
O17 -
HKLMSystemCCSServicesTcpip..{182B4701-FE2F-4CC8-B015-CA0B805E8CC2}:
NameServer = 192.168.0.254
O17 -
HKLMSystemCS1ServicesTcpip..{182B4701-FE2F-4CC8-B015-CA0B805E8CC2}:
NameServer = 192.168.0.254
O17 -
HKLMSystemCS2ServicesTcpip..{182B4701-FE2F-4CC8-B015-CA0B805E8CC2}:
NameServer = 192.168.0.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis -
C:Program FilesFichiers
communsAcronisSchedule2schedul2.exe
O23 - Service: Ati HotKey Poller - Unknown owner -
C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:WINDOWSsystem32ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development
a.s. - C:Program Filesewido anti-spyware
4.0guard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:Program
FilesAheadInCDInCDsrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend
Micro Incorporated. -
C:PROGRA~1TRENDM~1INTERN~1PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro
Incorporated. -
C:PROGRA~1TRENDM~1INTERN~1Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. -
C:PROGRA~1TRENDM~1INTERN~1TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -
C:PROGRA~1TRENDM~1INTERN~1tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) -
TuneUp Software GmbH - C:Program FilesTuneUp
Utilities 2006WinStylerThemeSvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:Program
FilesUltraVNCWinVNC.exe" -service (file missing)

Merci.
Albert

essaie ca

http://www.spywareremove.com/removeCoolWebSearch.html

"Albert" <Dessart> a écrit dans le message de news:
iv9fl2tmdqpb564fso1p68q1g97nhp26i0@4ax.com...

Bonsoir,

je suis a priori enquiquiné par ce truc : coolwwwsearch.smallM
Je n'arrive pas à m'en débarrasser malgré les pages trouvées
sur le net

:o(

Voici mon rapport HijackThis :

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesMicro ApplicationCloneur ExpertTrueImageMonitor.exe
C:Program FilesFichiers communsAcronisSchedule2schedhlp.exe
C:Program FilesJavajre1.5.0_06binjusched.exe
C:Program FilesTrend MicroInternet Security 12pccguide.exe
C:Program FilesASUSProbeAsusProb.exe
C:Program FilesFichiers communsRealUpdate_OBrealsched.exe
C:Program FilesRegistrySmartRegistrySmart.exe
C:WINDOWSsystem32ctfmon.exe
C:PROGRA~1LavasoftAD-AWA~1Ad-Watch.exe
C:program filesvoipbuster.comvoipbustervoipbuster.exe
C:Program FilesFichiers communsAcronisSchedule2schedul2.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpobnz08.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
C:Program Filesewido anti-spyware 4.0guard.exe
C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
C:Program FilesFichiers communsMicrosoft SharedVS7DEBUGMDM.EXE
C:PROGRA~1TRENDM~1INTERN~1PcCtlCom.exe
C:WINDOWSsystem32devldr32.exe
C:WINDOWSsystem32svchost.exe
C:PROGRA~1TRENDM~1INTERN~1Tmntsrv.exe
C:PROGRA~1TRENDM~1INTERN~1tmproxy.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpoevm08.exe
C:PROGRA~1TRENDM~1INTERN~1TmPfw.exe
C:Program FilesOutlook Expressmsimn.exe
C:Documents and SettingsDRLocal SettingsTemporary Internet
FilesContent.IE51234567HijackThis.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32HPZipm12.exe
C:Program FilesHewlett-PackardDigital ImagingBinhpoSTS08.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.orange.fr/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkIdi157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkIdT896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkIdT896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft.com/fwlink/?LinkIdi157
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page > R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat
7.0ActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: Windows Live Toolbar Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live
Toolbarmsntb.dll
O3 - Toolbar: Windows Live Toolbar -
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live
Toolbarmsntb.dll
O4 - HKLM..Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM..Run: [Cloneur Expert Monitor] "C:Program FilesMicro
ApplicationCloneur ExpertTrueImageMonitor.exe"
O4 - HKLM..Run: [Acronis Scheduler2 Service] "C:Program FilesFichiers
communsAcronisSchedule2schedhlp.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [pccguide.exe] "C:Program FilesTrend MicroInternet
Security 12pccguide.exe"
O4 - HKLM..Run: [ASUS Probe] C:Program FilesASUSProbeAsusProb.exe
O4 - HKLM..Run: [InCD] C:Program FilesAheadInCDInCD.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesFichiers
communsRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [WinVNC] "C:Program
FilesUltraVNCWinVNC.exe" -servicehelper
O4 - HKLM..Run: [RegistrySmart] "C:Program
FilesRegistrySmartRegistrySmart.exe" -boot
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [AWMON] "C:PROGRA~1LavasoftAD-AWA~1Ad-Watch.exe"
O4 - HKCU..Run: [VoipBuster] "C:program
filesvoipbuster.comvoipbustervoipbuster.exe" -nosplash -minimized
O4 - Global Startup: hp psc 2000 Series.lnk = C:Program
FilesHewlett-PackardDigital Imagingbinhpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:Program
FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:Program
FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%Network Diagnosticxpnetdiag.exe
(file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network
Diagnosticxpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157615936070
O17 -
HKLMSystemCCSServicesTcpip..{182B4701-FE2F-4CC8-B015-CA0B805E8CC2}:
NameServer = 192.168.0.254
O17 -
HKLMSystemCS1ServicesTcpip..{182B4701-FE2F-4CC8-B015-CA0B805E8CC2}:
NameServer = 192.168.0.254
O17 -
HKLMSystemCS2ServicesTcpip..{182B4701-FE2F-4CC8-B015-CA0B805E8CC2}:
NameServer = 192.168.0.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis -
C:Program FilesFichiers
communsAcronisSchedule2schedul2.exe
O23 - Service: Ati HotKey Poller - Unknown owner -
C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:WINDOWSsystem32ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development
a.s. - C:Program Filesewido anti-spyware
4.0guard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:Program
FilesAheadInCDInCDsrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend
Micro Incorporated. -
C:PROGRA~1TRENDM~1INTERN~1PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro
Incorporated. -
C:PROGRA~1TRENDM~1INTERN~1Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. -
C:PROGRA~1TRENDM~1INTERN~1TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -
C:PROGRA~1TRENDM~1INTERN~1tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) -
TuneUp Software GmbH - C:Program FilesTuneUp
Utilities 2006WinStylerThemeSvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:Program
FilesUltraVNCWinVNC.exe" -service (file missing)

Merci.
Albert

Vous avez filtré cet utilisateur ! Consultez son message

essaie ca

http://www.spywareremove.com/removeCoolWebSearch.html

"Albert" <Dessart> a écrit dans le message de news:

Bonsoir,

je suis a priori enquiquiné par ce truc : coolwwwsearch.smallM
Je n'arrive pas à m'en débarrasser malgré les pages trouvées
sur le net

:o(

Voici mon rapport HijackThis :

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesMicro ApplicationCloneur ExpertTrueImageMonitor.exe
C:Program FilesFichiers communsAcronisSchedule2schedhlp.exe
C:Program FilesJavajre1.5.0_06binjusched.exe
C:Program FilesTrend MicroInternet Security 12pccguide.exe
C:Program FilesASUSProbeAsusProb.exe
C:Program FilesFichiers communsRealUpdate_OBrealsched.exe
C:Program FilesRegistrySmartRegistrySmart.exe
C:WINDOWSsystem32ctfmon.exe
C:PROGRA~1LavasoftAD-AWA~1Ad-Watch.exe
C:program filesvoipbuster.comvoipbustervoipbuster.exe
C:Program FilesFichiers communsAcronisSchedule2schedul2.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpobnz08.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
C:Program Filesewido anti-spyware 4.0guard.exe
C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
C:Program FilesFichiers communsMicrosoft SharedVS7DEBUGMDM.EXE
C:PROGRA~1TRENDM~1INTERN~1PcCtlCom.exe
C:WINDOWSsystem32devldr32.exe
C:WINDOWSsystem32svchost.exe
C:PROGRA~1TRENDM~1INTERN~1Tmntsrv.exe
C:PROGRA~1TRENDM~1INTERN~1tmproxy.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpoevm08.exe
C:PROGRA~1TRENDM~1INTERN~1TmPfw.exe
C:Program FilesOutlook Expressmsimn.exe
C:Documents and SettingsDRLocal SettingsTemporary Internet
FilesContent.IE51234567HijackThis.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32HPZipm12.exe
C:Program FilesHewlett-PackardDigital ImagingBinhpoSTS08.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.orange.fr/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkIdi157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkIdT896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkIdT896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft.com/fwlink/?LinkIdi157
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page > R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat
7.0ActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: Windows Live Toolbar Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live
Toolbarmsntb.dll
O3 - Toolbar: Windows Live Toolbar -
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live
Toolbarmsntb.dll
O4 - HKLM..Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM..Run: [Cloneur Expert Monitor] "C:Program FilesMicro
ApplicationCloneur ExpertTrueImageMonitor.exe"
O4 - HKLM..Run: [Acronis Scheduler2 Service] "C:Program FilesFichiers
communsAcronisSchedule2schedhlp.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [pccguide.exe] "C:Program FilesTrend MicroInternet
Security 12pccguide.exe"
O4 - HKLM..Run: [ASUS Probe] C:Program FilesASUSProbeAsusProb.exe
O4 - HKLM..Run: [InCD] C:Program FilesAheadInCDInCD.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesFichiers
communsRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [WinVNC] "C:Program
FilesUltraVNCWinVNC.exe" -servicehelper
O4 - HKLM..Run: [RegistrySmart] "C:Program
FilesRegistrySmartRegistrySmart.exe" -boot
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [AWMON] "C:PROGRA~1LavasoftAD-AWA~1Ad-Watch.exe"
O4 - HKCU..Run: [VoipBuster] "C:program
filesvoipbuster.comvoipbustervoipbuster.exe" -nosplash -minimized
O4 - Global Startup: hp psc 2000 Series.lnk = C:Program
FilesHewlett-PackardDigital Imagingbinhpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:Program
FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:Program
FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%Network Diagnosticxpnetdiag.exe
(file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network
Diagnosticxpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157615936070
O17 -
HKLMSystemCCSServicesTcpip..{182B4701-FE2F-4CC8-B015-CA0B805E8CC2}:
NameServer = 192.168.0.254
O17 -
HKLMSystemCS1ServicesTcpip..{182B4701-FE2F-4CC8-B015-CA0B805E8CC2}:
NameServer = 192.168.0.254
O17 -
HKLMSystemCS2ServicesTcpip..{182B4701-FE2F-4CC8-B015-CA0B805E8CC2}:
NameServer = 192.168.0.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis -
C:Program FilesFichiers
communsAcronisSchedule2schedul2.exe
O23 - Service: Ati HotKey Poller - Unknown owner -
C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:WINDOWSsystem32ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development
a.s. - C:Program Filesewido anti-spyware
4.0guard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:Program
FilesAheadInCDInCDsrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend
Micro Incorporated. -
C:PROGRA~1TRENDM~1INTERN~1PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro
Incorporated. -
C:PROGRA~1TRENDM~1INTERN~1Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. -
C:PROGRA~1TRENDM~1INTERN~1TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -
C:PROGRA~1TRENDM~1INTERN~1tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) -
TuneUp Software GmbH - C:Program FilesTuneUp
Utilities 2006WinStylerThemeSvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:Program
FilesUltraVNCWinVNC.exe" -service (file missing)

Merci.
Albert

Coolwwwsearch, résistance... :'(

3 réponses

Veuillez sélectionner un problème