secuser impossible, spybot impossible, même krosoft antispyware

Et adaware SE?

Vous pouvez toujours essayer (gratuit).

bonjour

voilà une partie de mes misères !
j'ai une icône sexx, des fenêtres jeux qui s'ouvrent, et surtout un portable
qui s'éteint au beau milieu de mon boulot !
je n'ai pas pour habitude de me promener sur des sites de c.l, j'ai chopé ça
car je suis allée sur un site russe

une aide ?
telecharges et installes hijackthis :

http://www.spywareinfo.com/~merijn/downloads.html
et copie/colle les logs ici... ;-)


--

@+
ERIC
http://ericzworkz.free.fr/wordpress

mon dieu ! j'ai quand même réussi à télécharger et exécuter le hijackthis
mais je n'ai rien compris, mais rien de rien ; ci-dessous, après votre
message, le contenu du log :

eric g. wrote:

bonjour

voilà une partie de mes misères !
j'ai une icône sexx, des fenêtres jeux qui s'ouvrent, et surtout un
portable qui s'éteint au beau milieu de mon boulot !
je n'ai pas pour habitude de me promener sur des sites de c.l, j'ai
chopé ça car je suis allée sur un site russe

une aide ?
telecharges et installes hijackthis :

http://www.spywareinfo.com/~merijn/downloads.html
et copie/colle les logs ici... ;-)

COPIE du log :
Logfile of HijackThis v1.99.1
Scan saved at 21:41:25, on 27/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32Ati2evxx.exe
C:PROGRA~1SYMANT~1SYMANT~1DefWatch.exe
C:Program FilesExecutive SoftwareDiskeeperDkService.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32atiptaxx.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesLaunch ManagerWbutton.exe
C:Program FilesLaunch ManagerLaunchAp.exe
C:Program FilesLaunch ManagerHotkeyApp.exe
C:Program FilesLaunch ManagerCtrlVol.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb04.exe
C:PROGRA~1WanadooCnxMon.exe
C:Program FilesAlcatelSpeedTouch USBDragdiag.exe
C:PROGRA~1WanadooTaskbarIcon.exe
C:Program FilesElaborate BytesCloneCDCloneCDTray.exe
C:PROGRA~1WANADO~1Wanadoo Messager.exe
D:Program FilesHighCriteriaTotalRecorderTotRecSched.exe
C:Program FilesNetPumperNetPumperIEProxy.exe
D:Program FilesSlySoftAnyDVDAnyDVD.exe
C:Program FilesMedia Player ClassicRealPlay.exe
C:Program FilesJavajre1.5.0_01binjusched.exe
C:windowssystem32bywlmvn.exe
C:WINDOWSnerocheck.exe
C:WINDOWSNeroCheck.exe
C:windowssystem32calc.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:WINDOWSrelsd.exe
C:Program FilesSkypePhoneSkype.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesWebrootWasherwwDisp.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:Program FilesWebSiteViewer127036.dlr
C:PROGRA~1WanadooEspaceWanadoo.exe
C:PROGRA~1WanadooComComp.exe
C:PROGRA~1WanadooWatch.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesNikonNkView4NkVwMon.exe
C:Program FilesMicrosoft OfficeOffice10msoffice.exe
C:Program FilesOutlook Expressmsimn.exe
C:Program FilesOE-QuoteFixoequotefix.exe
C:PROGRA~1NETPUM~1NETPUM~1.EXE
G:downloadHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL =
http://searchmiracle.com/sp.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
http://www.wanadoo.fr/go/page_recherche/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://searchmiracle.com/sp.php
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.wanadoo.fr
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://www.wanadoo.fr
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
http://searchmiracle.com/sp.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak =
http://www.fr.yahoo.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Wanadoo
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
R3 - Default URLSearchHook is missing
O1 - Hosts: 66.159.20.80 agreathost.net
O1 - Hosts: 66.159.20.80 www.agreathost.net
O1 - Hosts: 66.159.20.80 hotfreehost.com
O1 - Hosts: 66.159.20.80 www.hotfreehost.com
O1 - Hosts: 66.159.20.80 greatfreehost.com
O1 - Hosts: 66.159.20.80 www.greatfreehost.com
O1 - Hosts: 66.159.20.80 freesmutpages.com
O1 - Hosts: 66.159.20.80 www.freesmutpages.com
O1 - Hosts: 66.159.20.80 apornhost.com
O1 - Hosts: 66.159.20.80 www.apornhost.com
O1 - Hosts: 66.159.20.80 nasty-pages.com
O1 - Hosts: 66.159.20.80 www.nasty-pages.com
O1 - Hosts: 66.159.20.80 sexyfreehost.com
O1 - Hosts: 66.159.20.80 www.sexyfreehost.com
O1 - Hosts: 66.159.20.80 x4web.com
O1 - Hosts: 66.159.20.80 www.x4web.com
O1 - Hosts: 66.159.20.80 sexplanets.com
O1 - Hosts: 66.159.20.80 www.sexplanets.com
O1 - Hosts: 66.159.20.80 maxismut.com
O1 - Hosts: 66.159.20.80 www.maxismut.com
O1 - Hosts: 66.159.20.80 tgpfriendly.com
O1 - Hosts: 66.159.20.80 www.tgpfriendly.com
O1 - Hosts: 66.159.20.80 tgp-server.com
O1 - Hosts: 66.159.20.80 www.tgp-server.com
O1 - Hosts: 66.159.20.80 magnaplza.com
O1 - Hosts: 66.159.20.80 www.magnaplza.com
O1 - Hosts: 66.159.20.80 free-xxx-server.com
O1 - Hosts: 66.159.20.80 www.free-xxx-server.com
O1 - Hosts: 66.159.20.80 libereco.net
O1 - Hosts: 66.159.20.80 www.libereco.net
O1 - Hosts: 66.159.20.80 xxxod.net
O1 - Hosts: 66.159.20.80 www.xxxod.net
O1 - Hosts: 66.159.20.80 altsights.com
O1 - Hosts: 66.159.20.80 www.altsights.com
O1 - Hosts: 66.159.20.80 adulthosting.com
O1 - Hosts: 66.159.20.80 www.adulthosting.com
O1 - Hosts: 66.159.20.80 superhova.com
O1 - Hosts: 66.159.20.80 www.superhova.com
O1 - Hosts: 66.159.20.80 bestpornhost.com
O1 - Hosts: 66.159.20.80 www.bestpornhost.com
O1 - Hosts: 66.159.20.80 hostingfree.com
O1 - Hosts: 66.159.20.80 www.hostingfree.com
O1 - Hosts: 66.159.20.80 xfreehosting.com
O1 - Hosts: 66.159.20.80 www.xfreehosting.com
O1 - Hosts: 66.159.20.80 x-x-x-hosting.com
O1 - Hosts: 66.159.20.80 www.x-x-x-hosting.com
O1 - Hosts: 66.159.20.80 pornparks.com
O1 - Hosts: 66.159.20.80 www.pornparks.com
O1 - Hosts: 66.159.20.80 sexls.com
O1 - Hosts: 66.159.20.80 www.sexls.com
O1 - Hosts: 66.159.20.80 royalfreehost.com
O1 - Hosts: 66.159.20.80 www.royalfreehost.com
O1 - Hosts: 66.159.20.80 pleasuremedia.com
O1 - Hosts: 66.159.20.80 www.pleasuremedia.com
O1 - Hosts: 66.159.20.80 www.mtree.com
O1 - Hosts: 66.159.20.80 mtree.com
O1 - Hosts: 66.159.18.75 www.astalavista.com
O1 - Hosts: 66.159.18.75 astalavista.com
O1 - Hosts: 66.159.20.80 www.dialacom.com
O1 - Hosts: 66.159.20.80 dialacom.com
O1 - Hosts: 66.159.20.80 nocreditcard.com
O1 - Hosts: 66.159.20.80 www.nocreditcard.com
O1 - Hosts: 66.159.20.80 movies-etc.com
O1 - Hosts: 66.159.20.80 www.movies-etc.com
O1 - Hosts: 66.159.20.80 22469.com
O1 - Hosts: 66.159.20.80 3wisp.com
O1 - Hosts: 66.159.20.80 www.glamourmodelsgonebad.com
O1 - Hosts: 66.159.20.80 www.hot-adult-clips.com
O1 - Hosts: 66.159.20.80 www.fantasiegirl.com
O1 - Hosts: 66.159.20.80 allowednet.com
O1 - Hosts: 66.159.20.80 www.freepornofreeporn.com
O1 - Hosts: 66.159.20.80 www.exscapeporn.com
O1 - Hosts: 66.159.20.80 amateurnudephoto.com
O1 - Hosts: 66.159.20.80 amateursgonebad.com
O1 - Hosts: 66.159.20.80 badbimbo.com
O1 - Hosts: 66.159.20.80 beautifulbondage.com
O1 - Hosts: 66.159.20.80 bizshura.com
O1 - Hosts: 66.159.20.80 big-xxx-movies.com
O1 - Hosts: 66.159.20.80 boyanxxx.com
O1 - Hosts: 66.159.20.80 cleanpornhost.com
O1 - Hosts: 66.159.20.80 cyberxxxhost.com
O1 - Hosts: 66.159.20.80 discretesex.com
O1 - Hosts: 66.159.20.80 easythumbs.com
O1 - Hosts: 66.159.20.80 exscapeporn.com
O1 - Hosts: 66.159.20.80 free-freeporn.com
O1 - Hosts: 66.159.20.80 freepornofreeporn.com
O1 - Hosts: 66.159.20.80 glamourmodelsgonebad.com
O1 - Hosts: 66.159.20.80 hot3movie.com
O1 - Hosts: 66.159.20.80 hot-adult-clips.com
O1 - Hosts: 66.159.20.80 hottestbabes.net
O1 - Hosts: 66.159.20.80 huge-cock-big-cock.com
O1 - Hosts: 66.159.20.80 hyperfree.com
O1 - Hosts: 66.159.20.80 inaughty.com
O1 - Hosts: 66.159.20.80 lady-love.com
O1 - Hosts: 66.159.20.80 liquidservers.com
O1 - Hosts: 66.159.20.80 www.hot3movie.com
O1 - Hosts: 66.159.20.80 newsexmovies.com
O1 - Hosts: 66.159.20.80 nohiddenfaces.com
O1 - Hosts: 66.159.20.80 only10s.com
O1 - Hosts: 66.159.20.80 pinkcenterfold.com
O1 - Hosts: 66.159.20.80 sex.com
O2 - BHO: (no name) - {00000049-8F91-4D9C-9573-F016E7626484} - (no file)
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} -
C:WINDOWScerbmod.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:PROGRA~1FlashGetjccatch.dll
O4 - HKLM..Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM..Run: [AtiPTA] atiptaxx.exe
O4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [Wbutton] "C:Program FilesLaunch ManagerWbutton.exe"
O4 - HKLM..Run: [Microsoft Works Portfolio] C:Program FilesMicrosoft
WorksWksSb.exe /AllUsers
O4 - HKLM..Run: [LaunchAp] C:Program FilesLaunch ManagerLaunchAp.exe
O4 - HKLM..Run: [HotkeyApp] C:Program FilesLaunch ManagerHotkeyApp.exe
O4 - HKLM..Run: [CtrlVol] C:Program FilesLaunch ManagerCtrlVol.exe
O4 - HKLM..Run: [HPDJ Taskbar Utility]
C:WINDOWSSystem32spooldriversw32x863hpztsb04.exe
O4 - HKLM..Run: [CheckMedi8or] D:Program FilesMediator6CheckNewUser.exe
O4 - HKLM..Run: [OoPDFSettingsv6.exe] D:Program FilesOFFICE
One6.0OFFICE One PDF Manager SEOoPDFSettingsv6.exe
O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1WanadooCnxMon.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program
FilesAlcatelSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1WanadooWatch.exe
O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1WanadooTaskbarIcon.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [CloneCDTray] "C:Program FilesElaborate
BytesCloneCDCloneCDTray.exe"
O4 - HKLM..Run: [Wanadoo Messager.exe] "C:PROGRA~1WANADO~1Wanadoo
Messager.exe" /background
O4 - HKLM..Run: [TotalRecorderScheduler] "d:Program
FilesHighCriteriaTotalRecorderTotRecSched.exe"
O4 - HKLM..Run: [NetPumper] "C:Program
FilesNetPumperNetPumperIEProxy.exe"
O4 - HKLM..Run: [CloneCDElbyCDFL] "C:Program FilesElaborate
BytesCloneCDElbyCheck.exe" /L ElbyCDFL
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [AnyDVD] D:Program FilesSlySoftAnyDVDAnyDVD.exe
O4 - HKLM..Run: [RealTray] C:Program FilesMedia Player
ClassicRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [sssasasb32] C:WINDOWSsssasasb32.exe
O4 - HKLM..Run: [MsnExplorer] C:WINDOWSshch.exe /i
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavajre1.5.0_01binjusched.exe
O4 - HKLM..Run: [clfmon] C:WINDOWSclfmon.exe
O4 - HKLM..Run: [bywlmvn] c:windowssystem32bywlmvn.exe
O4 - HKLM..Run: [WhenUSearch] "C:Program FilesWhenUSearchSearch.exe"
O4 - HKLM..Run: [SheduIer] C:WINDOWSnerocheck.exe /i
O4 - HKLM..Run: [TkBellExe] C:WINDOWSNeroCheck.exe /i
O4 - HKLM..Run: [etbrun] C:windowssystem32elitenzh32.exe
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft
AntiSpywaregcasServ.exe"
O4 - HKLM..Run: [TBllEe] C:WINDOWSrelsd.exe
O4 - HKLM..Run: [ASDPLUGIN] C:WINDOWSsystem32france.exe -N
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash
/minimized
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Window Washer] C:Program FilesWebrootWasherwwDisp.exe
O4 - HKCU..Run: [WanadooVisio] C:Program FilesWanadoo
visioBinPlayerPVGP.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOffice10OSA.EXE
O4 - Global Startup: NkVwMon.exe.lnk = C:Program
FilesNikonNkView4NkVwMon.exe
O8 - Extra context menu item: &Google Search - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Download with NetPumper - C:Program
FilesNetPumperAddUrl.htm
O8 - Extra context menu item: Download with Star Downloader - C:Program
FilesStar Downloadersdie.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~4Office10EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet -
C:Program FilesFlashGetjc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:Program
FilesFlashGetjc_link.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le
cache Google - res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.5.0_01binnpjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_01binnpjpi150_01.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
G:FRONTP~1OFFICE11REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:PROGRA~1FlashGetflashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} -
http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O15 - Trusted Zone: http://www.aneantis-project.com
O15 - Trusted Zone: www.cometchat.com
O15 - Trusted Zone: www.aneantisboard.free.fr
O15 - Trusted Zone: http://*.laspirale.net
O15 - Trusted Zone: www.laspirale.tk
O15 - Trusted Zone: http://*.laspirale.tk
O15 - Trusted Zone: http://www.softpedia.com
O15 - Trusted Zone: *.softpedia.com
O15 - Trusted Zone: http://webchat.solarisnet.org
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM
ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid6467&clcid=0x409
O16 - DPF: {1B3E3251-658E-4F03-8881-68302FE3CE9E} - file://C:Documents and
Settingsrigal nLocal SettingsTempFCabtmp1214.xms
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {282303DC-1E1F-11D5-89F5-004033D24DB9} (D41221.Module) -
http://srv560.mediapluspro.net/Mediaplus560/Download/412Eb/D41221.CAB
O16 - DPF: {2823043E-1E1F-11D5-89F5-004033D24DB9} (D41223.Module) -
http://srv560.mediapluspro.net/Mediaplus560/Download/412Eb/D41223.CAB
O16 - DPF: {2823047A-1E1F-11D5-89F5-004033D24DB9} (D41224.Module) -
http://srv560.mediapluspro.net/Mediaplus560/Download/412Eb/D41224.CAB
O16 - DPF: {282304D2-1E1F-11D5-89F5-004033D24DB9} (D41226.Module) -
http://srv560.mediapluspro.net/Mediaplus560/Download/412Eb/D41226.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) -
http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {4E042DE6-8B87-11D3-AE7F-004033D24DBD}
(HtmlHelpViewer.CViewerHtml) -
http://srv560.mediapluspro.net/Mediaplus560/Download/HtmlHelpViewer.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/1847c55011bf2462ac18/netzip/RdxIE601_fr.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akamai.net/7/1540/52/20030625/qtinstall.info.apple.com/abarth/fr/win/QuickTimeInstaller.exe
O16 - DPF: {642F50E7-244A-11D5-956E-0040339BF4B0} (Inet1.CInet1) -
http://srv560.mediapluspro.net/Mediaplus560/Download/Inet1.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9D23DDAA-D04A-4384-8C51-7B226626A14C} (IBarre0.CManag) -
http://srv560.mediapluspro.net/Mediaplus560/Download/ENIBP.CAB
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) -
https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {D34D6048-E232-4889-B08C-AF4AFE87A6F6}
(ENIInetTools.clsManager) -
http://srv560.mediapluspro.net/Mediaplus560/Download/ENIInetTools.CAB
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
http://deposito.hostance.net/dialer/1045687.exe
O16 - DPF: {E4F5143B-E4D9-11D5-8A02-004033D24DB9} (D41016.Module) -
http://srv560.mediapluspro.net/Mediaplus560/Download/410F/D41016.CAB
O16 - DPF: {E4F51484-E4D9-11D5-8A02-004033D24DB9} (D41018.Module) -
http://srv560.mediapluspro.net/Mediaplus560/Download/410F/D41018.CAB
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} -
http://cdn.climaxbucks.com/internet-optimizer/080703/UniDistIOcrack.CAB
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C}
(ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O17 -
HKLMSystemCCSServicesTcpip..{84F1F843-2E24-4F03-9373-72E80C825995}:
NameServer = 80.10.246.1 80.10.246.132
O20 - Winlogon Notify: NavLogon - C:WINDOWSSystem32NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner -
C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation -
C:PROGRA~1SYMANT~1SYMANT~1DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. -
C:Program FilesExecutive SoftwareDiskeeperDkService.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:Program
FilesFichiers communsMicrosoft SharedVS7Debugmdm.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) -
Symantec Corporation - C:PROGRA~1SYMANT~1SYMANT~1Rtvscan.exe

mon dieu ! j'ai quand même réussi à télécharger et exécuter le hijackthis
mais je n'ai rien compris, mais rien de rien ; ci-dessous, après votre
message, le contenu du log :
ben avec tout ça, je comprends ké la makina, elle marche po bien... :-)

C:Program FilesWebSiteViewer127036.dlr
à cocher...et supprimer ensuite dossier "C:Program FilesWebSiteViewer"

R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL =
http://searchmiracle.com/sp.php
certainement à cocher...à moins que vous connaissiez...et appréciez... ;-)

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://searchmiracle.com/sp.php
idem...

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
http://searchmiracle.com/sp.php
idem...

R3 - Default URLSearchHook is missing
O1 - Hosts: 66.159.20.80 agreathost.net
O1 - Hosts: 66.159.20.80 www.agreathost.net
O1 - Hosts: 66.159.20.80 hotfreehost.com
O1 - Hosts: 66.159.20.80 www.hotfreehost.com
O1 - Hosts: 66.159.20.80 greatfreehost.com
O1 - Hosts: 66.159.20.80 www.greatfreehost.com
O1 - Hosts: 66.159.20.80 freesmutpages.com
O1 - Hosts: 66.159.20.80 www.freesmutpages.com
O1 - Hosts: 66.159.20.80 apornhost.com
O1 - Hosts: 66.159.20.80 www.apornhost.com
O1 - Hosts: 66.159.20.80 nasty-pages.com
O1 - Hosts: 66.159.20.80 www.nasty-pages.com
O1 - Hosts: 66.159.20.80 sexyfreehost.com
O1 - Hosts: 66.159.20.80 www.sexyfreehost.com
O1 - Hosts: 66.159.20.80 x4web.com
O1 - Hosts: 66.159.20.80 www.x4web.com
O1 - Hosts: 66.159.20.80 sexplanets.com
O1 - Hosts: 66.159.20.80 www.sexplanets.com
O1 - Hosts: 66.159.20.80 maxismut.com
O1 - Hosts: 66.159.20.80 www.maxismut.com
O1 - Hosts: 66.159.20.80 tgpfriendly.com
O1 - Hosts: 66.159.20.80 www.tgpfriendly.com
O1 - Hosts: 66.159.20.80 tgp-server.com
O1 - Hosts: 66.159.20.80 www.tgp-server.com
O1 - Hosts: 66.159.20.80 magnaplza.com
O1 - Hosts: 66.159.20.80 www.magnaplza.com
O1 - Hosts: 66.159.20.80 free-xxx-server.com
O1 - Hosts: 66.159.20.80 www.free-xxx-server.com
O1 - Hosts: 66.159.20.80 libereco.net
O1 - Hosts: 66.159.20.80 www.libereco.net
O1 - Hosts: 66.159.20.80 xxxod.net
O1 - Hosts: 66.159.20.80 www.xxxod.net
O1 - Hosts: 66.159.20.80 altsights.com
O1 - Hosts: 66.159.20.80 www.altsights.com
O1 - Hosts: 66.159.20.80 adulthosting.com
O1 - Hosts: 66.159.20.80 www.adulthosting.com
O1 - Hosts: 66.159.20.80 superhova.com
O1 - Hosts: 66.159.20.80 www.superhova.com
O1 - Hosts: 66.159.20.80 bestpornhost.com
O1 - Hosts: 66.159.20.80 www.bestpornhost.com
O1 - Hosts: 66.159.20.80 hostingfree.com
O1 - Hosts: 66.159.20.80 www.hostingfree.com
O1 - Hosts: 66.159.20.80 xfreehosting.com
O1 - Hosts: 66.159.20.80 www.xfreehosting.com
O1 - Hosts: 66.159.20.80 x-x-x-hosting.com
O1 - Hosts: 66.159.20.80 www.x-x-x-hosting.com
O1 - Hosts: 66.159.20.80 pornparks.com
O1 - Hosts: 66.159.20.80 www.pornparks.com
O1 - Hosts: 66.159.20.80 sexls.com
O1 - Hosts: 66.159.20.80 www.sexls.com
O1 - Hosts: 66.159.20.80 royalfreehost.com
O1 - Hosts: 66.159.20.80 www.royalfreehost.com
O1 - Hosts: 66.159.20.80 pleasuremedia.com
O1 - Hosts: 66.159.20.80 www.pleasuremedia.com
O1 - Hosts: 66.159.20.80 www.mtree.com
O1 - Hosts: 66.159.20.80 mtree.com
O1 - Hosts: 66.159.18.75 www.astalavista.com
O1 - Hosts: 66.159.18.75 astalavista.com
O1 - Hosts: 66.159.20.80 www.dialacom.com
O1 - Hosts: 66.159.20.80 dialacom.com
O1 - Hosts: 66.159.20.80 nocreditcard.com
O1 - Hosts: 66.159.20.80 www.nocreditcard.com
O1 - Hosts: 66.159.20.80 movies-etc.com
O1 - Hosts: 66.159.20.80 www.movies-etc.com
O1 - Hosts: 66.159.20.80 22469.com
O1 - Hosts: 66.159.20.80 3wisp.com
O1 - Hosts: 66.159.20.80 www.glamourmodelsgonebad.com
O1 - Hosts: 66.159.20.80 www.hot-adult-clips.com
O1 - Hosts: 66.159.20.80 www.fantasiegirl.com
O1 - Hosts: 66.159.20.80 allowednet.com
O1 - Hosts: 66.159.20.80 www.freepornofreeporn.com
O1 - Hosts: 66.159.20.80 www.exscapeporn.com
O1 - Hosts: 66.159.20.80 amateurnudephoto.com
O1 - Hosts: 66.159.20.80 amateursgonebad.com
O1 - Hosts: 66.159.20.80 badbimbo.com
O1 - Hosts: 66.159.20.80 beautifulbondage.com
O1 - Hosts: 66.159.20.80 bizshura.com
O1 - Hosts: 66.159.20.80 big-xxx-movies.com
O1 - Hosts: 66.159.20.80 boyanxxx.com
O1 - Hosts: 66.159.20.80 cleanpornhost.com
O1 - Hosts: 66.159.20.80 cyberxxxhost.com
O1 - Hosts: 66.159.20.80 discretesex.com
O1 - Hosts: 66.159.20.80 easythumbs.com
O1 - Hosts: 66.159.20.80 exscapeporn.com
O1 - Hosts: 66.159.20.80 free-freeporn.com
O1 - Hosts: 66.159.20.80 freepornofreeporn.com
O1 - Hosts: 66.159.20.80 glamourmodelsgonebad.com
O1 - Hosts: 66.159.20.80 hot3movie.com
O1 - Hosts: 66.159.20.80 hot-adult-clips.com
O1 - Hosts: 66.159.20.80 hottestbabes.net
O1 - Hosts: 66.159.20.80 huge-cock-big-cock.com
O1 - Hosts: 66.159.20.80 hyperfree.com
O1 - Hosts: 66.159.20.80 inaughty.com
O1 - Hosts: 66.159.20.80 lady-love.com
O1 - Hosts: 66.159.20.80 liquidservers.com
O1 - Hosts: 66.159.20.80 www.hot3movie.com
O1 - Hosts: 66.159.20.80 newsexmovies.com
O1 - Hosts: 66.159.20.80 nohiddenfaces.com
O1 - Hosts: 66.159.20.80 only10s.com
O1 - Hosts: 66.159.20.80 pinkcenterfold.com
O1 - Hosts: 66.159.20.80 sex.com
ben là vous comprendrez tout seul que... ;-)

à cocher

O2 - BHO: (no name) - {00000049-8F91-4D9C-9573-F016E7626484} - (no file)
à cocher

C:WINDOWScerbmod.dll
à cocher !

O4 - HKLM..Run: [sssasasb32] C:WINDOWSsssasasb32.exe
à cocher...virus TROJ_DLOADER.BN

O4 - HKLM..Run: [MsnExplorer] C:WINDOWSshch.exe /i
à cocher...dialer

O4 - HKLM..Run: [WhenUSearch] "C:Program FilesWhenUSearchSearch.exe"
à cocher

O4 - HKLM..Run: [etbrun] C:windowssystem32elitenzh32.exe
à cocher !

O4 - Startup: PowerReg Scheduler.exe
à cocher

O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32msvrl.dll
tout à cocher

O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O15 - Trusted Zone: http://www.aneantis-project.com
O15 - Trusted Zone: www.cometchat.com
O15 - Trusted Zone: www.aneantisboard.free.fr
O15 - Trusted Zone: http://*.laspirale.net
O15 - Trusted Zone: www.laspirale.tk
O15 - Trusted Zone: http://*.laspirale.tk
O15 - Trusted Zone: http://www.softpedia.com
O15 - Trusted Zone: *.softpedia.com
O15 - Trusted Zone: http://webchat.solarisnet.org
tout ces sites sont là de votre choix i supposed...

O16 - DPF: {1B3E3251-658E-4F03-8881-68302FE3CE9E} - file://C:Documents and
Settingsrigal nLocal SettingsTempFCabtmp1214.xms
bof...

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
je doute...

O16 - DPF: {282303DC-1E1F-11D5-89F5-004033D24DB9} (D41221.Module) -
http://srv560.mediapluspro.net/Mediaplus560/Download/412Eb/D41221.CAB
O16 - DPF: {2823043E-1E1F-11D5-89F5-004033D24DB9} (D41223.Module) -
http://srv560.mediapluspro.net/Mediaplus560/Download/412Eb/D41223.CAB
O16 - DPF: {2823047A-1E1F-11D5-89F5-004033D24DB9} (D41224.Module) -
http://srv560.mediapluspro.net/Mediaplus560/Download/412Eb/D41224.CAB
O16 - DPF: {282304D2-1E1F-11D5-89F5-004033D24DB9} (D41226.Module) -
http://srv560.mediapluspro.net/Mediaplus560/Download/412Eb/D41226.CAB
doute encore...

O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) -
http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
là je doute moins... ;-)

à cocher

O16 - DPF: {4E042DE6-8B87-11D3-AE7F-004033D24DBD}
(HtmlHelpViewer.CViewerHtml) -
http://srv560.mediapluspro.net/Mediaplus560/Download/HtmlHelpViewer.CAB
doute toujours...

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/1847c55011bf2462ac18/netzip/RdxIE601_fr.cab
idem

O16 - DPF: {642F50E7-244A-11D5-956E-0040339BF4B0} (Inet1.CInet1) -
http://srv560.mediapluspro.net/Mediaplus560/Download/Inet1.CAB
idem...

O16 - DPF: {9D23DDAA-D04A-4384-8C51-7B226626A14C} (IBarre0.CManag) -
http://srv560.mediapluspro.net/Mediaplus560/Download/ENIBP.CAB
pareil...

O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) -
https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {D34D6048-E232-4889-B08C-AF4AFE87A6F6}
(ENIInetTools.clsManager) -
http://srv560.mediapluspro.net/Mediaplus560/Download/ENIInetTools.CAB
encore...

O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
http://deposito.hostance.net/dialer/1045687.exe
moins de doute là...

à cocher

O16 - DPF: {E4F5143B-E4D9-11D5-8A02-004033D24DB9} (D41016.Module) -
http://srv560.mediapluspro.net/Mediaplus560/Download/410F/D41016.CAB
O16 - DPF: {E4F51484-E4D9-11D5-8A02-004033D24DB9} (D41018.Module) -
http://srv560.mediapluspro.net/Mediaplus560/Download/410F/D41018.CAB
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} -
http://cdn.climaxbucks.com/internet-optimizer/080703/UniDistIOcrack.CAB
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C}
(ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
ben on cocherait bien tout ça...

si d'autres personnes ont des idées...je crois qu'il y a matiere... :-)


--

@+
ERIC
http://ericzworkz.free.fr/wordpress

mon dieu ! j'ai quand même réussi à télécharger et exécuter le hijackthis
mais je n'ai rien compris, mais rien de rien ; ci-dessous, après votre
message, le contenu du log :
ben avec tout ça, je comprends ké la makina, elle marche po bien... :-)

tu m'étonnes !
vive le MSIE: Internet Explorer v6.00 *SP2* (6.00.2900.2180)
et C:Program FilesMicrosoft AntiSpyware*.exe et C:Program
FilesMozilla Firefoxfirefox.exe :-D
y'a encore du boulot...

si d'autres personnes ont des idées...je crois qu'il y a matiere... :-)

oui.
en O4, je dénoncerais bien aussi :

O4 - HKLM..Run: [clfmon] C:WINDOWSclfmon.exe

O4 - HKLM..Run: [bywlmvn] c:windowssystem32bywlmvn.exe

O4 - HKLM..Run: [WhenUSearch] "C:Program FilesWhenUSearchSearch.exe"

O4 - HKLM..Run: [SheduIer] C:WINDOWSnerocheck.exe /i

O4 - HKLM..Run: [TkBellExe] C:WINDOWSNeroCheck.exe /i

O4 - HKLM..Run: [etbrun] C:windowssystem32elitenzh32.exe

O4 - HKLM..Run: [TBllEe] C:WINDOWSrelsd.exe

O4 - HKLM..Run: [ASDPLUGIN] C:WINDOWSsystem32france.exe -N

pour délit de sale gueule :-)

et je virerais aussi tous les O1, O10, O14, O15, O16... comme ça, à la
hache... pour dégarnir un peu...

après... y'a des auto-exécutables récurrents (quoique gentils) mais souvent
inutiles comme les grands classiques :

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [CloneCDTray] "C:Program FilesElaborate
BytesCloneCDCloneCDTray.exe"
O4 - HKLM..Run: [Wanadoo Messager.exe] "C:PROGRA~1WANADO~1Wanadoo
Messager.exe" /background
O4 - HKLM..Run: [CloneCDElbyCDFL] "C:Program FilesElaborate
BytesCloneCDElbyCheck.exe" /L ElbyCDFL
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavajre1.5.0_01binjusched.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOffice10OSA.EXE

qui pourront toujours laisser un peu respirer le CPU, lorsqu'ils ne seront
pas systématiquement autoexecutés...

après les google-toolbar, flash-get... y'a p't'être des petits morceaux de
spy dedans mais bon...

en tout cas des log aussi cochons que ça on en voit pas tous les jours ;-)

@+
--
rm

en tout cas des log aussi cochons que ça on en voit pas tous les jours ;-)
pour sur...

ma reponse n'etait qu'un premier élagage, histoire de virer le
nocif...ensuite, c'est clair qu'il y a de l'inutile... ;-)


--

@+
ERIC
http://ericzworkz.free.fr/wordpress

eric g. wrote:

en tout cas des log aussi cochons que ça on en voit pas tous les
jours ;-)
pour sur...

ma reponse n'etait qu'un premier élagage, histoire de virer le
nocif...ensuite, c'est clair qu'il y a de l'inutile... ;-)

ah ça va quand même déjà mieux
mais j'ai encore des trucs bizarres :
parfois le micro s'arrête, souris en grêve, et le truc s'éteint
j'ai remarqué que c'était quand je lançais le nouvel anti spy de Krosoft
ainsi que le spybot

je n'ai pas trouvé la possibilité de retirer C:Program
FilesWebSiteViewer127036.dlr
je l'ai effacé sauvagement dans l'explorateur, mais il revient régulièrement

il y a encore des trucs mais comme je ne sais pas ce que c'est, je n'ose pas
y toucher

en ce qui concerne le passage :
""""""""""""vive le MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
et C:Program FilesMicrosoft AntiSpyware*.exe et C:Program
FilesMozilla Firefoxfirefox.exe
y'a encore du boulot""""""""""""""""""""""
puis-je savoir si c de l'humour ? car j'utilise les trois........

En tous cas, j'espère que tout ça ne m'arrivera plus (je suis à deux pas de
la soixantaine, la seule à utiliser le pc !)

quel logiciel utiliser pour éviter ce genre d'invasion ?

merci pour tout
je me permets de copier ci-dessous la dernière bouille hijack :

Logfile of HijackThis v1.99.1
Scan saved at 15:41:11, on 28/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32Ati2evxx.exe
C:PROGRA~1SYMANT~1SYMANT~1DefWatch.exe
C:Program FilesExecutive SoftwareDiskeeperDkService.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32atiptaxx.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesLaunch ManagerWbutton.exe
C:Program FilesLaunch ManagerLaunchAp.exe
C:Program FilesLaunch ManagerHotkeyApp.exe
C:Program FilesLaunch ManagerCtrlVol.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb04.exe
C:PROGRA~1WanadooCnxMon.exe
C:Program FilesAlcatelSpeedTouch USBDragdiag.exe
C:PROGRA~1WanadooTaskbarIcon.exe
D:Program FilesHighCriteriaTotalRecorderTotRecSched.exe
C:Program FilesNetPumperNetPumperIEProxy.exe
D:Program FilesSlySoftAnyDVDAnyDVD.exe
C:Program FilesMedia Player ClassicRealPlay.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesWebrootWasherwwDisp.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesNikonNkView4NkVwMon.exe
C:Program FilesMicrosoft OfficeOffice10msoffice.exe
G:downloadHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
http://www.wanadoo.fr/go/page_recherche/
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.wanadoo.fr
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://www.wanadoo.fr
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak =
http://www.fr.yahoo.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Wanadoo
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:PROGRA~1FlashGetjccatch.dll
O4 - HKLM..Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM..Run: [AtiPTA] atiptaxx.exe
O4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [Wbutton] "C:Program FilesLaunch ManagerWbutton.exe"
O4 - HKLM..Run: [Microsoft Works Portfolio] C:Program FilesMicrosoft
WorksWksSb.exe /AllUsers
O4 - HKLM..Run: [LaunchAp] C:Program FilesLaunch ManagerLaunchAp.exe
O4 - HKLM..Run: [HotkeyApp] C:Program FilesLaunch ManagerHotkeyApp.exe
O4 - HKLM..Run: [CtrlVol] C:Program FilesLaunch ManagerCtrlVol.exe
O4 - HKLM..Run: [HPDJ Taskbar Utility]
C:WINDOWSSystem32spooldriversw32x863hpztsb04.exe
O4 - HKLM..Run: [CheckMedi8or] D:Program FilesMediator6CheckNewUser.exe
O4 - HKLM..Run: [OoPDFSettingsv6.exe] D:Program FilesOFFICE
One6.0OFFICE One PDF Manager SEOoPDFSettingsv6.exe
O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1WanadooCnxMon.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program
FilesAlcatelSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1WanadooWatch.exe
O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1WanadooTaskbarIcon.exe
O4 - HKLM..Run: [TotalRecorderScheduler] "d:Program
FilesHighCriteriaTotalRecorderTotRecSched.exe"
O4 - HKLM..Run: [NetPumper] "C:Program
FilesNetPumperNetPumperIEProxy.exe"
O4 - HKLM..Run: [AnyDVD] D:Program FilesSlySoftAnyDVDAnyDVD.exe
O4 - HKLM..Run: [RealTray] C:Program FilesMedia Player
ClassicRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft
AntiSpywaregcasServ.exe"
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash
/minimized
O4 - HKCU..Run: [Window Washer] C:Program FilesWebrootWasherwwDisp.exe
O4 - HKCU..Run: [WanadooVisio] C:Program FilesWanadoo
visioBinPlayerPVGP.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOffice10OSA.EXE
O4 - Global Startup: NkVwMon.exe.lnk = C:Program
FilesNikonNkView4NkVwMon.exe
O8 - Extra context menu item: &Google Search - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Download with NetPumper - C:Program
FilesNetPumperAddUrl.htm
O8 - Extra context menu item: Download with Star Downloader - C:Program
FilesStar Downloadersdie.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~4Office10EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet -
C:Program FilesFlashGetjc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:Program
FilesFlashGetjc_link.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le
cache Google - res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
G:FRONTP~1OFFICE11REFIEBAR.DLL (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:PROGRA~1FlashGetflashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O15 - Trusted Zone: http://www.aneantis-project.com
O15 - Trusted Zone: www.aneantisboard.free.fr
O15 - Trusted Zone: http://*.laspirale.net
O15 - Trusted Zone: www.laspirale.tk
O15 - Trusted Zone: http://*.laspirale.tk
O15 - Trusted Zone: http://webchat.solarisnet.org
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM
ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid6467&clcid=0x409
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akamai.net/7/1540/52/20030625/qtinstall.info.apple.com/abarth/fr/win/QuickTimeInstaller.exe
O20 - Winlogon Notify: NavLogon - C:WINDOWSSystem32NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner -
C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation -
C:PROGRA~1SYMANT~1SYMANT~1DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. -
C:Program FilesExecutive SoftwareDiskeeperDkService.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:Program
FilesFichiers communsMicrosoft SharedVS7Debugmdm.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) -
Symantec Corporation - C:PROGRA~1SYMANT~1SYMANT~1Rtvscan.exe




begin 666 biggrin.gif
M1TE&.#EA#P`/`*(``/___[V]O5G_R&.$_P```````````````"'Y! D```$`
M+ `````/```0 A=``,(%$B@8,&!! 40``!@(4.'!!0&B!A1H46+! 96-%A0
M@$2-'D.*S#A1(<>3%$LN=-BPX4>$)Q'"K!CR($B3-3>6%,DSI*'#%NZ[ @Q
1*$2)&UEV?#F1ID>;`0("`#L`
`
end

eric g. wrote:

en tout cas des log aussi cochons que ça on en voit pas tous les
jours ;-)

pour sur...
ma reponse n'etait qu'un premier élagage, histoire de virer le
nocif...ensuite, c'est clair qu'il y a de l'inutile... ;-)

ah ça va quand même déjà mieux
mais j'ai encore des trucs bizarres :
parfois le micro s'arrête, souris en grêve, et le truc s'éteint
j'ai remarqué que c'était quand je lançais le nouvel anti spy de Krosoft
ainsi que le spybot...................
Bonjour:

copier-coller l'analyse de Hijack sur http://hijackthis.de/index.php
A mon avis ne pas faire coexister spybot avec teatimer activé et
l'antispy de M$.
Refaire un scan en ligne avec secuser mais en mode sans échec.
Bonne journée ;-)

je n'ai pas trouvé la possibilité de retirer C:Program
FilesWebSiteViewer127036.dlr
je l'ai effacé sauvagement dans l'explorateur, mais il revient régulièrement
à effacer en mode sans echec...j'avais oublié d'indiquer ce detail...

il y a encore des trucs mais comme je ne sais pas ce que c'est, je n'ose pas
y toucher
quoi t'est-ce qui revient...?

--

@+
ERIC
http://ericzworkz.free.fr/wordpress

eric g. wrote:

je n'ai pas trouvé la possibilité de retirer C:Program
FilesWebSiteViewer127036.dlr
je l'ai effacé sauvagement dans l'explorateur, mais il revient
régulièrement
à effacer en mode sans echec...j'avais oublié d'indiquer ce detail...

il y a encore des trucs mais comme je ne sais pas ce que c'est, je
n'ose pas y toucher
quoi t'est-ce qui revient...?

le 127036
enfin pour le moment ça baigne et je ne reconnais plus mon micro ni ma
connexion ! mon adsl à 512 était moins rapide qu'un modem analogique
souffreteux de 16,6 kb/s !

elle est sympa l'adresse de Mr Martin à propos de hijackthis

merci (j'espère ne pas avoir de mauvaises surprises en rallumant l'engin
demain car finalement je me suis fâchée et je vais peut-être regretter
d'avoir trop effacé .... !)