Aller au contenu
mimi_01

j'ai été infecté par winantivirus pro 2006

Messages recommandés

merci de bien vouloir m'aider, mon pc a été infecté par winantivirus pro 2006 et j'ai effectué une analyse hijackThis ke voici:

 

Logfile of HijackThis v1.99.1

Scan saved at 00:09:05, on 28/05/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\SYSTEM32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\Explorer.EXE

D:\avast! antivirus\aswUpdSv.exe

D:\avast! antivirus\ashServ.exe

E:\Program Files\HP\HP Software Update\HPWuSchd2.exe

D:\AVAST!~1\ashDisp.exe

E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

E:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

E:\PROGRA~1\WANADOO\TaskBarIcon.exe

E:\Program Files\Macrogaming\SweetIM\SweetIM.exe

E:\Program Files\QuickTime\qttask.exe

E:\Program Files\HbTools\Bin\4.7.7.0\HbtWeatherOnTray.exe

E:\Program Files\HbTools\Bin\4.7.7.0\HbtOEAddOn.exe

E:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

E:\WINDOWS\system32\drivers\CDAC11BA.EXE

E:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

E:\WINDOWS\system32\HPZipm12.exe

E:\WINDOWS\system32\slserv.exe

E:\WINDOWS\System32\snmp.exe

E:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

D:\avast! antivirus\ashMaiSv.exe

D:\avast! antivirus\ashWebSv.exe

E:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\Program Files\HbTools\Bin\4.7.7.0\HbtSrv.exe

E:\Program Files\Yahoo!\Messenger\YPager.exe

E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.tn/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Servi...omeLeftPane.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo / Internet avec Planet Tunisie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - E:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - E:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - E:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - E:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - E:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - E:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - E:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)

O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - E:\Program Files\HbTools\Bin\4.7.7.0\HbtHostIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - E:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - E:\Program Files\HbTools\Bin\4.7.7.0\HbtHostIE.dll

O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast!] D:\AVAST!~1\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WOOWATCH] E:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] E:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] E:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [sweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [P2P Networking] E:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [WeatherOnTray] E:\Program Files\HbTools\Bin\4.7.7.0\HbtWeatherOnTray.exe

O4 - HKLM\..\Run: [HbTools] E:\Program Files\HbTools\Bin\4.7.7.0\HbtOEAddOn.exe

O4 - HKLM\..\Run: [uxpxrkwz] E:\WINDOWS\system32\ukvuiupm.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - Global Startup: DSLMON.lnk = E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: MyWebSearch Email Plugin.lnk = E:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - E:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll

O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - E:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://E:\Program Files\ACAD2000\AcDcToday.ocx

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://E:\Program Files\ACAD2000\InstBanr.ocx

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://E:\Program Files\ACAD2000\InstFred.ocx

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://E:\Program Files\ACAD2000\AcPreview.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{F88564EB-928A-4DF2-A959-D42B9DE1BCD1}: NameServer = 193.95.122.40 193.95.93.77

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - E:\PROGRA~1\RXTOOL~1\sfcont.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\avast! antivirus\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\avast! antivirus\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\avast! antivirus\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\avast! antivirus\ashWebSv.exe" /service (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - E:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: C-DillaSrv - C-Dilla Ltd - E:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - E:\WINDOWS\SYSTEM32\slserv.exe

 

merci de m'aider

a+

Partager ce message


Lien à poster
Partager sur d’autres sites

merci pour m'avoir si vite répondu, j'ai essayé de suivre le plus fidèlement possible la procédure et voilà le nouveau rapport de HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 14:43:23, on 28/05/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\SYSTEM32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\Explorer.EXE

D:\avast! antivirus\aswUpdSv.exe

D:\avast! antivirus\ashServ.exe

E:\Program Files\HP\HP Software Update\HPWuSchd2.exe

D:\AVAST!~1\ashDisp.exe

E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

E:\PROGRA~1\WANADOO\TaskBarIcon.exe

E:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

E:\Program Files\Macrogaming\SweetIM\SweetIM.exe

E:\Program Files\QuickTime\qttask.exe

E:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

E:\WINDOWS\system32\drivers\CDAC11BA.EXE

E:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

E:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

E:\WINDOWS\system32\HPZipm12.exe

E:\WINDOWS\system32\slserv.exe

E:\WINDOWS\System32\snmp.exe

D:\avast! antivirus\ashMaiSv.exe

D:\avast! antivirus\ashWebSv.exe

E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.tn/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo / Internet avec Planet Tunisie

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - E:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - E:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - E:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - E:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - E:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - E:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - E:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast!] D:\AVAST!~1\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WOOWATCH] E:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] E:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] E:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [sweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [P2P Networking] E:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - Global Startup: DSLMON.lnk = E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: MyWebSearch Email Plugin.lnk = E:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://E:\Program Files\ACAD2000\AcDcToday.ocx

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://E:\Program Files\ACAD2000\InstBanr.ocx

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://E:\Program Files\ACAD2000\InstFred.ocx

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://E:\Program Files\ACAD2000\AcPreview.ocx

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - E:\PROGRA~1\RXTOOL~1\sfcont.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\avast! antivirus\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\avast! antivirus\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\avast! antivirus\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\avast! antivirus\ashWebSv.exe" /service (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - E:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: C-DillaSrv - C-Dilla Ltd - E:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - E:\WINDOWS\SYSTEM32\slserv.exe

Partager ce message


Lien à poster
Partager sur d’autres sites

Bonjour mimi_01,

 

 

1)télécharge ewido :

 

http://www.ewido.net/en/download/

 

installes le, met le à jour (ne scan pas pour l'instant)

(Important: pendant l'installation, sur la page "Additional Options" décoche les deux options "Install background guard" et "Install scan via context menu").

 

 

2)relance hijackthis, coche les lignes citées ci dessous et fix checked (toutes fenêtres IE fermées) :

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - E:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - E:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - E:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - E:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] E:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [P2P Networking] E:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - Global Startup: MyWebSearch Email Plugin.lnk = E:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - E:\PROGRA~1\RXTOOL~1\sfcont.dll

 

 

3)redémarre en mode sans échec,

 

info ici :

 

http://service1.symantec.com/support/inter...020905112131924

 

4)recherche et supprimes les fichiers/dossiers en gras ci dessous :

 

E:\Program Files\MyWebSearch

E:\PROGRA~1\RXTOOL~1

E:\WINDOWS\system32\P2P Networking

 

 

5)toujours en mode sans échec lance le scan ewido

 

6)Durant le scan, installe correctement hijackthis

 

info ici :

 

Tutorial

http://sitethemacs.free.fr/aide_enregistre...e_hijackthi.htm

Démo en image

http://pageperso.aol.fr/balltrap34/demohijack.htm

 

7)redémarre normalement, poste un nouveau rapport hijackthis, ainsi que le rapport ewido.

 

PS: Est ce toi qui a installé l'add on SweetIM pour MSN messenger.

 

a+

Partager ce message


Lien à poster
Partager sur d’autres sites

voici le nouveau rapport de HijackThisLogfile of HijackThis v1.99.1

Scan saved at 20:47:48, on 28/05/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\SYSTEM32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\Explorer.EXE

D:\avast! antivirus\aswUpdSv.exe

D:\avast! antivirus\ashServ.exe

E:\Program Files\HP\HP Software Update\HPWuSchd2.exe

D:\AVAST!~1\ashDisp.exe

E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

E:\PROGRA~1\WANADOO\TaskBarIcon.exe

E:\Program Files\QuickTime\qttask.exe

E:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

E:\WINDOWS\system32\drivers\CDAC11BA.EXE

E:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

E:\Program Files\ewido anti-malware\ewidoctrl.exe

E:\Program Files\WinZip\WZQKPICK.EXE

E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

E:\WINDOWS\system32\HPZipm12.exe

E:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

E:\WINDOWS\system32\slserv.exe

E:\WINDOWS\System32\snmp.exe

D:\avast! antivirus\ashMaiSv.exe

D:\avast! antivirus\ashWebSv.exe

E:\WINDOWS\system32\wuauclt.exe

E:\Documents and Settings\Administrateur\Mes documents\Unzipped\hijackthiss\HijackThis.exe

E:\WINDOWS\system32\NOTEPAD.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.zebulon.fr/index.php?showforum=51

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo / Internet avec Planet Tunisie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - E:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - E:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - E:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast!] D:\AVAST!~1\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WOOWATCH] E:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] E:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [sweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - Global Startup: DSLMON.lnk = E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://E:\Program Files\ACAD2000\AcDcToday.ocx

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://E:\Program Files\ACAD2000\InstBanr.ocx

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://E:\Program Files\ACAD2000\InstFred.ocx

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://E:\Program Files\ACAD2000\AcPreview.ocx

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\avast! antivirus\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\avast! antivirus\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\avast! antivirus\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\avast! antivirus\ashWebSv.exe" /service (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - E:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: C-DillaSrv - C-Dilla Ltd - E:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - E:\WINDOWS\SYSTEM32\slserv.exe

Partager ce message


Lien à poster
Partager sur d’autres sites

re...

 

voici le rapport de kaspersky

 

 

KASPERSKY ON-LINE SCANNER REPORT

Monday, May 29, 2006 12:13:44 AM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky On-line Scanner version: 5.0.78.0

Kaspersky Anti-Virus database last update: 28/05/2006

Kaspersky Anti-Virus database records: 185030

 

 

Scan Settings

Scan using the following antivirus database standard

Scan Archives true

Scan Mail Bases true

 

Scan Target My Computer

A:\

C:\

D:\

E:\

F:\

G:\

 

Scan Statistics

Total number of scanned objects 96533

Number of viruses found 1

Number of infected objects 1

Number of suspicious objects 0

Duration of the scan process 01:43:28

 

Infected Object Name Virus Name Last Action

E:\Documents and Settings\MIMI\Local Settings\Temporary Internet Files\Content.IE5\8HUVO9EN\ishow1[2].htm Infected: Worm.Win32.Feebs.gen skipped

 

Scan process completed.

Partager ce message


Lien à poster
Partager sur d’autres sites

Créer un compte ou se connecter pour commenter

Vous devez être membre afin de pouvoir déposer un commentaire

Créer un compte

Créez un compte sur notre communauté. C’est facile !

Créer un nouveau compte

Se connecter

Vous avez déjà un compte ? Connectez-vous ici.

Connectez-vous maintenant

×