J'ai une icone qui clignite dans la barre de tâches en bas à droite de l'écran et qui m'envoie toutes les qq min le message 'your computer is infected...' et si je click dessus cela m'envoie sur la page 'falcon' pour me proposer d'acheter l'antivirus correspondant.
J'ai essayé les scans avec viruskeeper / spybot / ad-aware / a-squared / ewindo / puis fait ccleaner, rien à faire je l'ai toujours.
Quelqu'un sait-il comment s'en débarasser ?
Merci d'avance.
Logfile of HijackThis v1.99.1
Scan saved at 22:46:17, on 08/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\WINDOWS\System32\Atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AxBx\VirusKeeper 2006 Pro Evaluation\VirusKeeper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AxBx\VirusKeeper 2006 Pro Evaluation\vk_scanprocess.exe
C:\Documents and Settings\MR ANDRE\Mes documents\ANDRE Frank\Diagnostiques\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=hc
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=hc
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://s-redirect.com/?a=2&b=hc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msaps.dll/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=hc
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = ,
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=hc
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=hc
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {FDE3577A-6254-181C-4E11-339E4F746BD3} - (no file)
F2 - REG:system.ini: UserInit=Userinit.exe,TGBRFV_
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hpAD87.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2006 Pro Evaluation\VirusKeeper.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {5CA8D349-C6E7-11D4-8166-009027DF3BB2} (France Telecom MDDK ActiveX Control) - http://accueil.ava.serveur-ava.com/stkid_data/ocx/mDKid.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D37263F-C958-4012-AE7E-3A062997F8B4}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{84882493-E5EC-4972-ACE5-566F41523A68}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CB78028-636C-4054-8678-2134519C9F63}: NameServer = 85.255.115.45,85.255.112.144
O19 - User stylesheet: (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
Bootmgr is missing
