titeuf du 69

re voila les deux log a plus ------------------------------------------------------------------------------ 23:16: Removal process completed. Elapsed time 00:01:16 23:16: Quarantining All Traces: adviva cookie 23:16: Quarantining All Traces: about cookie 23:16: Quarantining All Traces: webtrendslive cookie 23:16: Quarantining All Traces: comclick cookie 23:16: Quarantining All Traces: 247realmedia cookie 23:16: Quarantining All Traces: atlas dmt cookie 23:16: Quarantining All Traces: specificclick.com cookie 23:16: Quarantining All Traces: statcounter cookie 23:16: Quarantining All Traces: starware.com cookie 23:16: Quarantining All Traces: directtrack cookie 23:16: Quarantining All Traces: tribalfusion cookie 23:16: Quarantining All Traces: casalemedia cookie 23:16: Quarantining All Traces: metriweb.be cookie 23:16: Quarantining All Traces: fe.lea.lycos.com cookie 23:16: Quarantining All Traces: redsheriff cookies 23:16: Quarantining All Traces: zedo cookie 23:16: Quarantining All Traces: tradedoubler cookie 23:16: Quarantining All Traces: infospace cookie 23:16: Quarantining All Traces: mediaplex cookie 23:16: Quarantining All Traces: overture cookie 23:16: Quarantining All Traces: yieldmanager cookie 23:16: Quarantining All Traces: advertising cookie 23:16: Quarantining All Traces: bluestreak cookie 23:16: Quarantining All Traces: xiti cookie 23:16: Quarantining All Traces: weborama cookie 23:16: Quarantining All Traces: serving-sys cookie 23:15: Quarantining All Traces: questionmarket cookie 23:15: Quarantining All Traces: bs.serving-sys cookie 23:15: Quarantining All Traces: adtech cookie 23:15: Quarantining All Traces: pointroll cookie 23:15: Quarantining All Traces: 2o7.net cookie 23:15: Quarantining All Traces: trojan-phisher-bankerant 23:15: Quarantining All Traces: hotbar/zango 23:15: Removal process initiated 23:14: Traces Found: 110 23:14: Full Sweep has completed. Elapsed time 00:25:29 23:14: File Sweep Complete, Elapsed Time: 00:23:51 23:08: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned. 23:08: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned. 22:50: Starting File Sweep 22:50: Cookie Sweep Complete, Elapsed Time: 00:00:03 22:50: cookies.txt (ID = 1958) 22:50: cookies.txt (ID = 3217) 22:50: cookies.txt (ID = 3217) 22:50: cookies.txt (ID = 3217) 22:50: cookies.txt (ID = 3217) 22:50: cookies.txt (ID = 3217) 22:50: cookies.txt (ID = 3217) 22:50: cookies.txt (ID = 2177) 22:50: Found Spy Cookie: adviva cookie 22:50: cookies.txt (ID = 2037) 22:50: cookies.txt (ID = 2037) 22:50: Found Spy Cookie: about cookie 22:50: cookies.txt (ID = 3667) 22:50: Found Spy Cookie: webtrendslive cookie 22:50: cookies.txt (ID = 2450) 22:50: cookies.txt (ID = 2450) 22:50: cookies.txt (ID = 2450) 22:50: Found Spy Cookie: comclick cookie 22:50: cookies.txt (ID = 1953) 22:50: cookies.txt (ID = 1953) 22:50: cookies.txt (ID = 1953) 22:50: cookies.txt (ID = 1953) 22:50: Found Spy Cookie: 247realmedia cookie 22:50: cookies.txt (ID = 2253) 22:50: Found Spy Cookie: atlas dmt cookie 22:50: cookies.txt (ID = 3399) 22:50: cookies.txt (ID = 3447) 22:50: cookies.txt (ID = 3399) 22:50: cookies.txt (ID = 3399) 22:50: cookies.txt (ID = 3399) 22:50: Found Spy Cookie: specificclick.com cookie 22:50: cookies.txt (ID = 3447) 22:50: Found Spy Cookie: statcounter cookie 22:50: cookies.txt (ID = 3442) 22:50: cookies.txt (ID = 3442) 22:50: cookies.txt (ID = 3442) 22:50: cookies.txt (ID = 3442) 22:50: Found Spy Cookie: starware.com cookie 22:50: cookies.txt (ID = 3659) 22:50: cookies.txt (ID = 2528) 22:50: cookies.txt (ID = 2527) 22:50: cookies.txt (ID = 2528) 22:50: cookies.txt (ID = 2527) 22:50: Found Spy Cookie: directtrack cookie 22:50: cookies.txt (ID = 2354) 22:50: cookies.txt (ID = 2354) 22:50: cookies.txt (ID = 2354) 22:50: cookies.txt (ID = 3589) 22:50: Found Spy Cookie: tribalfusion cookie 22:50: cookies.txt (ID = 2354) 22:50: Found Spy Cookie: casalemedia cookie 22:50: cookies.txt (ID = 1958) 22:50: cookies.txt (ID = 2155) 22:50: cookies.txt (ID = 2155) 22:50: cookies.txt (ID = 3658) 22:50: cookies.txt (ID = 3658) 22:50: cookies.txt (ID = 3658) 22:50: cookies.txt (ID = 2992) 22:50: Found Spy Cookie: metriweb.be cookie 22:50: cookies.txt (ID = 1957) 22:50: cookies.txt (ID = 1957) 22:50: cookies.txt (ID = 1957) 22:50: cookies.txt (ID = 1957) 22:50: cookies.txt (ID = 1957) 22:50: cookies.txt (ID = 1957) 22:50: cookies.txt (ID = 1957) 22:50: cookies.txt (ID = 1957) 22:50: cookies.txt (ID = 1957) 22:50: cookies.txt (ID = 1957) 22:50: cookies.txt (ID = 1957) 22:50: cookies.txt (ID = 1957) 22:50: cookies.txt (ID = 1957) 22:50: cookies.txt (ID = 1957) 22:50: cookies.txt (ID = 2660) 22:50: Found Spy Cookie: fe.lea.lycos.com cookie 22:50: cookies.txt (ID = 2845) 22:50: cookies.txt (ID = 2845) 22:50: Found Spy Cookie: redsheriff cookies 22:50: cookies.txt (ID = 2315) 22:50: cookies.txt (ID = 3762) 22:50: cookies.txt (ID = 3762) 22:50: cookies.txt (ID = 3762) 22:50: cookies.txt (ID = 3762) 22:50: cookies.txt (ID = 3762) 22:50: cookies.txt (ID = 3762) 22:50: cookies.txt (ID = 3762) 22:50: Found Spy Cookie: zedo cookie 22:50: cookies.txt (ID = 3575) 22:50: cookies.txt (ID = 3575) 22:50: cookies.txt (ID = 3575) 22:50: cookies.txt (ID = 3575) 22:50: Found Spy Cookie: tradedoubler cookie 22:50: cookies.txt (ID = 2865) 22:50: Found Spy Cookie: infospace cookie 22:50: cookies.txt (ID = 6442) 22:50: cookies.txt (ID = 6442) 22:50: Found Spy Cookie: mediaplex cookie 22:50: cookies.txt (ID = 2330) 22:50: cookies.txt (ID = 3343) 22:50: cookies.txt (ID = 3343) 22:50: cookies.txt (ID = 3343) 22:50: cookies.txt (ID = 3343) 22:50: cookies.txt (ID = 3343) 22:50: cookies.txt (ID = 3343) 22:50: cookies.txt (ID = 3105) 22:50: cookies.txt (ID = 3105) 22:50: Found Spy Cookie: overture cookie 22:50: cookies.txt (ID = 3751) 22:50: cookies.txt (ID = 3751) 22:50: cookies.txt (ID = 3751) 22:50: cookies.txt (ID = 3751) 22:50: cookies.txt (ID = 3751) 22:50: cookies.txt (ID = 3751) 22:50: Found Spy Cookie: yieldmanager cookie 22:50: cookies.txt (ID = 2175) 22:50: cookies.txt (ID = 2175) 22:50: cookies.txt (ID = 2175) 22:50: cookies.txt (ID = 2175) 22:50: Found Spy Cookie: advertising cookie 22:50: cookies.txt (ID = 2314) 22:50: Found Spy Cookie: bluestreak cookie 22:50: cookies.txt (ID = 3717) 22:50: christophe@xiti[1].txt (ID = 3717) 22:50: Found Spy Cookie: xiti cookie 22:50: christophe@weborama[1].txt (ID = 3658) 22:50: Found Spy Cookie: weborama cookie 22:50: christophe@serving-sys[2].txt (ID = 3343) 22:50: Found Spy Cookie: serving-sys cookie 22:50: christophe@questionmarket[1].txt (ID = 3217) 22:50: Found Spy Cookie: questionmarket cookie 22:50: christophe@msnportal.112.2o7[1].txt (ID = 1958) 22:50: christophe@bs.serving-sys[2].txt (ID = 2330) 22:50: Found Spy Cookie: bs.serving-sys cookie 22:50: christophe@adtech[2].txt (ID = 2155) 22:50: Found Spy Cookie: adtech cookie 22:50: christophe@ads.pointroll[1].txt (ID = 3148) 22:50: Found Spy Cookie: pointroll cookie 22:50: christophe@2o7[1].txt (ID = 1957) 22:50: Found Spy Cookie: 2o7.net cookie 22:50: Starting Cookie Sweep 22:50: Registry Sweep Complete, Elapsed Time:00:01:21 22:50: HKU\WRSS_Profile_S-1-5-21-2752264243-2423070714-1028983887-1006\frmprincipal\ (ID = 1100582) 22:50: Found Trojan Horse: trojan-phisher-bankerant 22:50: HKU\WRSS_Profile_S-1-5-21-2752264243-2423070714-1028983887-1006\software\microsoft\internet explorer\toolbar\shellbrowser\ || {74cc49f7-eb32-4a08-b204-948962a6e3db} (ID = 685412) 22:50: Found Adware: hotbar/zango 22:50: Memory Sweep Complete, Elapsed Time: 00:00:00 22:50: Starting Registry Sweep 22:49: Starting Memory Sweep 22:49: Sweep initiated using definitions version 934 22:49: Spy Sweeper 5.5.1.3354 started 22:49: | Start of Session, mardi 19 juin 2007 | *************** 22:48: Program Version 5.5.1.3354 Using Spyware Definitions 934 22:48: Spy Sweeper 5.5.1.3354 started 22:48: | Start of Session, mardi 19 juin 2007 | -------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 23:30:02, on 19/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\VM303_STI.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\WinZip 8.1 Fr\WZQKPICK.EXE C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [bigDog303] "C:\WINDOWS\VM303_STI.EXE" VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Documents and Settings\christophe\Mes documents\PHOTOS FAMILLE MOUCHONNAT\Extrafilm FotoFacil\Agent.exe" O4 - HKLM\..\Run: [inCD] "C:\Program Files\Ahead\InCD\InCD.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - Startup: Alertes uefa.com.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip 8.1 Fr\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{78081BA9-09C8-4204-95EB-6245053D578B}: NameServer = 212.27.54.252,212.27.54.253 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

salut et voila le rapport @+ Clean Navipromo version 2.0.3 commencé le 19/06/2007 à 21:56:49,54 Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO Mode suppression automatique avec prise en charge résultats Blacklight *** Creation backups fichiers trouvés par Blacklight *** Copie vers "C:\Program Files\navilog1\Backupnavi" *** Suppression des fichiers trouvés avec Blacklight *** c:\WINDOWS\system32\kewhrjqqml.dat supprimé ! C:\WINDOWS\system32\kewhrjqqml.exe supprimé ! c:\WINDOWS\system32\kewhrjqqml_nav.dat supprimé ! c:\WINDOWS\system32\kewhrjqqml_navps.dat supprimé ! ** 2ème passage ** C:\WINDOWS\system32\kewhrjqqml.exe absent ! C:\WINDOWS\system32\kewhrjqqml.dat absent ! C:\WINDOWS\system32\kewhrjqqml_nav.dat absent ! C:\WINDOWS\system32\kewhrjqqml_navps.dat absent ! C:\WINDOWS\system32\kewhrjqqml_navup.dat absent ! C:\WINDOWS\system32\kewhrjqqml_navtmp.dat absent ! C:\WINDOWS\system32\kewhrjqqml_m2s.xml absent ! C:\WINDOWS\prefetch\kewhrjqqml*.pf trouvé ! Copie C:\WINDOWS\prefetch\kewhrjqqml*.pf réalise avec succes ! C:\WINDOWS\prefetch\kewhrjqqml*.pf supprimé ! *** Suppression dossiers dans C:\WINDOWS *** *** Suppression dossiers dans C:\Program Files *** C:\Program Files\InternetGameBox ...suppression... C:\Program Files\InternetGameBox supprimé ! *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Suppression dossiers dans C:\Documents and Settings\christophe\Application Data *** *** Suppression fichiers *** C:\WINDOWS\pack.epk supprimé ! C:\WINDOWS\system32\nvs2.inf supprimé ! C:\WINDOWS\INTERNETGAMEBOX.EXE-151FE1D3.pf supprimé ! C:\WINDOWS\INTERNETGAMEBOX_SETUP.EXE-2F73EE33.pf supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\christophe\Local Settings\Temp effectué ! *** Sauvegarde du registre vers dossier Backupnavi*** sauvegarde du registre réalise avec succes ! *** Nettoyage registre *** Nettoyage registre Ok *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche et Suppression Heuristique : * ** *** **** ***** ****** ******* ******** 3)Contrôle présence clés Rootkit dans le registre : Aucune autre clés présente dans le registre ! *** Nettoyage termine le 19/06/2007 à 21:58:56,14 ***

et voila le rapport merci @+ Search Navipromo version 2.0.3 commencé le 19/06/2007 à 21:00:27,68 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** InternetGameBox *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** C:\Program Files\InternetGameBox trouvé ! *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\christophe\Application Data *** *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html Fichier(s) caché(s) dans C:\WINDOWS\system32 : c:\WINDOWS\system32\kewhrjqqml.dat C:\WINDOWS\system32\kewhrjqqml.exe c:\WINDOWS\system32\kewhrjqqml_nav.dat c:\WINDOWS\system32\kewhrjqqml_navps.dat Processus caché(s) dans C:\WINDOWS\system32 : C:\WINDOWS\system32\kewhrjqqml.exe *** Recherche fichiers *** C:\WINDOWS\pack.epk trouvé ! C:\WINDOWS\system32\nvs2.inf trouvé ! C:\WINDOWS\prefetch\INTERNETGAMEBOX.EXE-151FE1D3.pf trouvé ! C:\WINDOWS\prefetch\INTERNETGAMEBOX_SETUP.EXE-2F73EE33.pf trouvé ! *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : * C:\WINDOWS\system32\kewhrjqqml.dat trouvé ! ** C:\WINDOWS\system32\kewhrjqqml.dat trouvé ! *** **** C:\WINDOWS\system32\kewhrjqqml_navps.dat trouvé ! ***** ****** ******* ******** *** Analyse Terminé le 19/06/2007 à 21:11:24,12 ***

salut alors les pop c'est surtout spyware secure et des pages de voyances et de cazino et de la pub!!! Logfile of HijackThis v1.99.1 Scan saved at 17:32:54, on 19/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\VM303_STI.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\WinZip 8.1 Fr\WZQKPICK.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Documents and Settings\christophe\Mes documents\PHOTOS FAMILLE MOUCHONNAT\Extrafilm FotoFacil\Agent.exe" O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - Startup: Alertes uefa.com.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip 8.1 Fr\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{78081BA9-09C8-4204-95EB-6245053D578B}: NameServer = 212.27.54.252,212.27.54.253 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

salut , problème avec mon Pc qui rame a mort et des pages de pub s'ouvre fréquement ! merci pour votre aide ! titeuf