SVP pc infeté

[titeuf du 69]

salut ,

problème avec mon Pc qui rame a mort et des pages de pub s'ouvre fréquement !

 

merci pour votre aide

!

 

titeuf

[regis56]

Salut !

 

des pop qui disent quoi ?

 

- Télécharge HijackThis de Merijn sur ton bureau.

http://www.merijn.org/files/hijackthis.zip

 

- Génère un rapport en suivant ces indications :

- Double-clic sur hijackthis.exe

- Exécute le et clique sur Do a scan and save log file.

- Le rapport s'ouvre sur leBloc-Note

- Colle le rapport ici, pour cela :

- Menu Edition / Selectionner Tout

- Menu Edition / copier

- Ici dans un nouveau message : clic droit / coller

Aide : N'hésite pas à consulter l'aide HijackThis -

http://www.malekal.com/tutorial_HijackThis.html

 

A plus.

[titeuf du 69]

salut

 

alors les pop c'est surtout spyware secure et des pages de voyances et de cazino

 

et de la pub!!!

 

Logfile of HijackThis v1.99.1

Scan saved at 17:32:54, on 19/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\VM303_STI.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nikon\NkView6\NkvMon.exe

C:\Program Files\WinZip 8.1 Fr\WZQKPICK.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Documents and Settings\christophe\Mes documents\PHOTOS FAMILLE MOUCHONNAT\Extrafilm FotoFacil\Agent.exe"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - Startup: Alertes uefa.com.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip 8.1 Fr\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{78081BA9-09C8-4204-95EB-6245053D578B}: NameServer = 212.27.54.252,212.27.54.253

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

[regis56]

Salut !

 

Fais ceci :

 

Télécharge fixnavilog de IL-MAFIOSO

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

 

Installe le programme et lance le !

 

A l'invite de commande choisit l'option 1

 

Et poste le rapport

 

A plus.

[titeuf du 69]

et voila le rapport

 

merci @+

 

 

Search Navipromo version 2.0.3 commencé le 19/06/2007 à 21:00:27,68

 

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!

!!! Poster ce rapport sur le forum pour le faire analyser !!!

!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

 

Fix lancé depuis C:\Program Files\navilog1

Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

 

Executé en mode normal

 

*** Recherche Programmes installes ***

 

 

InternetGameBox

 

 

*** Recherche dossiers dans C:\WINDOWS ***

 

 

 

 

*** Recherche dossiers dans C:\Program Files ***

 

 

C:\Program Files\InternetGameBox trouvé !

 

 

*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

 

 

 

 

*** Recherche dossiers dans C:\Documents and Settings\christophe\Application Data ***

 

 

 

*** Recherche avec BlackLight Engine/F-secure ***

BlackLight Engine est un produit de F-secure, pour + d'infos :

http://www.f-secure.com/blacklight/blacklight_help.html

 

Fichier(s) caché(s) dans C:\WINDOWS\system32 :

 

c:\WINDOWS\system32\kewhrjqqml.dat

C:\WINDOWS\system32\kewhrjqqml.exe

c:\WINDOWS\system32\kewhrjqqml_nav.dat

c:\WINDOWS\system32\kewhrjqqml_navps.dat

 

Processus caché(s) dans C:\WINDOWS\system32 :

 

C:\WINDOWS\system32\kewhrjqqml.exe

 

 

*** Recherche fichiers ***

 

 

C:\WINDOWS\pack.epk trouvé !

C:\WINDOWS\system32\nvs2.inf trouvé !

C:\WINDOWS\prefetch\INTERNETGAMEBOX.EXE-151FE1D3.pf trouvé !

C:\WINDOWS\prefetch\INTERNETGAMEBOX_SETUP.EXE-2F73EE33.pf trouvé !

 

 

*** Recherche cles registre ***

 

 

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

 

 

 

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

 

 

 

Recherche Clé Magic Control

 

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

 

 

*** Module de Recherche complémentaire ***

(Recherche fichiers spécifiques)

 

1)Recherche fichiers connus:

 

 

2)Recherche Heuristique :

*

C:\WINDOWS\system32\kewhrjqqml.dat trouvé !

**

C:\WINDOWS\system32\kewhrjqqml.dat trouvé !

***

****

C:\WINDOWS\system32\kewhrjqqml_navps.dat trouvé !

*****

******

*******

********

 

 

*** Analyse Terminé le 19/06/2007 à 21:11:24,12 ***

[regis56]

SAlut !

 

Relance fixnavilog et choisit l'option 2

 

Poste le rapport stp

 

A plus.

[titeuf du 69]

salut

 

et voila le rapport

 

@+

 

Clean Navipromo version 2.0.3 commencé le 19/06/2007 à 21:56:49,54

 

Fix lancé depuis C:\Program Files\navilog1

Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

 

Mode suppression automatique avec prise en charge résultats Blacklight

 

 

*** Creation backups fichiers trouvés par Blacklight ***

 

Copie vers "C:\Program Files\navilog1\Backupnavi"

 

 

*** Suppression des fichiers trouvés avec Blacklight ***

 

c:\WINDOWS\system32\kewhrjqqml.dat supprimé !

C:\WINDOWS\system32\kewhrjqqml.exe supprimé !

c:\WINDOWS\system32\kewhrjqqml_nav.dat supprimé !

c:\WINDOWS\system32\kewhrjqqml_navps.dat supprimé !

 

** 2ème passage **

 

C:\WINDOWS\system32\kewhrjqqml.exe absent !

C:\WINDOWS\system32\kewhrjqqml.dat absent !

C:\WINDOWS\system32\kewhrjqqml_nav.dat absent !

C:\WINDOWS\system32\kewhrjqqml_navps.dat absent !

C:\WINDOWS\system32\kewhrjqqml_navup.dat absent !

C:\WINDOWS\system32\kewhrjqqml_navtmp.dat absent !

C:\WINDOWS\system32\kewhrjqqml_m2s.xml absent !

 

 

C:\WINDOWS\prefetch\kewhrjqqml*.pf trouvé !

Copie C:\WINDOWS\prefetch\kewhrjqqml*.pf réalise avec succes !

C:\WINDOWS\prefetch\kewhrjqqml*.pf supprimé !

 

*** Suppression dossiers dans C:\WINDOWS ***

 

 

*** Suppression dossiers dans C:\Program Files ***

 

C:\Program Files\InternetGameBox ...suppression...

C:\Program Files\InternetGameBox supprimé !

 

 

*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***

 

 

*** Suppression dossiers dans C:\Documents and Settings\christophe\Application Data ***

 

 

 

*** Suppression fichiers ***

 

C:\WINDOWS\pack.epk supprimé !

C:\WINDOWS\system32\nvs2.inf supprimé !

C:\WINDOWS\INTERNETGAMEBOX.EXE-151FE1D3.pf supprimé !

C:\WINDOWS\INTERNETGAMEBOX_SETUP.EXE-2F73EE33.pf supprimé !

 

*** Suppression fichiers temporaires ***

 

Nettoyage contenu C:\WINDOWS\Temp effectué !

Nettoyage contenu C:\Documents and Settings\christophe\Local Settings\Temp effectué !

 

 

*** Sauvegarde du registre vers dossier Backupnavi***

 

 

sauvegarde du registre réalise avec succes !

 

 

*** Nettoyage registre ***

 

 

Nettoyage registre Ok

 

*** Traitement Recherche complémentaire ***

(Recherche fichiers spécifiques)

 

1)Recherche fichiers connus:

 

 

2)Recherche et Suppression Heuristique :

 

*

**

***

****

*****

******

*******

********

 

3)Contrôle présence clés Rootkit dans le registre :

 

Aucune autre clés présente dans le registre !

 

*** Nettoyage termine le 19/06/2007 à 21:58:56,14 ***

[regis56]

RE

 

Parfait fait ceci maintenant :

 

Télécharge SpySweeper - Télécharge SpySweeper - Aide SpySweeper

- Clic sur sur le lien "Free Trial" pour le télécharger tout à droite

- Installe le et démare le

- Il va te demander de télécharger la dernière définition, accepte

- Ensuite, clic sur le bouton Options à gauche

- Clic sur l'onglet Options

- Assure toi que les options suivantes sont cochées :

o Windows Registery

o Memory Object

o Cookies

o System Restore Folder

o Plus bas :

o Sweep all users accounts

o Sweep for rootkis

 

-- Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci

- Démarre SpySweeper

- Clic sur "Sweep Now" à gauche

- Clic sur le bouton "Start"

- Quand le scan est terminé, clic sur le bouton "Next"

- Assure toi que tout est coché et clic sur le bouton "Next"

- Lorsque tous les éléments trouvés ont été supprimés

- Clic sur "Session Log" en haut à droite, copie tous les élements du log.

- Ferme les fenêtres et colle tout le log ici ainsi qu'un log HijackThis

 

 

Aide : N'hésite pas à consulter l'Aide de SpySweeper

 

A plus.

[titeuf du 69]

re

 

voila les deux log

 

a plus

------------------------------------------------------------------------------

 

23:16: Removal process completed. Elapsed time 00:01:16

23:16: Quarantining All Traces: adviva cookie

23:16: Quarantining All Traces: about cookie

23:16: Quarantining All Traces: webtrendslive cookie

23:16: Quarantining All Traces: comclick cookie

23:16: Quarantining All Traces: 247realmedia cookie

23:16: Quarantining All Traces: atlas dmt cookie

23:16: Quarantining All Traces: specificclick.com cookie

23:16: Quarantining All Traces: statcounter cookie

23:16: Quarantining All Traces: starware.com cookie

23:16: Quarantining All Traces: directtrack cookie

23:16: Quarantining All Traces: tribalfusion cookie

23:16: Quarantining All Traces: casalemedia cookie

23:16: Quarantining All Traces: metriweb.be cookie

23:16: Quarantining All Traces: fe.lea.lycos.com cookie

23:16: Quarantining All Traces: redsheriff cookies

23:16: Quarantining All Traces: zedo cookie

23:16: Quarantining All Traces: tradedoubler cookie

23:16: Quarantining All Traces: infospace cookie

23:16: Quarantining All Traces: mediaplex cookie

23:16: Quarantining All Traces: overture cookie

23:16: Quarantining All Traces: yieldmanager cookie

23:16: Quarantining All Traces: advertising cookie

23:16: Quarantining All Traces: bluestreak cookie

23:16: Quarantining All Traces: xiti cookie

23:16: Quarantining All Traces: weborama cookie

23:16: Quarantining All Traces: serving-sys cookie

23:15: Quarantining All Traces: questionmarket cookie

23:15: Quarantining All Traces: bs.serving-sys cookie

23:15: Quarantining All Traces: adtech cookie

23:15: Quarantining All Traces: pointroll cookie

23:15: Quarantining All Traces: 2o7.net cookie

23:15: Quarantining All Traces: trojan-phisher-bankerant

23:15: Quarantining All Traces: hotbar/zango

23:15: Removal process initiated

23:14: Traces Found: 110

23:14: Full Sweep has completed. Elapsed time 00:25:29

23:14: File Sweep Complete, Elapsed Time: 00:23:51

23:08: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.

23:08: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.

22:50: Starting File Sweep

22:50: Cookie Sweep Complete, Elapsed Time: 00:00:03

22:50: cookies.txt (ID = 1958)

22:50: cookies.txt (ID = 3217)

22:50: cookies.txt (ID = 3217)

22:50: cookies.txt (ID = 3217)

22:50: cookies.txt (ID = 3217)

22:50: cookies.txt (ID = 3217)

22:50: cookies.txt (ID = 3217)

22:50: cookies.txt (ID = 2177)

22:50: Found Spy Cookie: adviva cookie

22:50: cookies.txt (ID = 2037)

22:50: cookies.txt (ID = 2037)

22:50: Found Spy Cookie: about cookie

22:50: cookies.txt (ID = 3667)

22:50: Found Spy Cookie: webtrendslive cookie

22:50: cookies.txt (ID = 2450)

22:50: cookies.txt (ID = 2450)

22:50: cookies.txt (ID = 2450)

22:50: Found Spy Cookie: comclick cookie

22:50: cookies.txt (ID = 1953)

22:50: cookies.txt (ID = 1953)

22:50: cookies.txt (ID = 1953)

22:50: cookies.txt (ID = 1953)

22:50: Found Spy Cookie: 247realmedia cookie

22:50: cookies.txt (ID = 2253)

22:50: Found Spy Cookie: atlas dmt cookie

22:50: cookies.txt (ID = 3399)

22:50: cookies.txt (ID = 3447)

22:50: cookies.txt (ID = 3399)

22:50: cookies.txt (ID = 3399)

22:50: cookies.txt (ID = 3399)

22:50: Found Spy Cookie: specificclick.com cookie

22:50: cookies.txt (ID = 3447)

22:50: Found Spy Cookie: statcounter cookie

22:50: cookies.txt (ID = 3442)

22:50: cookies.txt (ID = 3442)

22:50: cookies.txt (ID = 3442)

22:50: cookies.txt (ID = 3442)

22:50: Found Spy Cookie: starware.com cookie

22:50: cookies.txt (ID = 3659)

22:50: cookies.txt (ID = 2528)

22:50: cookies.txt (ID = 2527)

22:50: cookies.txt (ID = 2528)

22:50: cookies.txt (ID = 2527)

22:50: Found Spy Cookie: directtrack cookie

22:50: cookies.txt (ID = 2354)

22:50: cookies.txt (ID = 2354)

22:50: cookies.txt (ID = 2354)

22:50: cookies.txt (ID = 3589)

22:50: Found Spy Cookie: tribalfusion cookie

22:50: cookies.txt (ID = 2354)

22:50: Found Spy Cookie: casalemedia cookie

22:50: cookies.txt (ID = 1958)

22:50: cookies.txt (ID = 2155)

22:50: cookies.txt (ID = 2155)

22:50: cookies.txt (ID = 3658)

22:50: cookies.txt (ID = 3658)

22:50: cookies.txt (ID = 3658)

22:50: cookies.txt (ID = 2992)

22:50: Found Spy Cookie: metriweb.be cookie

22:50: cookies.txt (ID = 1957)

22:50: cookies.txt (ID = 1957)

22:50: cookies.txt (ID = 1957)

22:50: cookies.txt (ID = 1957)

22:50: cookies.txt (ID = 1957)

22:50: cookies.txt (ID = 1957)

22:50: cookies.txt (ID = 1957)

22:50: cookies.txt (ID = 1957)

22:50: cookies.txt (ID = 1957)

22:50: cookies.txt (ID = 1957)

22:50: cookies.txt (ID = 1957)

22:50: cookies.txt (ID = 1957)

22:50: cookies.txt (ID = 1957)

22:50: cookies.txt (ID = 1957)

22:50: cookies.txt (ID = 2660)

22:50: Found Spy Cookie: fe.lea.lycos.com cookie

22:50: cookies.txt (ID = 2845)

22:50: cookies.txt (ID = 2845)

22:50: Found Spy Cookie: redsheriff cookies

22:50: cookies.txt (ID = 2315)

22:50: cookies.txt (ID = 3762)

22:50: cookies.txt (ID = 3762)

22:50: cookies.txt (ID = 3762)

22:50: cookies.txt (ID = 3762)

22:50: cookies.txt (ID = 3762)

22:50: cookies.txt (ID = 3762)

22:50: cookies.txt (ID = 3762)

22:50: Found Spy Cookie: zedo cookie

22:50: cookies.txt (ID = 3575)

22:50: cookies.txt (ID = 3575)

22:50: cookies.txt (ID = 3575)

22:50: cookies.txt (ID = 3575)

22:50: Found Spy Cookie: tradedoubler cookie

22:50: cookies.txt (ID = 2865)

22:50: Found Spy Cookie: infospace cookie

22:50: cookies.txt (ID = 6442)

22:50: cookies.txt (ID = 6442)

22:50: Found Spy Cookie: mediaplex cookie

22:50: cookies.txt (ID = 2330)

22:50: cookies.txt (ID = 3343)

22:50: cookies.txt (ID = 3343)

22:50: cookies.txt (ID = 3343)

22:50: cookies.txt (ID = 3343)

22:50: cookies.txt (ID = 3343)

22:50: cookies.txt (ID = 3343)

22:50: cookies.txt (ID = 3105)

22:50: cookies.txt (ID = 3105)

22:50: Found Spy Cookie: overture cookie

22:50: cookies.txt (ID = 3751)

22:50: cookies.txt (ID = 3751)

22:50: cookies.txt (ID = 3751)

22:50: cookies.txt (ID = 3751)

22:50: cookies.txt (ID = 3751)

22:50: cookies.txt (ID = 3751)

22:50: Found Spy Cookie: yieldmanager cookie

22:50: cookies.txt (ID = 2175)

22:50: cookies.txt (ID = 2175)

22:50: cookies.txt (ID = 2175)

22:50: cookies.txt (ID = 2175)

22:50: Found Spy Cookie: advertising cookie

22:50: cookies.txt (ID = 2314)

22:50: Found Spy Cookie: bluestreak cookie

22:50: cookies.txt (ID = 3717)

22:50: christophe@xiti[1].txt (ID = 3717)

22:50: Found Spy Cookie: xiti cookie

22:50: christophe@weborama[1].txt (ID = 3658)

22:50: Found Spy Cookie: weborama cookie

22:50: christophe@serving-sys[2].txt (ID = 3343)

22:50: Found Spy Cookie: serving-sys cookie

22:50: christophe@questionmarket[1].txt (ID = 3217)

22:50: Found Spy Cookie: questionmarket cookie

22:50: christophe@msnportal.112.2o7[1].txt (ID = 1958)

22:50: christophe@bs.serving-sys[2].txt (ID = 2330)

22:50: Found Spy Cookie: bs.serving-sys cookie

22:50: christophe@adtech[2].txt (ID = 2155)

22:50: Found Spy Cookie: adtech cookie

22:50: christophe@ads.pointroll[1].txt (ID = 3148)

22:50: Found Spy Cookie: pointroll cookie

22:50: christophe@2o7[1].txt (ID = 1957)

22:50: Found Spy Cookie: 2o7.net cookie

22:50: Starting Cookie Sweep

22:50: Registry Sweep Complete, Elapsed Time:00:01:21

22:50: HKU\WRSS_Profile_S-1-5-21-2752264243-2423070714-1028983887-1006\frmprincipal\ (ID = 1100582)

22:50: Found Trojan Horse: trojan-phisher-bankerant

22:50: HKU\WRSS_Profile_S-1-5-21-2752264243-2423070714-1028983887-1006\software\microsoft\internet explorer\toolbar\shellbrowser\ || {74cc49f7-eb32-4a08-b204-948962a6e3db} (ID = 685412)

22:50: Found Adware: hotbar/zango

22:50: Memory Sweep Complete, Elapsed Time: 00:00:00

22:50: Starting Registry Sweep

22:49: Starting Memory Sweep

22:49: Sweep initiated using definitions version 934

22:49: Spy Sweeper 5.5.1.3354 started

22:49: | Start of Session, mardi 19 juin 2007 |

***************

22:48: Program Version 5.5.1.3354 Using Spyware Definitions 934

22:48: Spy Sweeper 5.5.1.3354 started

22:48: | Start of Session, mardi 19 juin 2007

 

 

|

--------------------------------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 23:30:02, on 19/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\VM303_STI.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nikon\NkView6\NkvMon.exe

C:\Program Files\WinZip 8.1 Fr\WZQKPICK.EXE

C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [bigDog303] "C:\WINDOWS\VM303_STI.EXE" VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Documents and Settings\christophe\Mes documents\PHOTOS FAMILLE MOUCHONNAT\Extrafilm FotoFacil\Agent.exe"

O4 - HKLM\..\Run: [inCD] "C:\Program Files\Ahead\InCD\InCD.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - Startup: Alertes uefa.com.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip 8.1 Fr\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{78081BA9-09C8-4204-95EB-6245053D578B}: NameServer = 212.27.54.252,212.27.54.253

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

[regis56]

SAlut !

 

Comment se comporte le pc ?

 

On va faire une dernière verification

 

Fais un scan en ligne ici :

http://www.kaspersky.com/virusscanner

tuto d'aide ici

http://www.malekal.com/scan_Av_en_ligne.html

 

A plus.