Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Aidez moi à virer ce Malware je vous en prie !!!

vincentdrizzt

Par vincentdrizzt
dans Analyses et éradication malwares

 Partager

Messages recommandés

vincentdrizzt Junior Member

vincentdrizzt

Posté(e)
Posté(e)

Bonsoir Zébuloniens,

 

Cela fait à peu pres deux ans que mon PC tournait parfaitement bien, avec comme seule protection Norton et Zone alarm. C'etait jusqu'à ce début de semaine où j'ai commis la boulette de l'année: j'ai été faire un tour sur theme xp pour installer un nouveau theme de bureau, chose que je n'avais jamais faite. dans mon empressement j'ai cliquer oui dans une fenetre qui s'est ouverte et que je n'aurais jamais du valider : runme.exe

 

Depuis la navigation sur mon pc est devenue un enfer je suis infesté de pubs popups intempestifs et ce même lorque ie n'est pas lancé. j'ai tout essayé: a², spybot, adaware, ewido, norton...rien a faire.

 

 

Je viens de faire la manip de lancer windows en mode sans echec, de nettoyer mes repertoires avec cleanMgr de lancer un antivirus (norton parce que mon pc n'aime pas antivir, si vous me dites que c'est indispensable d'utiliser antivir je réitèrerai l'opération suffit de me le préciser). J'ai ensuite lancé Hijackthis (que j'ai découvert aujourd'hui grace à ce forum) et voici mon log:

 

Logfile of HijackThis v1.99.1

Scan saved at 20:48:32, on 11/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\rundll32.exe

D:\WINDOWS\Explorer.EXE

D:\Documents and Settings\Administrateur\Bureau\programme du net\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [smapp] D:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [msresearch] C:\windows\msresearch.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM\..\RunServices: [schedulingAgent] D:\WINDOWS\system32\mstask.exe

O4 - HKCU\..\Run: [skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Global Startup: AutoStart IR.lnk = D:\Program Files\WinTV\Ir.exe

O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://d:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Pages liées - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{021B163E-C41B-4E9B-A744-AD46A786C4E4}: NameServer = 212.151.136.242 212.247.156.70

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B465897-657B-4881-BBAD-6070B39E1D99}: NameServer = 80.170.93.24

O17 - HKLM\System\CS1\Services\Tcpip\..\{021B163E-C41B-4E9B-A744-AD46A786C4E4}: NameServer = 212.151.136.242 212.247.156.70

O20 - Winlogon Notify: ShellScrap - D:\WINDOWS\system32\k8noli5318.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

 

 

Je vous serais vraiment reconnaissant si vous pouviez me dépanner car je sens que le formattage me pend au nez et je voudrais vraiment l'eviter...surtout que ce n'est pas un remède sur à tous les coups d'apres ce que j'ai pu lire.

 

 

Merci d'avance

Jack_Burton Godlike Member

Jack_Burton

Posté(e)
Posté(e)

Bonsoir et bienvenu sur le forum sécurité de zebulon,

 

Ton systeme est effectivement infecté!

 

Je débute une analyse! Réponse dans un moment!

Jack_Burton Godlike Member

Jack_Burton

Posté(e)
Posté(e) (modifié)

Re,

 

Imprime ces instructions ou sauvegarde les dans un fichier texte de façon à pouvoir les consulter en mode sans échec.

 

1/ *Télécharge et installe EasyCleaner de Toni Helenius: http://personal.inet.fi/business/toniarts/ecleane.htm

 

*Télécharge et lance cet uninstaller:

http://www.look2me.com/cgi-bin/UnInstaller

 

2/ Redémarre en mode sans échec.

 

3/ Vérifie d'avoir accès à tous les fichiers

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Activer la case : Afficher les fichiers et dossiers cachés

Désactiver la case : Masquer les extensions des fichiers dont le type est connu

Désactiver la case : Masquer les fichiers protégés du système d'exploitation

Puis Appliquer

 

4/ Relance un scan HijackThis, clique sur "Do a system scan only" et coche les lignes ci-dessous :

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8

 

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [msresearch] C:\windows\msresearch.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunServices: [schedulingAgent] D:\WINDOWS\system32\mstask.exe

O4 - HKCU\..\Run: [skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

 

O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

 

O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

 

 

O20 - Winlogon Notify: ShellScrap - D:\WINDOWS\system32\k8noli5318.dll

 

Ferme toutes les fenêtres sauf HijackThis et "Fix Checked".

 

5/ Supprime le(s) fichier(s) incriminé(s) [s'il(s) existe(nt) encore] par l'Explorateur Windows :

 

-C:\windows\msresearch.exe

-D:\WINDOWS\system32\k8noli5318.dll<-- ne devrait plus etre présent grace a uninstaller

 

6/ Execute EasyCleaner: Utilise les fonctions "Inutiles" et "Registre" seulement. Ne touche pas à la fonction "doublons".

 

7/ Redémarre l'ordinateur en mode normal et poste un nouveau rapport HijackThis à titre de vérification.

 

NB : Ton ordinateur appartient a un réseau? Dans tes lignes 017, il y en a une qui correspond a ton Fournisseur d Acces a Internet (Télé2) et 2 autres a un serveur Suédois (cependant chez Télé2 également voir ici) . J attends des renseignements de ta part!

Modifié par Jack_Burton
Jack_Burton Godlike Member

Jack_Burton

Posté(e)
Posté(e) (modifié)

Re bonsoir a tous,

 

Si Look2Me est toujours présent a la ligne 020 du rapport hijackthis malgré uninstaller fais ceci :

 

 

Télécharge SpySweeper (de Webroot) ICI (version d'essai - 14 jours):

  • Clic sur le lien Free Trial sous la rubrique "SpySweeper".
  • Installe le programme. Une fois installé, il se lancera.
  • L'option de le mettre à jour s'affichera; clic Yes.
  • Lorsque les mises à jour seront installées, clic Options sur la gauche.
  • Clic sur l'onglet Sweep Options.
  • Sous What to Sweep, coche les options suivantes:

    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • DÉCOCHE Do not Sweep System Restore Folder.

    [*]Clic Sweep Now sur la gauche.

    [*]Clic sur Start.

    [*]Quand le scan est terminé, clic sur Next.

    [*]Assure-toi que tous les items sont cochés, puis clic sur Next.

    [*]Tous les items cochés seront éliminés.

    [*]Si Spy Sweeper veut redémarrer pour terminer le nettoyage : ACCEPTE.

    [*]Clic Session Log au haut - à droite, et copie tout ce qu'il y a dans la fenêtre.

    [*]Clic sur l'onglet Summary, puis clic sur Finish.

    [*]Colle le contenu du "Session Log" dans ta prochaine réponse.

     

    Poste un nouveau rapport hijackthis en meme temps!

     

    NB : n oublie pas de répondre a ma question : est ce que ton pc est connecté a un serveur?

     

    Edit : Bonne nuit a tous!

    Désolé pour le multi post! J ai rajouté cette procédure car je vais au lit et que j ai préféré prendre de l avance afin de régler au plus vite le probleme de vincentdrizzt! Si un modérateur passe dans le coin, pourrait il relier mes 2 premiers posts? Merci

Modifié par Jack_Burton
vincentdrizzt Junior Member

vincentdrizzt

Posté(e)
  • Auteur
Posté(e)

Bon j'ai terminé, voici le rapport de spy sweeper:

 

********

00:11: | Start of Session, samedi 12 novembre 2005 |

00:11: Spy Sweeper started

00:11: Sweep initiated using definitions version 572

00:12: Starting Memory Sweep

00:12: Found Adware: icannnews

00:12: Detected running threat: D:\WINDOWS\system32\gamf32.dll (ID = 83)

00:12: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:12: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:12: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:12: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:12: Detected running threat: D:\WINDOWS\system32\m0lsla371d.dll (ID = 83)

00:12: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:12: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:12: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:12: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:13: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:13: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:13: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:13: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:13: Memory Sweep Complete, Elapsed Time: 00:01:43

00:13: Starting Registry Sweep

00:13: Found Adware: gain-supported software

00:13: HKLM\software\microsoft\windows\currentversion\uninstall\{4a840e1e-2ba8-47de-923e-0e00407eb530}\ (10 subtraces) (ID = 126804)

00:13: Found Adware: targetsaver

00:13: HKLM\software\microsoft\windows\currentversion\uninstall\tsa\ (2 subtraces) (ID = 143607)

00:13: Found Adware: targetsoft

00:13: HKLM\software\microsoft\windows\currentversion\uninstall\tsl installer\ (1 subtraces) (ID = 143608)

00:13: HKLM\software\microsoft\windows\currentversion\uninstall\tsl installer\ (1 subtraces) (ID = 143608)

00:13: Found Adware: command

00:13: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ (7 subtraces) (ID = 892523)

00:13: HKLM\system\currentcontrolset\services\cmdservice\ (11 subtraces) (ID = 958670)

00:13: HKU\S-1-5-21-1417001333-2077806209-839522115-500\software\tsl2\ (1 subtraces) (ID = 143616)

00:13: Found Adware: websearch toolbar

00:13: HKU\S-1-5-21-1417001333-2077806209-839522115-500\software\microsoft\internet explorer\extensions\cmdmapping\ || {686c970f-1d7d-4469-85d1-4b35763b56cc} (ID = 146456)

00:13: HKU\WRSS_Profile_S-1-5-21-1417001333-2077806209-839522115-1011\software\microsoft\internet explorer\extensions\cmdmapping\ || {686c970f-1d7d-4469-85d1-4b35763b56cc} (ID = 146456)

00:13: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {686c970f-1d7d-4469-85d1-4b35763b56cc} (ID = 146456)

00:13: Registry Sweep Complete, Elapsed Time:00:00:13

00:13: Starting Cookie Sweep

00:13: Cookie Sweep Complete, Elapsed Time: 00:00:00

00:13: Starting File Sweep

00:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:15: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:15: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:15: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:15: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:15: d:\documents and settings\administrateur\local settings\temp\fsg_tmp (ID = -2147480935)

00:15: Found Adware: packagehtml dialer

00:15: backup-20051111-234714-374.dll (ID = 156904)

00:15: uwkoc.dll (ID = 78253)

00:15: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:15: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:15: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:15: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:17: Found Adware: ezula ilookup

00:17: woinstall.exe (ID = 110366)

00:18: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:18: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:18: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:18: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:19: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:19: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:19: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:19: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:19: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:19: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:19: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:19: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:20: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:20: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:20: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:20: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:21: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:21: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:21: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:21: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:22: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:22: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:22: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:22: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:22: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:22: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:22: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:22: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:23: Found Adware: apropos

00:23: atmtd.dll._ (ID = 166754)

00:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:23: vocabulary (ID = 78283)

00:23: class-barrel (ID = 78229)

00:24: cmdinst.exe (ID = 185986)

00:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:26: atmtd.dll (ID = 166754)

00:27: backup-20051111-234714-374.inf (ID = 156869)

00:27: pa5rszprxe.vbs (ID = 185675)

00:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:36: Found Adware: hotconnect dialer

00:36: jf18ans-.ico (ID = 71911)

00:36: a0233449.ico (ID = 71911)

00:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:39: Found Adware: lopdotcom

00:39: a0238652.exe (ID = 95)

00:39: a0238803.exe (ID = 95)

00:39: a0238856.exe (ID = 95)

00:39: a0239858.exe (ID = 95)

00:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:39: a0239870.exe (ID = 95)

00:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:40: a0240003.exe (ID = 95)

 

00:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:44: Found Adware: ipinsight

00:44: conscorr.ini (ID = 64264)

00:44: Found Adware: keenvalue/perfectnav

00:44: system.cfg (ID = 64871)

00:44: conscorr.inf (ID = 64277)

00:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

 

00:45

00:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:

00:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

 

00:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

01:05: Warning: Unhandled Archive Type

01:11: Warning: Invalid Stream

01:14: Warning: Invalid Stream

01:14: Warning: Invalid Stream

01:23: File Sweep Complete, Elapsed Time: 01:09:26

01:23: Full Sweep has completed. Elapsed time 01:11:24

01:23: Traces Found: 67

01:24: Removal process initiated

01:25: Quarantining All Traces: icannnews

01:25: icannnews is in use. It will be removed on reboot.

01:25: D:\WINDOWS\system32\gamf32.dll is in use. It will be removed on reboot.

01:25: D:\WINDOWS\system32\m0lsla371d.dll is in use. It will be removed on reboot.

01:25: Quarantining All Traces: lopdotcom

01:25: Quarantining All Traces: websearch toolbar

01:25: Quarantining All Traces: apropos

01:25: Quarantining All Traces: gain-supported software

01:25: Quarantining All Traces: command

01:25: Quarantining All Traces: ezula ilookup

01:25: Quarantining All Traces: hotconnect dialer

01:25: Quarantining All Traces: ipinsight

01:25: Quarantining All Traces: keenvalue/perfectnav

01:25: Quarantining All Traces: packagehtml dialer

01:25: Quarantining All Traces: targetsaver

01:25: Quarantining All Traces: targetsoft

01:26: Preparing to restart your computer. Please wait...

01:26: Removal process completed. Elapsed time 00:01:34

********

00:07: | Start of Session, samedi 12 novembre 2005 |

00:07: Spy Sweeper started

00:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:07:

00:08: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:08: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

 

00:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:10: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:10: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:10: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:10: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

00:11: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:11: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

00:11: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

 

00:11: | End of Session, samedi 12 novembre 2005 |

 

 

 

Voici le log de hijackthis:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 01:40:17, on 12/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

D:\Program Files\ewido\security suite\ewidoctrl.exe

D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

D:\Program Files\D-Tools\daemon.exe

D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

D:\Program Files\Analog Devices\SoundMAX\SMTray.exe

D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

D:\Program Files\ewido\security suite\ewidoguard.exe

D:\Program Files\WinTV\Ir.exe

D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

D:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

D:\WINDOWS\system32\ZoneLabs\vsmon.exe

D:\WINDOWS\system32\mqsvc.exe

D:\WINDOWS\system32\mqtgsvc.exe

D:\Program Files\Norton AntiVirus\navapsvc.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Outlook Express\msimn.exe

D:\Program Files\Messenger\msmsgs.exe

D:\Documents and Settings\Administrateur\Bureau\programme du net\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [smapp] D:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [spySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - Global Startup: AutoStart IR.lnk = D:\Program Files\WinTV\Ir.exe

O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://d:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Pages liées - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html

O17 - HKLM\System\CCS\Services\Tcpip\..\{021B163E-C41B-4E9B-A744-AD46A786C4E4}: NameServer = 212.151.136.242 212.247.156.70

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B465897-657B-4881-BBAD-6070B39E1D99}: NameServer = 80.170.93.24

O17 - HKLM\System\CS1\Services\Tcpip\..\{021B163E-C41B-4E9B-A744-AD46A786C4E4}: NameServer = 212.151.136.242 212.247.156.70

O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe

 

 

 

 

apparament le probleme de popup est résolu: merci infiniement!!

 

Si tu pouvais me confirmer en regardant les log ce serait génial.

 

 

Bon je vais me coucher.

 

Merci encore, ca fait plaisir de voir que des gens acceptent de dépatouiller d'autres personnes qu'ils ne connaissent même pas.

 

A bientôt,

 

Vincent

Jack_Burton Godlike Member

Jack_Burton

Posté(e)
Posté(e) (modifié)

Bonjour,

 

Ton rapport est propre!

Désinstalle a présent SpySweeper!

 

Par contre, j aimerais encore en savoir plus sur ton réseau!

En effet, comme je te l ai dit, sur ces 3 lignes 017, il y en a une qui correspond a ton FAI Télé2!

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B465897-657B-4881-BBAD-6070B39E1D99}: NameServer = 80.170.93.24<----celle-ci

et les 2 autres a un serveur Télé2 Suédois :

O17 - HKLM\System\CCS\Services\Tcpip\..\{021B163E-C41B-4E9B-A744-AD46A786C4E4}: NameServer = 212.151.136.242 212.247.156.70

O17 - HKLM\System\CS1\Services\Tcpip\..\{021B163E-C41B-4E9B-A744-AD46A786C4E4}: NameServer = 212.151.136.242 212.247.156.70<--- celles-ci! Je pense qu elles sont bien légitimes mais je préfére m en assurer! Ce qui m embete c est la localisation en Suède!

 

A part ca as tu toujours des dysfonctionnements?

 

Edit : C est bon, ces 3 lignes 017 sont bien légitimes, plus de doute, oublie ma question! Télé2 est un opérateur Européen qui appartient au groupe TELE2 AB dont la socièté est côtée à la bourse de Stockholm (Suede) voir ici, sous le sigle TEL2A! Donc aucun probleme :P

Modifié par Jack_Burton
vincentdrizzt Junior Member

vincentdrizzt

Posté(e)
  • Auteur
Posté(e)

Bonjour,

Merci encore !

Pour ce qui est de mon réseau franchement je ne vois pas. A part ma conection internet et mon réseau domestique avec un ordinateur portable, les deux seules autres connection ou plutôt tentatives de connection puisque je je n'ai jamais réussi à les réaliser sont deux connection VPN (que je viens à l'instant de supprimer).

 

 

Bon j'ai l'impression d'abbuser un peu de ton temps mais si tu es toujours disponible j'aimerai bien avoir ton avis sur un autre problème:

 

Je joue occasionellement à des jeux sur internet avec mon beau frère, notamment un qu'il affectionne particulièrement : Raven Shield (un jeu d'action tactique si tu n'es pas adepte de jeu vidéo). Bon jusque la pas de problème jusqu'a récemment (et oui tout s'est mis à aller de travers d'un seul coup mais je ne suis pas sûr que ce soit lié) ou à chaque lancement du dit jeu mon pc s'est mis à rebooter (sytématiquement).

 

Dans les propriété j'ai décoché l'option redémarrer en cas d'erreur sérieuse pour voir quel genre de messsage d'erreur je pouvais avoir et voici ce que j'ai obtenu:

 

Stop 0X0000008E(0XC0000005,....(le reste des chiffres n'etant jamais les même à chaque plantage)....)

 

J'ai pensé à deux sources possibles:

 

Ma carte vidéo:

Mais le fait que tous les autres logiciels la solicitant tournent impécablement bien m'en dissuade.

 

Ma mémoire:

 

Je viens de changer mes deux barettes de 256 DDR par une nouvelle de 512 DDR. Mais en remettant les anciennes le problème persiste donc chou blanc.

 

Si tu as une autre idée je suis preneur..

 

En tout cas merci encore pour le malware: que c'est agréable de pouvoir poster un message sans être interrompu toutes les deux seconde par une pub!!

Jack_Burton Godlike Member

Jack_Burton

Posté(e)
Posté(e) (modifié)

Re bonjour,

 

Pour ce qui est de mon réseau franchement je ne vois pas. A part ma conection internet et mon réseau domestique avec un ordinateur portable, les deux seules autres connection ou plutôt tentatives de connection puisque je je n'ai jamais réussi à les réaliser sont deux connection VPN

Aucun probleme pour les lignes 017 comme je te l ai dit en "edit" sur mon post précédent :

Edit : C est bon, ces 3 lignes 017 sont bien légitimes, plus de doute, oublie ma question! Télé2 est un opérateur Européen qui appartient au groupe TELE2 AB dont la socièté est côtée à la bourse de Stockholm (Suede) voir ici, sous le sigle TEL2A! Donc aucun probleme icon_smile.gif

C est donc normal!

Ton rapport est donc propre a présent!

 

En tout cas merci encore pour le malware: que c'est agréable de pouvoir poster un message sans être interrompu toutes les deux seconde par une pub!!

Ravi que ce probleme soit régler :-P Sur ton rapport je ne vois pas la présence de firewall (parfeu)! Je te conseille fortement d en installer un surtout si tu te sers de la passoire livrée avec XP! Tu en trouveras 3 gratuits et performants dans "les consignes de sécurité" en bas pres de ma signature avec des tutos pour bien les configurer!

 

 

Concernant ton jeu de shoot tactique bourrin (ben oui je connais :P:P ), il peut y avoir plusieurs causes :

-probleme des drivers : essayes de mettre a jour tes divers pilotes : carte son, carte graphique, carte mere notamment!

-probleme d alimentation trop faible si ta carte graphique est de derniere génération

-probleme d incompatibilité entre 2 barettes de ram

-direct X a jour! La derniere version est la 9c!

-la chaleur! Un exces de chaleur dans la tour peut entrainer des reboots intempestifs! J ai d ailleurs eu ce probleme il y a quelques mois, a présent, je laisse mon boitier ouvert! C est une solution envisageable, le seul "hic" c est l accumulation de la poussiere dans le boitier qu il faudra nettoyer soigneusement périodiquement!

 

Pour le moment, je te conseille de mettre a jour tes pilotes de tes périphériques, et notamment carte son & carte graphique!

 

Tu peux regarder aussi la puissance de ton alimentation et le modele de carte graphique!

 

A présent, quelques conseils de sécurité :

 

-Windows Update parfaitement à jour (catégorie critique, Services Pack et Services Release )

- pare-feu bien paramétré- antivirus bien paramétré et mis à jour régulièrement(quotidiennement s'il le faut) avec un scan complet régulier(journalier s'il le faut).

- une attitude prudente vis à vis de la navigation (pas de sites douteux:cracks, warez, sexe...) et vis à vis de la messagerie (fichiers joints aux messages doivent être scanné avant d'être ouvert)

- ne pas utiliser de logiciel de Peer to Peer (les logiciels de P2P sont sources d infections virales)

- une attitude vigilante (être l'affût des fonctionnements inhabituels de ton système)

- nettoyage hebdomadaire du système (suppression des fichiers inutiles, nettoyage de la base de registre, scandisk, defragmentation)

 

- scan hebdomadaire antispyware

 

Pour en savoir plus, consulte la page de ipl_001

http://gerard.melone.free.fr/IT/IT-AM0.html

 

Tu dois également installer les outils suivants:

 

-=> Firefox , un vrai navigateur que tu pourras sécuriser avec les conseils de megataupe:

 

-Téléchargement: http://www.mozilla-europe.org/fr/products/firefox/

-Tutorial pour le sécuriser: http://forum.zebulon.fr/index.php?showtopic=69628

 

 

Si tu veux toujours utiliser IE! :

 

-=> E-SPYAD:(Ajoute plus de 5000 sites à la zone de restriction pour te protéger lorsque tu attéris sur un site douteux)

Pour Internet Explorer uniquement!( une fois l'utilitaire dézippé dans son dossier, cliquer sur le fichierie-ads.reg:

les modifications ne sont pas visibles mais l'effet est garanti par le message qui suit! )

https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD

 

 

 

-=> Un vrai pare-feu (pas le joujou offert avec XP)

 

-Kerio

-Zone Alarm

-Sygate Personal Firewall Free

 

tu trouveras ces 3 firewalls gratuits et performants avec des tutos pour les configurer ici http://forum.zebulon.fr/index.php?act=ST&f...t=0#entry487252

 

 

-=> SpywareBlaster:

 

http://www.javacoolsoftware.com/downloads.html

Son tuto:

http://www.ordi-netfr.org/tutorialspywareblaster.html

 

 

-=> Ad-awareSE

 

http://www.ordi-netfr.com/adawarese.html

http://www.lavasoft.de/support/download/#free

Son tuto

http://home.tiscali.be/schouppeguy/adawarese/adawase.htm

 

 

-=> SpyBot-Search & Destroy

 

http://spybot.safer-networking.de/fr/download/index.html

Son tuto

http://assiste.free.fr/p/frameset/07_spybo...rch_destroy.php

 

 

-=> a² free (anti-trojans)

 

- Téléchargement : http://www.emsisoft.net/fr/software/free/

Il est nécessaire de s enregistrer sur le site pour pouvoir utiliser et avoir les mises a jour du logiciel!

 

-=> ZebProtect

 

http://www.zebulon.fr/articles/zebprotect.php

http://telechargement.zebulon.fr/123.html

Modifié par Jack_Burton

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...