raport Hijackthis

[goki09]

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

D:\Program Files\Norton AntiVirus\navapsvc.exe

D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letsroll911.org/ipw-web/bulletin/bb/viewtopic.php?t=3

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O17 - HKLM\System\CCS\Services\Tcpip\..\{DE861347-F43B-4D1D-9967-10B5DBB0E59A}: NameServer = 195.238.2.21 195.238.2.22

O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\j6j6lg1s16.dll (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

 

vous pourriez me dire quesque je dois faire svpppppppppppp merci

[Thanos]

salut goki09 et bienvenue sur le forum

 

C'est un peu maigre comme explications! Quels problèmes rencontres tu exactement?

 

Si ton pc rame à mort voire fait marche arrière ne t'étonnes pas! Norton+McAffe qui tournent en même

 

temps,non seulement tu n'es pas plus protégé, mais ils se gênent plutôt qu'autre chose!!

 

Ton rapport n'est pas complêt, effectue la procédure de nettoyage suivante(n'oublie pas de désinstaller

 

Antivir à la fin sinon tu auras trois antivirus sur le pc!! ou garde le et vire les 2 autres, à toi de voir!)

 

http://forum.zebulon.fr/index.php?showtopic=69176

 

PS: Ton pc est infecté par L2M entre autres!Apres la procédure,on te dira quoi faire.

 

@+

Modifié le 15 novembre 2005 par charles ingals

[goki09]

oui esxuce moi je recois plein de pub meme quand je suis pas sur internet qd je joue a counter il revient sur windows a cause des pub dite moi quesque je doit faire svp merci et j utilise que 1 anti-virus norton l autre mcaafee je lai effacer merci pour ton aide

 

j ai oublié un truc j ai deja fait la procédure que vous avez mit

[Jack_Burton]

Salut goki09

 

Dans un premier temps fais ceci :

 

Télécharge SpySweeper (de Webroot) ICI (version d'essai - 14 jours):

• Clic sur le lien Free Trial sous la rubrique "SpySweeper".
  
• Installe le programme. Une fois installé, il se lancera.
  
• L'option de le mettre à jour s'affichera; clic Yes.
  
• Lorsque les mises à jour seront installées, clic Options sur la gauche.
  
• Clic sur l'onglet Sweep Options.
  
• Sous What to Sweep, coche les options suivantes:
  • 
    
  • Sweep Memory
    
  • Sweep Registry
    
  • Sweep Cookies
    
  • Sweep All User Accounts
    
  • Enable Direct Disk Sweeping
    
  • Sweep Contents of Compressed Files
    
  • Sweep for Rootkits
    
  • DÉCOCHE Do not Sweep System Restore Folder.
    

  [*]Clic Sweep Now sur la gauche.

  [*]Clic sur Start.

  [*]Quand le scan est terminé, clic sur Next.

  [*]Assure-toi que tous les items sont cochés, puis clic sur Next.

  [*]Tous les items cochés seront éliminés.

  [*]Si Spy Sweeper veut redémarrer pour terminer le nettoyage : ACCEPTE.

  [*]Clic Session Log au haut - à droite, et copie tout ce qu'il y a dans la fenêtre.

  [*]Clic sur l'onglet Summary, puis clic sur Finish.

  [*]Colle le contenu du "Session Log" dans ta prochaine réponse.

[goki09]

exuse moi de repondre tard car j ai dus partir tien je te passe le session.log merci

 

 

21:42: | Start of Session, mercredi 16 novembre 2005 |

21:42: Spy Sweeper started

21:42: Sweep initiated using definitions version 573

21:42: Starting Memory Sweep

21:42: Sweep Canceled

21:42: Memory Sweep Complete, Elapsed Time: 00:00:05

21:42: Traces Found: 0

********

21:25: | Start of Session, mercredi 16 novembre 2005 |

21:25: Spy Sweeper started

21:25: Sweep initiated using definitions version 573

21:25: Starting Memory Sweep

21:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:26: Found Adware: icannnews

21:26: Detected running threat: C:\WINDOWS\system32\uzlmon.dll (ID = 83)

21:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:27: Detected running threat: C:\WINDOWS\system32\cjseqchk.dll (ID = 83)

21:27: Detected running threat: C:\WINDOWS\system32\wlauserv.dll (ID = 83)

21:27: Memory Sweep Complete, Elapsed Time: 00:02:06

21:27: Starting Registry Sweep

21:27: Found Adware: command

21:27: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ (7 subtraces) (ID = 892523)

21:27: HKLM\system\currentcontrolset\services\cmdservice\ (11 subtraces) (ID = 958670)

21:27: Found Adware: ist software

21:27: HKU\S-1-5-21-527237240-1343024091-945419059-1003\software\ist\ (1 subtraces) (ID = 129108)

21:27: Found Adware: letsroll911.org hijack

21:27: HKU\S-1-5-21-527237240-1343024091-945419059-1003\software\microsoft\internet explorer\main\ || start page (ID = 609211)

21:27: Registry Sweep Complete, Elapsed Time:00:00:07

21:27: Starting Cookie Sweep

21:27: Found Spy Cookie: yieldmanager cookie

21:27: propriétaire@ad.yieldmanager[1].txt (ID = 3751)

21:27: Found Spy Cookie: atlas dmt cookie

21:27: propriétaire@atdmt[2].txt (ID = 2253)

21:27: Found Spy Cookie: belnk cookie

21:27: propriétaire@belnk[1].txt (ID = 2292)

21:27: propriétaire@dist.belnk[2].txt (ID = 2293)

21:27: Found Spy Cookie: metriweb.be cookie

21:27: propriétaire@metriweb[1].txt (ID = 2992)

21:27: Found Spy Cookie: realmedia cookie

21:27: propriétaire@realmedia[1].txt (ID = 3235)

21:27: Found Spy Cookie: tradedoubler cookie

21:27: propriétaire@tradedoubler[2].txt (ID = 3575)

21:27: Found Spy Cookie: xiti cookie

21:27: propriétaire@xiti[1].txt (ID = 3717)

21:27: Cookie Sweep Complete, Elapsed Time: 00:00:00

21:27: Starting File Sweep

21:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:28: Found Adware: apropos

21:28: atmtd.dll (ID = 166754)

21:28: atmtd.dll._ (ID = 166754)

21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:33: Found Adware: targetsaver

21:33: vocabulary (ID = 78283)

21:33: class-barrel (ID = 78229)

21:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:34: qq5pt35vuqx0.vbs (ID = 185675)

21:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:35: Warning: Unhandled Archive Type

21:35: File Sweep Complete, Elapsed Time: 00:07:17

21:35: Full Sweep has completed. Elapsed time 00:09:32

21:35: Traces Found: 39

21:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:36: Removal process initiated

21:36: Quarantining All Traces: icannnews

21:36: Quarantining All Traces: apropos

21:36: Quarantining All Traces: command

21:36: Quarantining All Traces: ist software

21:36: Quarantining All Traces: letsroll911.org hijack

21:36: Quarantining All Traces: targetsaver

21:36: Quarantining All Traces: atlas dmt cookie

21:36: Quarantining All Traces: belnk cookie

21:36: Quarantining All Traces: metriweb.be cookie

21:36: Quarantining All Traces: realmedia cookie

21:36: Quarantining All Traces: tradedoubler cookie

21:36: Quarantining All Traces: xiti cookie

21:36: Quarantining All Traces: yieldmanager cookie

21:36: Warning: Launched explorer.exe

21:36: Warning: Quarantine process could not restart Explorer.

21:36: Preparing to restart your computer. Please wait...

21:36: Removal process completed. Elapsed time 00:00:44

********

21:23: | Start of Session, mercredi 16 novembre 2005 |

21:23: Spy Sweeper started

21:23: Your spyware definitions have been updated.

21:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

21:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

21:25: | End of Session, mercredi 16 novembre 2005 |

[Jack_Burton]

Bonsoir,

 

J ai oublié de te demander dans mon dernier post un nouveau rapport Hijackthis!

J aimerais que tu m en postes un afin de vérifier que Look2Me a bien été éradiqué!

Modifié le 16 novembre 2005 par Jack_Burton

[goki09]

stp

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

D:\Program Files\Norton AntiVirus\navapsvc.exe

D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\slserv.exe

D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

D:\PROGRA~1\MOZILLA\FIREFOX.EXE

D:\Program Files\Azureus\Azureus.exe

C:\Program Files\Java\j2re1.4.2_05\bin\javaw.exe

C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letsroll911.org/ipw-web/bulletin/bb/viewtopic.php?t=3

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [spySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O17 - HKLM\System\CCS\Services\Tcpip\..\{DE861347-F43B-4D1D-9967-10B5DBB0E59A}: NameServer = 195.238.2.21 195.238.2.22

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\j6j6lg1s16.dll (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

[goki09]

es que tt est rentré dans l ordre ???

[Thanos]

salut goki09

 

Je jette un oeil à ton rapport! je vois que Jack s'est déjà occupé de L2M Laisse moi quelques instants!

[Thanos]

-Télécharge EasyCleaner

http://personal.inet.fi/business/toniarts/files/EClea2_0.exe

 

Télécharge RegSearch.exe (Registry Search de Bobbi Flekman) -> http://www.bleepingcomputer.com/files/misc/regsearch.zip

- dézippe dans un répertoire dédié tel que C:\Program Files

 

-Télécharge et dézippe Hoster de ToadBee :

http://www.funkytoad.com/hoster.htm

 

redémarre le PC, impérativement en mode sans échec, (n'ayant pas accès à Internet, tu as préalablement copié ces instructions dans un fichier texte)

 

Assure toi d'avoir accès à tous les fichiers.

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Activer la case : Afficher les fichiers et dossiers cachés

Désactiver la case : Masquer les extensions des fichiers dont le type est connu

Désactiver la case : Masquer les fichiers protégés du système d'exploitation

Puis Appliquer

Passe par Installer /Désinstaller(Panneau de Configuration) et désinstalle les programmes suivant:

-Azureus =>tu n'est pas obligé de le faire mais je te conseille vivement de le virer,il est certainement

 

responsable de tes infections!!

 

Démarre Hijackthis "Do a system scan only", et coche les lignes suivantes :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letsroll911.org/ipw-web/bulletin/bb/viewtopic.php?t=3

 

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

 

O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\j6j6lg1s16.dll (file missing)

Ferme toutes les fenêtres, tous les programmes et clique surFix checked

 

-Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

 

C:\WINDOWS\system32\j6j6lg1s16.dll=>le fichier

C:\WINDOWS\system32\cjseqchk.dll =>le fichier

C:\WINDOWS\system32\wlauserv.dll =>le fichier

C:\WINDOWS\system32\uzlmon.dll =>le fichier

 

-Lance Hoster et clique sur "Restore Original Hosts"

 

-Exécute EasyCleaner Registre et Inutiles.Ne pas toucher à la fonction doublons. Supprime tout ce qu'il te propose.

 

- On va débusquer le responsable de ces pubs intempestives(je suis pas sûr que Spysweeper l'ai viré): Fais cette recherche en mode sans échec impérativement

 

- double clique sur RegSearch.exe

- copie colle adchannel dans la première ligne de la zone de recherche

- rien dans la deuxième ligne de la zone de recherche

- clique sur OK

- après recherche, le bloc-notes ouvre une fenêtre "RegSearch.txt" avec toutes les instances trouvées

- le fichier est en outre sauvegardé dans le même répertoire que celui de RegSearch

- copie-colle le contenu de la fenêtre dans un post, ici

- ferme le bloc-notes

- ferme RegSearch par Cancel

 

Redémarre normalement et poste un nouveau rapport Hijackthis(en mode normal) pour vérification.

 

*Quelques remarques:

l autre mcaafee je lai effacer merci pour ton aide

-McAfee est toujours bien présent sur ton pc: si il rame ne t'étonne pas!avec Norton en plus, il souffre!!

 

Si tu veux on t'en débarrassera apres

 

-Fais le scan en ligne suivant et poste le rapport(je soupconne d'autres cochonneries!):

 

-Panda:

http://www.pandasoftware.com/products/acti...CACHEHINT=Guest

 

Voilà! trois rapports à poster : celui de hijackthis , le rapport de scan en ligne ,et le résultat de la recherche

 

de RegSearch.exe

Modifié le 16 novembre 2005 par charles ingals