Windows Security Center - à l'aide

[wysiwyg]

Bonjour!

 

j'ai des problèmes avec la sécurité sur mon ordinateur. Je recois constamment des messages du genre 'Windows Security Center : Warning : Windows Firewall detected suspicious network activity on your computer. Malicious software codes try to steal your privacy information, such as credit card numbers, electronic mail accounts, financial data or passwords. Do you want to learn how to protect your computer?'

 

Je ne sais plus quoi faire dutout. 2 amis programmeurs ont tenté de m'aider et personne n'a réussi encore..

 

 

Voici les problèmes que j'ai :

 

-Popup d'une fenêtre Windows Security Center

-Apparition du petit bouclier rouge aux allures de Norton me disant dacheter un anti-spy

-Fenêtre d'accueil gelé a blank affichant un site d'antispy (impossible de la modifier)

-Apparition de pop ups de publicités

-Il y a de ca trois jour, mon desktop sest changé tout seul et à afficher un message de virus en fond d'écran

-Un message note pad est apparu par lui meme et un mesage s'est tapé en real time

 

 

Voici ce que j'ai tenté de faire jusqu'à présent, avant d'écrire sur ce forum :

 

-J'ai lu le tutorial que propose ce forum

-j'ai consulté plusieurs thread sur plusieurs forums

-J'ai fait rouler HiJackThis et j'ai tenté de supprimer les fichiers de type R1

-Je suis aller deleter à la source les fichiers louche .dll dans windows

-j'ai deleter manuellement des fichiers dans add/remove mais.... je suis incapable de deleter ceux relier a coolWebSearch

-J'ai réinstaller Norton et je l'ai passé en mode sans échec

-J'ai deleter les R1, redemarrer et passé un par un : Spybot search and destroy, adaware et norton

-j'ai deleter tous mes temp files

 

Lors que je click 'fix this' avec hijackthis, tout se remet au démarrage..... Bref aucun de ces outils n'a réussi à enlever mes problème.

 

De l'aide serait fortement apprécié!! voivi mon log (les R1 sont revenu puisque même si je les delete.. il se réactive au lancement de IE è chauqe fois :

 

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ACS.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\EASYPH~1\Apache\apache.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\EASYPH~1\Apache\apache.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sierra Wireless Inc\AirCard 555\Generic\Components\SwiWiFiComm.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\mslq.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\System32\ZoomingHook.exe

C:\WINDOWS\System32\TCtrlIOHook.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\appzg.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RAMASST.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe

C:\DOCUME~1\OLIVIE~1\LOCALS~1\Temp\Adobelm_Cleanup.0001

C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

C:\DOCUME~1\OLIVIE~1\LOCALS~1\Temp\Adobelm_Cleanup.0001

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Olivier Bourgeois\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ebxhw.dll/sp.html#44768

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ebxhw.dll/sp.html#44768

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ebxhw.dll/sp.html#44768

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ebxhw.dll/sp.html#44768

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ebxhw.dll/sp.html#44768

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ebxhw.dll/sp.html#44768

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ebxhw.dll/sp.html#44768

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Class - {233DFA5E-F204-29B4-564A-8AA698602B60} - C:\WINDOWS\system32\javapk32.dll

O2 - BHO: Class - {24D7F30F-899B-1DBE-BFBF-BD478BF760FD} - C:\WINDOWS\system32\msaa32.dll (file missing)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Class - {69C0A8D5-09FF-0C21-6FB1-DD6D344A8BBF} - C:\WINDOWS\ntgu.dll (file missing)

O2 - BHO: Class - {9B46EFA0-A8CD-6ED9-3D1F-B1FF1A5FC359} - C:\WINDOWS\crbm.dll (file missing)

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe

O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [CyberLat Ram Cleaner] C:\Program Files\CyberLat\CyberLat RAM Cleaner 2,0\CLRamCleaner.exe

O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [uniUploader] C:\Program Files\Uni-Uploader\UniUploader.exe

O4 - HKLM\..\Run: [apiby32.exe] C:\WINDOWS\apiby32.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [appzg.exe] C:\WINDOWS\system32\appzg.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} - http://www.20x2p.com/d02b7637/enter.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\mslq.exe" /s (file missing)

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe" --ntservice (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MySql - Unknown owner - C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless Inc\AirCard 555\Generic\Components\SwiWiFiComm.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

 

 

MERCI!!

[Thanos]

salut wysiwyg et bienvenue sur le forum

 

Ton pc est bien infecté!

 

Télécharge SpySweeper (de Webroot) ICI (version d'essai - 14 jours):

• Clic sur le lien Free Trial sous la rubrique "SpySweeper".
  
• Installe le programme. Une fois installé, il se lancera.
  
• L'option de le mettre à jour s'affichera; clic Yes.
  
• Lorsque les mises à jour seront installées, clic Options sur la gauche.
  
• Clic sur l'onglet Sweep Options.
  
• Sous What to Sweep, coche les options suivantes:
  • 
    
  • Sweep Memory
    
  • Sweep Registry
    
  • Sweep Cookies
    
  • Sweep All User Accounts
    
  • Enable Direct Disk Sweeping
    
  • Sweep Contents of Compressed Files
    
  • Sweep for Rootkits
    
  • DÉCOCHE Do not Sweep System Restore Folder.
    

  [*]Clic Sweep Now sur la gauche.

  [*]Clic sur Start.

  [*]Quand le scan est terminé, clic sur Next.

  [*]Assure-toi que tous les items sont cochés, puis clic sur Next.

  [*]Tous les items cochés seront éliminés.

  [*]Si Spy Sweeper veut redémarrer pour terminer le nettoyage : ACCEPTE.

  [*]Clic Session Log au haut - à droite, et copie tout ce qu'il y a dans la fenêtre.

  [*]Clic sur l'onglet Summary, puis clic sur Finish.

  [*]Colle le contenu du "Session Log" dans ta prochaine réponse.

Puis tu postes le rapport de Spysweeper ainsi qu'un nouveau log hijackthis en mode normal à la suite.

[wysiwyg]

merci beaucoup pour ton temps! je fais ca a l'instant je reviens tantot

[wysiwyg]

resalut! Malheureusement, je n'ai pas pu copier le session log dans spy sweeper! Je ne l'ai pas trouvé, par contre, voici le log de highjack this. En passant je suis TRÈS heureux de voir que mon problème de homepage semble arrangé!!! MILLE merci a toi. Maintenant, reste a voir si les pop ups vont revenir. D'ici la, voici le log :

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ACS.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\EASYPH~1\Apache\apache.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\PROGRA~1\EASYPH~1\Apache\apache.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\System32\ZoomingHook.exe

C:\WINDOWS\System32\TCtrlIOHook.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program Files\Sierra Wireless Inc\AirCard 555\Generic\Components\SwiWiFiComm.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Olivier Bourgeois\Desktop\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Class - {24D7F30F-899B-1DBE-BFBF-BD478BF760FD} - C:\WINDOWS\system32\msaa32.dll (file missing)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Class - {69C0A8D5-09FF-0C21-6FB1-DD6D344A8BBF} - C:\WINDOWS\ntgu.dll (file missing)

O2 - BHO: Class - {9B46EFA0-A8CD-6ED9-3D1F-B1FF1A5FC359} - C:\WINDOWS\crbm.dll (file missing)

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe

O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [CyberLat Ram Cleaner] C:\Program Files\CyberLat\CyberLat RAM Cleaner 2,0\CLRamCleaner.exe

O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [uniUploader] C:\Program Files\Uni-Uploader\UniUploader.exe

O4 - HKLM\..\Run: [apiby32.exe] C:\WINDOWS\apiby32.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} - http://www.20x2p.com/d02b7637/enter.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\mslq.exe" /s (file missing)

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe" --ntservice (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MySql - Unknown owner - C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless Inc\AirCard 555\Generic\Components\SwiWiFiComm.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

[Thanos]

salut wysiwyg

 

Dommage que tu n'ai pas retrouvé le rapport de spysweeper,c'est important!Regarde dans le dossier de Spysweeper,si tu le trouve.

Bon un nettoyage s'impose!

 

-Télécharge EasyCleaner(installe le dans son dossier):

http://personal.inet.fi/business/toniarts/files/EClea2_0.exe

 

redémarre le PC, impérativement en mode sans échec, (n'ayant pas accès à Internet, tu as préalablement copié ces instructions dans un fichier texte)

 

Assure toi d'avoir accès à tous les fichiers.

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Activer la case : Afficher les fichiers et dossiers cachés

Désactiver la case : Masquer les extensions des fichiers dont le type est connu

Désactiver la case : Masquer les fichiers protégés du système d'exploitation

Puis Appliquer

-vas dans le menu démarrer executer et tu tapes : cmd

 

dans la boite de dialogue qui s'ouvre, tu tapes :

sc stop Workstation NetLogon Service

 

sc delete Workstation NetLogon Service

 

Un message t'avertis du succès de l'opération.

 

Démarre Hijackthis "Do a system scan only", et coche les lignes suivantes :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R3 - Default URLSearchHook is missing

 

O2 - BHO: Class - {24D7F30F-899B-1DBE-BFBF-BD478BF760FD} - C:\WINDOWS\system32\msaa32.dll (file missing)

O2 - BHO: Class - {69C0A8D5-09FF-0C21-6FB1-DD6D344A8BBF} - C:\WINDOWS\ntgu.dll (file missing)

O2 - BHO: Class - {9B46EFA0-A8CD-6ED9-3D1F-B1FF1A5FC359} - C:\WINDOWS\crbm.dll (file missing)

 

O4 - HKLM\..\Run: [apiby32.exe] C:\WINDOWS\apiby32.exe

 

O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} - http://www.20x2p.com/d02b7637/enter.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

 

O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\mslq.exe" /s (file missing)

Ferme toutes les fenêtres, tous les programmes et clique surFix checked

 

C:\WINDOWS\apiby32.exe=>le fichier

 

-Exécute EasyCleaner Registre et Inutiles.Ne pas toucher à la fonction doublons. Supprime tout ce qu'il te propose.

 

Redémarre normalement et poste un nouveau rapport Hijackthis(en mode normal) pour vérification.

 

Va faire ce scan en ligne: securiser, et poste le rapport ici=>

 

http://www.secuser.com/antivirus/index.htm

[wysiwyg]

''-Télécharge EasyCleaner(installe le dans son dossier):

http://personal.inet.fi/business/toniarts/...0.exe''

 

Salut!

 

Lorsque je dowload le fichier EClea2_0.exe.... et que je click dessus... il ne se passe rien dutout. Aucun installeur apparait à l'écran donc je ne vois pas vraiment comment je pourrais l'installaller dans ''son dossier'' ?

 

 

Merci

[S.Birkoff]

Bonsoir wysiwyg,

 

Essaye avec CCleaner :

 

Télécharge CCleaner et installe le. Lance le en double cliquant sur CCleaner.exe

• • S
    uppre
    s
    s
    ion de
    s
    fichier
    s
    temporaire
    s

    
    

• Va dans la section "Options" situé dans la marge gauche. Va dans "Avancé" et décoche "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Retourne ensuite dans la section "Nettoyeur"
  
• Fais bien attention de cocher toutes les cases dans la marge gauche (Internet Explorer/Windows Explorer/Système/Avancé)
  
• Clique sur Analyse
  
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
  
• Une fois le scan terminé, clique sur Lancer le Nettoyage
  

• • S
    uppre
    s
    s
    ion de
    s
    incoh
    é
    rence du regi
    s
    tre

    
    

• Clique sur l'icône Erreurs situés dans la marge à gauche.
  
• Puis clique sur Analyser les erreurs
  
• Patiente pendant que CCleaner scan ton registre.
  
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
  
• Tu peux cliquer ensuite sur Corriger les erreurs.
  
• Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrèes cochées pour les restaurer ultérieurement.
  

Bonne soirée

Birkoff

[wysiwyg]

Merci beaucoup Birkoff!!! J'ai fait ce que tu m'a dit et je crois que ca n'a pas fait de tort

 

 

Maintenant, je vais attendre la réponse de charles ingals pour mon problème d'installeur.

 

Merci bcp a vous 2! Mon portable se porte beaucoup mieux depuis que vous êtes arrivé dans sa vie hehehe

[Thanos]

salut wysiwyg,S.Birkoff

 

Tu peux poster un nouveau log hijackthis en mode normal pour voir le résultat stp.Merci à S.Birkoff

Toujours pas de log Spysweeper?

[wysiwyg]

Salut! je viens de trouver l'onglet session log ! le voici (c'était le log d'hier soir..) :

 

********

22:22: | Start of Session, 29 novembre 2005 |

22:22: Spy Sweeper started

22:22: Sweep initiated using definitions version 576

22:22: Starting Memory Sweep

22:22: The Spy Communication shield has blocked access to: www.trackhits.cc

22:22: The Spy Communication shield has blocked access to: www.trackhits.cc

22:23: Found Adware: cws_ns3

22:23: Detected running threat: C:\WINDOWS\system32\javapk32.dll (ID =

22:24: Detected running threat: C:\WINDOWS\system32\mslq.exe (ID =

22:24: Detected running threat: C:\WINDOWS\system32\appzg.exe (ID =

22:24: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || appzg.exe (ID = 0)

22:25: Memory Sweep Complete, Elapsed Time: 00:02:43

22:25: Starting Registry Sweep

22:25: HKCR\clsid\{2b5a2313-ae67-454e-9a8b-f74070e57f1b}\ (2 subtraces) (ID = 117744)

22:25: HKCR\clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}\ (ID = 118649)

22:25: HKCR\clsid\{ab537fc9-e3d4-fbbf-80fd-2cde0abcc38b}\ (2 subtraces) (ID = 118808)

22:25: HKLM\software\classes\clsid\{2b5a2313-ae67-454e-9a8b-f74070e57f1b}\ (2 subtraces) (ID = 119620)

22:25: HKLM\software\classes\clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}\ (ID = 120496)

22:25: HKLM\software\classes\clsid\{ab537fc9-e3d4-fbbf-80fd-2cde0abcc38b}\ (2 subtraces) (ID = 120646)

22:25: Found Adware: cws_ns3 hijacker

22:25: HKLM\software\microsoft\internet explorer\main\ || default_search_url (ID = 123394)

22:25: HKLM\software\microsoft\internet explorer\main\ || search bar (ID = 123395)

22:25: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 123396)

22:25: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 123399)

22:25: HKU\S-1-5-21-198941390-2361638963-1484250780-1006\software\microsoft\internet explorer\main\ || search bar (ID = 123390)

22:25: HKU\S-1-5-21-198941390-2361638963-1484250780-1006\software\microsoft\internet explorer\main\ || search page (ID = 123391)

22:25: HKU\S-1-5-21-198941390-2361638963-1484250780-1006\software\microsoft\internet explorer\search\ || searchassistant (ID = 123398)

22:25: Registry Sweep Complete, Elapsed Time:00:00:29

22:25: Starting Cookie Sweep

22:25: Found Spy Cookie: yieldmanager cookie

22:25: olivier bourgeois@ad.yieldmanager[1].txt (ID = 3751)

22:25: Found Spy Cookie: advertising cookie

22:25: olivier bourgeois@advertising[1].txt (ID = 2175)

22:25: Found Spy Cookie: atlas dmt cookie

22:25: olivier bourgeois@atdmt[2].txt (ID = 2253)

22:25: Found Spy Cookie: belnk cookie

22:25: olivier bourgeois@belnk[1].txt (ID = 2292)

22:25: olivier bourgeois@dist.belnk[2].txt (ID = 2293)

22:25: Found Spy Cookie: ru4 cookie

22:25: olivier bourgeois@edge.ru4[1].txt (ID = 3269)

22:25: Found Spy Cookie: maxserving cookie

22:25: olivier bourgeois@maxserving[2].txt (ID = 2966)

22:25: Found Spy Cookie: trafficmp cookie

22:25: olivier bourgeois@trafficmp[2].txt (ID = 3581)

22:25: Found Spy Cookie: tribalfusion cookie

22:25: olivier bourgeois@tribalfusion[1].txt (ID = 3589)

22:25: Found Spy Cookie: xiti cookie

22:25: olivier bourgeois@xiti[1].txt (ID = 3717)

22:25: Cookie Sweep Complete, Elapsed Time: 00:00:02

22:25: Starting File Sweep

22:26: Found Adware: coolwebsearch (cws)

22:26: a0136517.dll (ID = 190732)

22:27: Found Adware: security iguard

22:27: chmhelp.chm (ID = 75238)

22:27: win.ini.backup:pncpkg (ID = 190732)

22:32: kb893803.log:onwkob (ID = 190732)

22:34: a0136714.dll (ID = 190732)

22:38: 0.log:rxnrsk (ID = 190732)

22:38: a0137748.dll (ID = 190732)

22:39: win.ini:pncpkg (ID = 190732)

22:39: a0137749.dll (ID = 190732)

22:40: a0136713.dll (ID = 190732)

22:40: a0136715.dll (ID = 190732)

22:41: ebxhw.dll (ID = 190732)

22:43: ennco.txt:deeoot (ID = 190732)

22:43: a0137745.dll (ID = 190732)

22:44: kb896358.log:bcaivp (ID = 190732)

22:46: a0137746.dll (ID = 190732)

22:46: epstplog.txt:mzffsv (ID = 190732)

22:47: Found Adware: spysheriff

22:47: a0136557.exe (ID = 198832)

22:47: dc378.url (ID = 54454)

22:47: dc379.url (ID = 54373)

22:47: dc377.url (ID = 54472)

22:47: credit counseling.url (ID = 130668)

22:47: insurance home.url (ID = 130676)

22:47: mortgage life insurance.url (ID = 130681)

22:47: help desk software.url (ID = 130675)

22:47: ab scissor.url (ID = 130666)

22:47: videos.url (ID = 130694)

22:47: what is hydrocodone.url (ID = 130695)

22:47: online gambling casino.url (ID = 130684)

22:47: refinancing my mortgage.url (ID = 130691)

22:47: debt credit card.url (ID = 130671)

22:47: fha.url (ID = 130673)

22:47: loan for debt consolidation.url (ID = 130677)

22:47: health insurance.url (ID = 130674)

22:47: personal loans online.url (ID = 130688)

22:47: payroll advance.url (ID = 130687)

22:47: marketing email.url (ID = 130679)

22:47: prescription drugs rx online.url (ID = 130690)

22:47: credit report.url (ID = 130669)

22:47: tahoe vacation rental.url (ID = 130692)

22:48: escorts.url (ID = 130672)

22:48: order phentermine.url (ID = 130686)

22:48: mortgage insurance.url (ID = 130680)

22:48: personal loans with bad credit.url (ID = 130689)

22:48: crm software.url (ID = 130670)

22:48: nevada corporations.url (ID = 130682)

22:48: unsecured bad credit loans.url (ID = 130693)

22:48: loan for people with bad credit.url (ID = 130678)

22:48: broadband comparison.url (ID = 130667)

22:48: online betting site.url (ID = 130683)

22:48: online instant loan.url (ID = 130685)

22:48: dc350.url (ID = 54454)

22:48: dc351.url (ID = 54373)

22:48: dc349.url (ID = 54472)

22:48: search the web.url (ID = 54454)

22:48: only sex website.url (ID = 54373)

22:48: seven days of free porn.url (ID = 54472)

22:48: Found Adware: java byteverify

22:48: gummy.class-5cefca2b-1b3cadb3.class (ID = 64824)

22:52: File Sweep Complete, Elapsed Time: 00:26:30

22:52: Full Sweep has completed. Elapsed time 00:29:45

22:52: Traces Found: 93

22:54: Removal process initiated

22:55: Quarantining All Traces: cws_ns3

22:55: Quarantining All Traces: spysheriff

22:55: Quarantining All Traces: coolwebsearch (cws)

22:55: Quarantining All Traces: cws_ns3 hijacker

22:55: Quarantining All Traces: java byteverify

22:55: Quarantining All Traces: security iguard

22:55: Quarantining All Traces: advertising cookie

22:55: Quarantining All Traces: atlas dmt cookie

22:55: Quarantining All Traces: belnk cookie

22:55: Quarantining All Traces: maxserving cookie

22:55: Quarantining All Traces: ru4 cookie

22:55: Quarantining All Traces: trafficmp cookie

22:55: Quarantining All Traces: tribalfusion cookie

22:55: Quarantining All Traces: xiti cookie

22:55: Quarantining All Traces: yieldmanager cookie

22:56: Preparing to restart your computer. Please wait...

22:56: Removal process completed. Elapsed time 00:02:33

********

22:11: | Start of Session, 29 novembre 2005 |

22:11: Spy Sweeper started

22:11: Your spyware definitions have been updated.

22:22: | End of Session, 29 novembre 2005 |

 

 

voici maintenant le HIjackthis :

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ACS.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\EASYPH~1\Apache\apache.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\EASYPH~1\Apache\apache.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\System32\ZoomingHook.exe

C:\WINDOWS\System32\TCtrlIOHook.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RAMASST.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Sierra Wireless Inc\AirCard 555\Generic\Components\SwiWiFiComm.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe

C:\DOCUME~1\OLIVIE~1\LOCALS~1\Temp\Adobelm_Cleanup.0001

C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

C:\DOCUME~1\OLIVIE~1\LOCALS~1\Temp\Adobelm_Cleanup.0001

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Olivier Bourgeois\Desktop\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {24D7F30F-899B-1DBE-BFBF-BD478BF760FD} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {69C0A8D5-09FF-0C21-6FB1-DD6D344A8BBF} - (no file)

O2 - BHO: (no name) - {9B46EFA0-A8CD-6ED9-3D1F-B1FF1A5FC359} - (no file)

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe

O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} - http://www.20x2p.com/d02b7637/enter.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\mslq.exe" /s (file missing)

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe" --ntservice (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MySql - Unknown owner - C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless Inc\AirCard 555\Generic\Components\SwiWiFiComm.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe