Windows Security Center - à l'aide

[Thanos]

salut wysiwyg

 

Merci pour le rapport Spysweeper! Bon dans ton log hijackthis on retrouve les lignes 016 que tu devais fixer ainsi que le service Workstation NetLogon Service (as tu fais la manipulation sc delete?)

Encore du boulot

 

- Fais un clic droit sur le fichier suivant:DELDOMAINS Mike Burgess

puis tu cliques sur "enregistrer la cible sous"(mets le fichier sur le bureau)

 

-Télécharge Cwshredder

et met le à jour puis ferme le.

 

-Télécharge SmitfraudFix de S!Ri, moe31 et balltrap34:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Tu le décompresses tu double cliques dessus et tu choisis l’option 1(ne touche pas à l'option 2)

Cela va générer un rapport,poste le.

 

-Télécharge Clean Up 40 de Steven Gould et met le dans un dossier

 

redémarre le PC, impérativement en mode sans échec, (n'ayant pas accès à Internet, tu as préalablement copié ces instructions dans un fichier texte)Assure toi d'avoir accès à tous les fichiers.

 

Démarre Hijackthis , vas dans le menu "Misc Tools Section" =>"Delete an NT Service" => copie colle la ligne suivante dans la fenêtre:Workstation NetLogon Service puis valides.

 

Puis tu cliques sur "Back" et sur "Do a system scan only", et coche les lignes suivantes :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R3 - Default URLSearchHook is missing

 

O2 - BHO: (no name) - {24D7F30F-899B-1DBE-BFBF-BD478BF760FD} - (no file)

O2 - BHO: (no name) - {69C0A8D5-09FF-0C21-6FB1-DD6D344A8BBF} - (no file)

O2 - BHO: (no name) - {9B46EFA0-A8CD-6ED9-3D1F-B1FF1A5FC359} - (no file)

 

O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} - http://www.20x2p.com/d02b7637/enter.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

 

O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\mslq.exe" /s (file missing)

Ferme toutes les fenêtres, tous les programmes et clique surFix checked

 

-Lance Deldomains

 

-Lance Cwshredder et clique sur "Fix"

 

- -Ouvre CleanUp40 et vas sur "clean up custom" et assure toi que seules ces cases sont cochées:

 

* Empty Recycle Bins

* Delete Cookies

* Delete Prefetch files

* Cleanup! All Users

 

Puis lance le scan(cleanup)

 

-aide en image:(merci a Balltrap34)

http://pageperso.aol.fr/balltrap34/democleanup.htm

 

-Exécute EasyCleaner Registre et Inutiles.Ne pas toucher à la fonction doublons. Supprime tout ce qu'il te propose.( ou CCleaner!comme te l'a montré S.Birkoff)

 

Redémarre normalement et poste un nouveau rapport Hijackthis pour vérification+ le rapport généré par Smitfraudfix.

 

-Met à jour et refais un scan avec Spysweeper et garde le rapport que tu postes avec le reste.

 

A+ tard

[wysiwyg]

Bonjour!!

 

Bon, j’ai tout fait sauf une chose…( Démarre Hijackthis , vas dans le menu "Misc Tools Section" =>"Delete an NT Service" => copie colle la ligne suivante dans la fenêtre:Workstation NetLogon Service puis valides.)

 

Je ne pouvais pas le faire parce que ca me disait :

 

Service Workstation NetLogon Service was not found in the registry, make sure you entered the short name of the service., vbexclamation

 

 

et voici les rapports (bonne lecture… il y en a!! hehe)

 

Rapport de Hijackthis :

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ACS.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\EASYPH~1\Apache\apache.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe

C:\PROGRA~1\EASYPH~1\Apache\apache.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\Sierra Wireless Inc\AirCard 555\Generic\Components\SwiWiFiComm.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\System32\ZoomingHook.exe

C:\WINDOWS\System32\TCtrlIOHook.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RAMASST.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Olivier Bourgeois\Desktop\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe

O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Workstation NetLogon Service ( 11Fßä #·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\mslq.exe" /s (file missing)

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe" --ntservice (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MySql - Unknown owner - C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless Inc\AirCard 555\Generic\Components\SwiWiFiComm.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

 

 

 

 

Rapport de SmitFraudFix :

 

SmitFraudFix v2.01

 

Rapport fait à 0:39:37,04 le 2005-12-01

Executé à partir de C:\Documents and Settings\Olivier Bourgeois\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600]

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Olivier Bourgeois\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

 

 

 

 

Rapport de Spy Sweeper :

 

********

01:13: | Start of Session, 1 décembre 2005 |

01:13: Spy Sweeper started

01:13: Sweep initiated using definitions version 576

01:13: Starting Memory Sweep

01:15: Memory Sweep Complete, Elapsed Time: 00:02:12

01:15: Starting Registry Sweep

01:15: Registry Sweep Complete, Elapsed Time:00:00:14

01:15: Starting Cookie Sweep

01:15: Found Spy Cookie: xiti cookie

01:15: olivier bourgeois@xiti[1].txt (ID = 3717)

01:15: Cookie Sweep Complete, Elapsed Time: 00:00:00

01:15: Starting File Sweep

01:38: File Sweep Complete, Elapsed Time: 00:22:45

01:38: Full Sweep has completed. Elapsed time 00:25:14

01:38: Traces Found: 1

02:33: Removal process initiated

02:33: Quarantining All Traces: xiti cookie

02:33: Removal process completed. Elapsed time 00:00:00

********

01:12: | Start of Session, 1 décembre 2005 |

01:12: Spy Sweeper started

01:12: Sweep initiated using definitions version 576

01:12: Starting Memory Sweep

01:12: Sweep Canceled

01:12: Memory Sweep Complete, Elapsed Time: 00:00:07

01:12: Traces Found: 0

01:13: Updating spyware definitions

01:13: Your definitions are up to date.

01:13: | End of Session, 1 décembre 2005 |

********

22:22: | Start of Session, 29 novembre 2005 |

22:22: Spy Sweeper started

22:22: Sweep initiated using definitions version 576

22:22: Starting Memory Sweep

22:22: The Spy Communication shield has blocked access to: www.trackhits.cc

22:22: The Spy Communication shield has blocked access to: www.trackhits.cc

22:23: Found Adware: cws_ns3

22:23: Detected running threat: C:\WINDOWS\system32\javapk32.dll (ID =

22:24: Detected running threat: C:\WINDOWS\system32\mslq.exe (ID =

22:24: Detected running threat: C:\WINDOWS\system32\appzg.exe (ID =

22:24: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || appzg.exe (ID = 0)

22:25: Memory Sweep Complete, Elapsed Time: 00:02:43

22:25: Starting Registry Sweep

22:25: HKCR\clsid\{2b5a2313-ae67-454e-9a8b-f74070e57f1b}\ (2 subtraces) (ID = 117744)

22:25: HKCR\clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}\ (ID = 118649)

22:25: HKCR\clsid\{ab537fc9-e3d4-fbbf-80fd-2cde0abcc38b}\ (2 subtraces) (ID = 118808)

22:25: HKLM\software\classes\clsid\{2b5a2313-ae67-454e-9a8b-f74070e57f1b}\ (2 subtraces) (ID = 119620)

22:25: HKLM\software\classes\clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}\ (ID = 120496)

22:25: HKLM\software\classes\clsid\{ab537fc9-e3d4-fbbf-80fd-2cde0abcc38b}\ (2 subtraces) (ID = 120646)

22:25: Found Adware: cws_ns3 hijacker

22:25: HKLM\software\microsoft\internet explorer\main\ || default_search_url (ID = 123394)

22:25: HKLM\software\microsoft\internet explorer\main\ || search bar (ID = 123395)

22:25: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 123396)

22:25: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 123399)

22:25: HKU\S-1-5-21-198941390-2361638963-1484250780-1006\software\microsoft\internet explorer\main\ || search bar (ID = 123390)

22:25: HKU\S-1-5-21-198941390-2361638963-1484250780-1006\software\microsoft\internet explorer\main\ || search page (ID = 123391)

22:25: HKU\S-1-5-21-198941390-2361638963-1484250780-1006\software\microsoft\internet explorer\search\ || searchassistant (ID = 123398)

22:25: Registry Sweep Complete, Elapsed Time:00:00:29

22:25: Starting Cookie Sweep

22:25: Found Spy Cookie: yieldmanager cookie

22:25: olivier bourgeois@ad.yieldmanager[1].txt (ID = 3751)

22:25: Found Spy Cookie: advertising cookie

22:25: olivier bourgeois@advertising[1].txt (ID = 2175)

22:25: Found Spy Cookie: atlas dmt cookie

22:25: olivier bourgeois@atdmt[2].txt (ID = 2253)

22:25: Found Spy Cookie: belnk cookie

22:25: olivier bourgeois@belnk[1].txt (ID = 2292)

22:25: olivier bourgeois@dist.belnk[2].txt (ID = 2293)

22:25: Found Spy Cookie: ru4 cookie

22:25: olivier bourgeois@edge.ru4[1].txt (ID = 3269)

22:25: Found Spy Cookie: maxserving cookie

22:25: olivier bourgeois@maxserving[2].txt (ID = 2966)

22:25: Found Spy Cookie: trafficmp cookie

22:25: olivier bourgeois@trafficmp[2].txt (ID = 3581)

22:25: Found Spy Cookie: tribalfusion cookie

22:25: olivier bourgeois@tribalfusion[1].txt (ID = 3589)

22:25: Found Spy Cookie: xiti cookie

22:25: olivier bourgeois@xiti[1].txt (ID = 3717)

22:25: Cookie Sweep Complete, Elapsed Time: 00:00:02

22:25: Starting File Sweep

22:26: Found Adware: coolwebsearch (cws)

22:26: a0136517.dll (ID = 190732)

22:27: Found Adware: security iguard

22:27: chmhelp.chm (ID = 75238)

22:27: win.ini.backup:pncpkg (ID = 190732)

22:32: kb893803.log:onwkob (ID = 190732)

22:34: a0136714.dll (ID = 190732)

22:38: 0.log:rxnrsk (ID = 190732)

22:38: a0137748.dll (ID = 190732)

22:39: win.ini:pncpkg (ID = 190732)

22:39: a0137749.dll (ID = 190732)

22:40: a0136713.dll (ID = 190732)

22:40: a0136715.dll (ID = 190732)

22:41: ebxhw.dll (ID = 190732)

22:43: ennco.txt:deeoot (ID = 190732)

22:43: a0137745.dll (ID = 190732)

22:44: kb896358.log:bcaivp (ID = 190732)

22:46: a0137746.dll (ID = 190732)

22:46: epstplog.txt:mzffsv (ID = 190732)

22:47: Found Adware: spysheriff

22:47: a0136557.exe (ID = 198832)

22:47: dc378.url (ID = 54454)

22:47: dc379.url (ID = 54373)

22:47: dc377.url (ID = 54472)

22:47: credit counseling.url (ID = 130668)

22:47: insurance home.url (ID = 130676)

22:47: mortgage life insurance.url (ID = 130681)

22:47: help desk software.url (ID = 130675)

22:47: ab scissor.url (ID = 130666)

22:47: videos.url (ID = 130694)

22:47: what is hydrocodone.url (ID = 130695)

22:47: online gambling casino.url (ID = 130684)

22:47: refinancing my mortgage.url (ID = 130691)

22:47: debt credit card.url (ID = 130671)

22:47: fha.url (ID = 130673)

22:47: loan for debt consolidation.url (ID = 130677)

22:47: health insurance.url (ID = 130674)

22:47: personal loans online.url (ID = 130688)

22:47: payroll advance.url (ID = 130687)

22:47: marketing email.url (ID = 130679)

22:47: prescription drugs rx online.url (ID = 130690)

22:47: credit report.url (ID = 130669)

22:47: tahoe vacation rental.url (ID = 130692)

22:48: escorts.url (ID = 130672)

22:48: order phentermine.url (ID = 130686)

22:48: mortgage insurance.url (ID = 130680)

22:48: personal loans with bad credit.url (ID = 130689)

22:48: crm software.url (ID = 130670)

22:48: nevada corporations.url (ID = 130682)

22:48: unsecured bad credit loans.url (ID = 130693)

22:48: loan for people with bad credit.url (ID = 130678)

22:48: broadband comparison.url (ID = 130667)

22:48: online betting site.url (ID = 130683)

22:48: online instant loan.url (ID = 130685)

22:48: dc350.url (ID = 54454)

22:48: dc351.url (ID = 54373)

22:48: dc349.url (ID = 54472)

22:48: search the web.url (ID = 54454)

22:48: only sex website.url (ID = 54373)

22:48: seven days of free porn.url (ID = 54472)

22:48: Found Adware: java byteverify

22:48: gummy.class-5cefca2b-1b3cadb3.class (ID = 64824)

22:52: File Sweep Complete, Elapsed Time: 00:26:30

22:52: Full Sweep has completed. Elapsed time 00:29:45

22:52: Traces Found: 93

22:54: Removal process initiated

22:55: Quarantining All Traces: cws_ns3

22:55: Quarantining All Traces: spysheriff

22:55: Quarantining All Traces: coolwebsearch (cws)

22:55: Quarantining All Traces: cws_ns3 hijacker

22:55: Quarantining All Traces: java byteverify

22:55: Quarantining All Traces: security iguard

22:55: Quarantining All Traces: advertising cookie

22:55: Quarantining All Traces: atlas dmt cookie

22:55: Quarantining All Traces: belnk cookie

22:55: Quarantining All Traces: maxserving cookie

22:55: Quarantining All Traces: ru4 cookie

22:55: Quarantining All Traces: trafficmp cookie

22:55: Quarantining All Traces: tribalfusion cookie

22:55: Quarantining All Traces: xiti cookie

22:55: Quarantining All Traces: yieldmanager cookie

22:56: Preparing to restart your computer. Please wait...

22:56: Removal process completed. Elapsed time 00:02:33

********

22:11: | Start of Session, 29 novembre 2005 |

22:11: Spy Sweeper started

22:11: Your spyware definitions have been updated.

22:22: | End of Session, 29 novembre 2005 |

 

 

 

Merci bcp

[Thanos]

salut wysiwyg

 

Le dernier rapport de spysweeper est propre,et il a bien éradiqué smitfraud!(tu peux te débarrasser de smit fraudfix!)Ton rapport hijack ne montre rien d'infectieux si ce n'est ce service(qui est un reste,mais pas actif!)

Essaie ceci : au lieu de coller Workstation NetLogon Service , essaie de copier/coller : 11Fßä #·ºÄÖ`I =>c'est son petit nom refais la même manipulation( Démarre Hijackthis , vas dans le menu "Misc Tools Section" =>"Delete an NT Service" => copie colle la ligne suivante dans la fenêtre : 11Fßä #·ºÄÖ`I )

et refais un log hijack pour voir si la ligne 023 a disparu.

 

-Pour être sur que toutes les adresses douteuses mentionnées par Spysweeper ne sont pas présentes dans ton fichier Hosts, vas dans C:\WINDOWS\system32\drivers\etc puis cherche le fichier hosts, double clique dessus,puis une fenêtre apparaitra te demandant quel programme utiliser pour l'ouvrir,sélectionne le Bloc-notes et clique sur OK .Copie /colle ici le contenu(sauf si il fait 3 pages!)

 

-Fais un scan ici et poste le rapport:

 

-Panda:

http://www.pandasoftware.com/products/acti...CACHEHINT=Guest

 

@+