[Résolu] Pop ups sur le PC cette fois. - Sécurité - Virus
TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !
 

Ajouter une réponse



 Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : [Résolu] Pop ups sur le PC cette fois.
 
soca_09
Profil : IDNaute
Plus d'informations
n°107486
11-08-2006 à 16:04:21

Bonjour,

après mon portable, c'est le PC familial qui est attaqué, voici le log de Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 16:00:41, on 11/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Mathieu\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.guitarpart.fr/forum/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [13F.tmp] C:\DOCUME~1\Mathieu\LOCALS~1\Temp\13F.tmp.exe
O4 - HKLM\..\Run: [140.tmp] C:\DOCUME~1\Mathieu\LOCALS~1\Temp\140.tmp.exe
O4 - HKLM\..\Run: [13F.tmp.exe] C:\DOCUME~1\Mathieu\LOCALS~1\Temp\13F.tmp.exe
O4 - HKLM\..\Run: [140.tmp.exe] C:\DOCUME~1\Mathieu\LOCALS~1\Temp\140.tmp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?9df473757e4cb883b51dd8d5de20ab
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?9df473757e4cb883b51dd8d5de20ab
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 3071835578
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.caramail.lycos.fr [...] loader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

A l'aide? :sweat:


Message édité par soca_09 le 09-09-2006 à 19:12:28
Liens spon sorisés

Inscrivez-vous ou connectez-vous pour masquer ceci.

Malekal_mo rte
Profil : IDNaute
Plus d'informations
n°107487
11-08-2006 à 16:28:31

C:\Documents and Settings\Mathieu\Bureau\HijackThis.exe <-- renomme le en scanner.exe
double clic sur scanner.exe
génère un nouveau rapport et copie/colle ici

fais ça aussi :

- Télécharge chercher.zip sur ton bureau
- Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé
- Ouvre le et double-clic sur chercher.cmd
- Une fenêtre va s'ouvrir, laisse la ouverte et appuie sur une touche quand on te le demande
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller

shutdownfu ri
Shutdownfuri
Profil : IDNaute
Plus d'informations
n°107489
11-08-2006 à 16:31:46

Chalut si tu as un probleme de spy comme je le pense installe spybot il est gratuit, en francais, de petite taille et performant:
http://www.spybot.info/fr/download/index.html
Fait un scan et vire tout les merde qui traine et qui ne sert a rien.
Et tu verra tu aurra plus rien et ton PC ramera moins.
Essaye et tien moi au courrant.
Bye ++

soca_09
Profil : IDNaute
Plus d'informations
n°107496
11-08-2006 à 17:06:04

Merci à tous les deux, je tenterais tout ça, mais je suis obligée de mettre ça entre parenthèse pour le moment: mon frère a voulu installer une barette mémoire et maintenant, lorsqu'on allume le PC plus rien ne s'affiche: l'écran ne réagit pas, les lumière sur le clavier ne s'allume pas... Bref, je vais poster tout ça sur une autre partie du forum j'imagine...

Merci malgrès tout.

soca_09
Profil : IDNaute
Plus d'informations
n°108194
17-08-2006 à 10:08:29

Problème de RAM réglé, le PC refonctionne. J'ai donc essayé ce que tu m'avais conseillé Malekal_morte et voice les nouveau rapports:

Scanner.exe:
Logfile of HijackThis v1.99.1
Scan saved at 10:03:35, on 17/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Mathieu\Bureau\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.guitarpart.fr/forum/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [13F.tmp] C:\DOCUME~1\Mathieu\LOCALS~1\Temp\13F.tmp.exe
O4 - HKLM\..\Run: [140.tmp] C:\DOCUME~1\Mathieu\LOCALS~1\Temp\140.tmp.exe
O4 - HKLM\..\Run: [13F.tmp.exe] C:\DOCUME~1\Mathieu\LOCALS~1\Temp\13F.tmp.exe
O4 - HKLM\..\Run: [140.tmp.exe] C:\DOCUME~1\Mathieu\LOCALS~1\Temp\140.tmp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?9df473757e4cb883b51dd8d5de20ab
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?9df473757e4cb883b51dd8d5de20ab
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 3071835578
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.caramail.lycos.fr [...] loader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

Chercher.cmd:
C:\WINDOWS\System32\wpa.dbl -->17/08/2006 08:06:02
C:\WINDOWS\System32\MRT.exe -->09/08/2006 21:03:04
C:\WINDOWS\System32\nvs2.inf -->04/08/2006 13:12:16
C:\WINDOWS\System32\mshtml.dll -->28/07/2006 13:28:08
C:\WINDOWS\System32\inetcomm.dll -->27/07/2006 15:26:19
C:\WINDOWS\System32\urlmon.dll -->25/07/2006 22:41:01
C:\WINDOWS\System32\hlink.dll -->21/07/2006 10:27:28
C:\WINDOWS\System32\netapi32.dll -->14/07/2006 17:41:05
C:\WINDOWS\System32\hhctrl.ocx -->14/07/2006 17:27:53
C:\WINDOWS\System32\perfh00C.dat -->14/07/2006 12:52:16
C:\WINDOWS\System32\perfh009.dat -->14/07/2006 12:52:16
C:\WINDOWS\System32\perfc00C.dat -->14/07/2006 12:52:16
C:\WINDOWS\System32\perfc009.dat -->14/07/2006 12:52:16
C:\WINDOWS\System32\PerfStringBackup.INI -->14/07/2006 12:52:13
C:\WINDOWS\System32\shell32.dll -->13/07/2006 15:36:01
C:\WINDOWS\System32\kernel32.dll -->05/07/2006 12:56:38
C:\WINDOWS\System32\rasadhlp.dll -->26/06/2006 19:41:32
C:\WINDOWS\System32\dnsapi.dll -->26/06/2006 19:41:32
C:\WINDOWS\System32\wininet.dll -->23/06/2006 13:11:45
C:\WINDOWS\System32\shlwapi.dll -->23/06/2006 13:11:45
C:\WINDOWS\System32\shdocvw.dll -->23/06/2006 13:11:45
C:\WINDOWS\System32\pngfilt.dll -->23/06/2006 13:11:44
C:\WINDOWS\System32\mstime.dll -->23/06/2006 13:11:44
C:\WINDOWS\System32\msrating.dll -->23/06/2006 13:11:44
C:\WINDOWS\System32\mshtmled.dll -->23/06/2006 13:11:44

C:\WINDOWS\wiadebug.log -->17/08/2006 08:33:28
C:\WINDOWS\QTFont.qfn -->17/08/2006 08:05:55
C:\WINDOWS\0.log -->17/08/2006 08:05:48
C:\WINDOWS\WindowsUpdate.log -->17/08/2006 08:05:14
C:\WINDOWS\wiaservc.log -->17/08/2006 08:05:08
C:\WINDOWS\bootstat.dat -->17/08/2006 08:04:55
C:\WINDOWS\SchedLgU.Txt -->16/08/2006 23:26:29
C:\WINDOWS\QTFont.for -->15/08/2006 18:39:40
C:\WINDOWS\Setup1.exe -->13/08/2006 15:32:31
C:\WINDOWS\ST6UNST.EXE -->13/08/2006 15:32:27
C:\WINDOWS\tsoc.log -->12/08/2006 19:53:45
C:\WINDOWS\setupapi.log -->12/08/2006 19:53:45
C:\WINDOWS\ocmsn.log -->12/08/2006 19:53:45
C:\WINDOWS\ocgen.log -->12/08/2006 19:53:45
C:\WINDOWS\ntdtcsetup.log -->12/08/2006 19:53:45


Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4C0-AA49

Répertoire de C:\WINDOWS\system32

19/08/2004 16:09 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 29 212 872 704 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4C0-AA49

Répertoire de C:\WINDOWS\Downloaded Program Files

02/08/2006 22:37 <REP> .
02/08/2006 22:37 <REP> ..
11/05/2004 12:55 1 277 992 Banksht2.dll
03/08/2005 13:25 65 desktop.ini
14/10/1997 18:52 697 DirectAnimation Java Classes.osd
07/06/2006 11:09 1 249 erma.inf
30/06/2005 17:19 155 648 FileUploader.dll
23/06/2005 10:12 373 FileUploader.inf
29/05/2003 16:00 160 864 messengerstatsclient.dll
06/04/2004 20:03 172 072 MessengerStatsPAClient.dll
20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd
29/05/2003 16:00 84 064 minesweeper.dll
30/06/2005 16:19 227 MsnMessengerSetupDownloader.inf
14/08/2005 01:26 113 664 MsnMessengerSetupDownloader.ocx
09/10/2003 11:32 144 QTPlugin.inf
27/08/2005 14:30 5 065 swflash.inf
26/05/2005 04:19 291 wuweb.inf
18/07/2006 14:35 151 080 ZIntro.ocx
16 fichier(s) 2 124 657 octets

Total des fichiers listés :
16 fichier(s) 2 124 657 octets
2 Rép(s) 29 212 872 704 octets libres

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4C0-AA49

Répertoire de C:\Program Files

15/08/2006 10:33 <REP> .
15/08/2006 10:33 <REP> ..
21/02/2006 10:29 <REP> Adobe
03/08/2005 13:56 <REP> ahead
26/03/2006 18:26 <REP> AIM
15/03/2006 15:04 <REP> ArcSoft
07/01/2006 19:38 <REP> Audacity
03/08/2005 13:39 <REP> Avance Sound Manager
03/08/2005 13:39 <REP> AvRack
13/08/2006 15:35 <REP> Black Jack Pro
14/09/2005 08:48 <REP> Bonjour
10/03/2006 10:54 <REP> Canon
28/04/2006 13:44 <REP> Codemasters
03/08/2005 13:23 <REP> ComPlus Applications
25/05/2006 22:15 <REP> CyberLink
25/05/2006 21:33 <REP> DivX
22/11/2005 20:49 <REP> EA GAMES
11/03/2006 17:41 <REP> Fichiers communs
25/05/2006 22:03 <REP> Google
03/08/2005 14:29 <REP> Grisoft
10/03/2006 11:27 <REP> Hewlett-Packard
03/08/2005 17:52 <REP> HighMAT CD Writing Wizard
10/03/2006 11:42 <REP> HP
19/07/2006 22:36 <REP> IGC
12/08/2006 19:52 <REP> Internet Explorer
04/08/2006 13:12 <REP> InternetGameBox
11/03/2006 13:29 <REP> Inventel
14/09/2005 08:48 <REP> iPod
14/09/2005 13:16 <REP> iTunes
25/11/2005 20:21 <REP> IZArc
04/08/2006 14:45 <REP> Lavasoft
27/03/2006 16:32 <REP> Maxis
26/09/2005 16:19 <REP> Media Player Classic
03/08/2005 17:54 <REP> Messenger
07/04/2006 12:48 <REP> MessengerPlus! 3
02/10/2005 15:42 <REP> Michael K. Weise
24/06/2006 21:50 <REP> Microsoft AntiSpyware
03/08/2005 14:06 <REP> microsoft frontpage
15/09/2005 14:27 <REP> Microsoft Office
03/08/2005 14:03 <REP> Microsoft Visual Studio
15/09/2005 14:30 <REP> Microsoft Works
03/08/2005 15:35 <REP> Movie Maker
03/08/2005 13:22 <REP> MSN Gaming Zone
16/04/2006 20:04 <REP> MSN Messenger
27/01/2006 13:45 <REP> MSN Toolbar Suite
20/02/2006 18:03 <REP> NCH Swift Sound
03/08/2005 15:32 <REP> NetMeeting
03/11/2005 19:09 <REP> OpenOffice.org 2.0
15/04/2006 09:05 <REP> Outlook Express
19/01/2006 13:34 <REP> QuickTime
05/08/2005 21:58 <REP> Real
03/08/2005 13:51 <REP> ScanSoft
03/08/2005 13:25 <REP> Services en ligne
24/12/2005 10:48 <REP> Shareaza
25/05/2006 22:01 <REP> SLD Codec Pack
03/08/2005 14:06 <REP> Snapshot Viewer
29/11/2005 22:24 <REP> Sony
10/10/2005 11:13 <REP> Sony Corporation
04/08/2006 14:47 <REP> Spybot - Search & Destroy
17/08/2006 08:06 <REP> Steam
20/02/2006 18:00 <REP> Thomson
10/06/2006 17:15 <REP> tracks
26/09/2005 16:10 <REP> VDCodecPack1.5
25/05/2006 21:28 <REP> VideoLAN
20/11/2005 20:24 <REP> Viewpoint
22/12/2005 20:23 <REP> Wanadoo
24/06/2006 21:50 <REP> Windows Defender
31/03/2006 18:01 <REP> Windows Media Player
03/08/2005 15:32 <REP> Windows NT
03/08/2005 13:26 <REP> xerox
06/07/2006 23:06 <REP> Yahoo!
0 fichier(s) 0 octets
71 Rép(s) 29 212 868 608 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4C0-AA49

Répertoire de C:\Program Files\fichiers communs

11/03/2006 17:41 <REP> .
11/03/2006 17:41 <REP> ..
21/02/2006 10:49 <REP> Adobe
21/12/2005 21:39 <REP> Adobe Systems Shared
11/03/2006 17:41 <REP> AVSMedia
03/08/2005 14:03 <REP> Designer
11/03/2006 13:29 278 528 FDEUnInstaller.exe
10/03/2006 11:25 <REP> Hewlett-Packard
10/03/2006 11:43 <REP> HP
20/11/2005 12:23 <REP> InstallShield
24/06/2006 21:50 <REP> Microsoft Shared
03/08/2005 13:24 <REP> MSSoap
03/08/2005 14:16 <REP> ODBC
05/08/2005 21:59 <REP> Real
03/08/2005 13:51 <REP> ScanSoft Shared
03/08/2005 13:24 <REP> Services
10/10/2005 11:13 <REP> Sony Shared
03/08/2005 14:16 <REP> SpeechEngines
15/04/2006 09:05 <REP> System
21/11/2005 20:42 <REP> Vbox
05/08/2005 21:59 <REP> xing shared
1 fichier(s) 278 528 octets
20 Rép(s) 29 212 864 512 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4C0-AA49

Répertoire de C:\

24/05/2001 13:59 162 304 UNWISE.EXE
1 fichier(s) 162 304 octets
0 Rép(s) 29 212 864 512 octets libres
c:\Documents and Settings\Jean-Luc\Local Settings\Temp\msnsearch.exe
c:\Documents and Settings\Jean-Luc\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ShFolder.Exe
c:\Documents and Settings\Jean-Luc\Mes documents\realalt142.exe
c:\Documents and Settings\Mathieu\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
c:\Documents and Settings\Mathieu\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
c:\Documents and Settings\Mathieu\Bureau\freedwgviewer.exe
c:\Documents and Settings\Mathieu\Bureau\scanner.exe.exe
c:\Documents and Settings\Mathieu\Bureau\solfege-win32-3.4.1.exe
c:\Documents and Settings\Mathieu\Bureau\BlackJack\setup.exe
c:\Documents and Settings\Mathieu\Bureau\chercher\LFiles.exe
c:\Documents and Settings\Mathieu\Local Settings\Temp\AutoRun.exe
c:\Documents and Settings\Mathieu\Local Settings\Temp\eauninstall.exe
c:\Documents and Settings\Mathieu\Local Settings\Temp\guninst.exe
c:\Documents and Settings\Mathieu\Local Settings\Temp\setup_wm.exe
c:\Documents and Settings\Mathieu\Local Settings\Temp\uninst.exe
c:\Documents and Settings\Mathieu\Local Settings\Temp\HPSU-IQE.O28\Ntwrk_Scry_update.exe
c:\Documents and Settings\Mathieu\Local Settings\Temp\HPSUOKVK.5BS\hprbehp.exe
c:\Documents and Settings\Mathieu\Local Settings\Temp\nsv2C2.tmp\PxCpyA64.exe
c:\Documents and Settings\Mathieu\Local Settings\Temp\nsv2C2.tmp\PxCpyI64.exe
c:\Documents and Settings\Mathieu\Local Settings\Temp\nsv2C2.tmp\pxhpinst.exe
c:\Documents and Settings\Mathieu\Local Settings\Temp\nsv2C2.tmp\PxInsA64.exe
c:\Documents and Settings\Mathieu\Local Settings\Temp\nsv2C2.tmp\PxInsI64.exe
c:\Documents and Settings\Mathieu\Local Settings\Temp\nsv2C2.tmp\pxsetup.exe
c:\Documents and Settings\Mathieu\Mes documents\Downloads\Shareaza_2.2.1.0.exe
c:\Documents and Settings\Mathieu\Mes documents\DVD lecteur\AVSDVDPlayer.exe
c:\Documents and Settings\Mathieu\Mes documents\DVD lecteur\PDVD_6_trial_9lang.exe
c:\Documents and Settings\Mathieu\Mes documents\Sophie\gopets05122101.exe
c:\Documents and Settings\Mathieu\Mes documents\Sophie\Misc\mah_jong_quest-setup.exe
c:\Documents and Settings\Mathieu\Mes documents\Sophie\PS\Photoshop_CS2_F_TryOut\instmsia.exe
c:\Documents and Settings\Mathieu\Mes documents\Sophie\PS\Photoshop_CS2_F_TryOut\instmsiw.exe
c:\Documents and Settings\Mathieu\Mes documents\Sophie\PS\Photoshop_CS2_F_TryOut\setup.exe
c:\Documents and Settings\Mathieu\Mes documents\Virtual dub\auxsetup.exe
c:\Documents and Settings\Mathieu\Mes documents\Virtual dub\vdub.exe
c:\Documents and Settings\Mathieu\Mes documents\Virtual dub\VirtualDub.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpEngine.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{A5EAA5B0-67C8-48A5-8D21-3BD8E37F58AD}\mpengine.dll
c:\Documents and Settings\Mathieu\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

Vérifications de quelques clefs
Recherche de clefs EGDACCESS

HKLM\SOFTWARE\Microsoft\Windows\explorer\SharedTaskScheduler


Merci encore pour votre aide.

Malekal_mo rte
Profil : IDNaute
Plus d'informations
n°108239
17-08-2006 à 19:15:38

Sur HijackThis, coche cettes lignes :
O4 - HKLM\..\Run: [13F.tmp] C:\DOCUME~1\Mathieu\LOCALS~1\Temp\13F.tmp.exe
O4 - HKLM\..\Run: [140.tmp] C:\DOCUME~1\Mathieu\LOCALS~1\Temp\140.tmp.exe
O4 - HKLM\..\Run: [13F.tmp.exe] C:\DOCUME~1\Mathieu\LOCALS~1\Temp\13F.tmp.exe
O4 - HKLM\..\Run: [140.tmp.exe] C:\DOCUME~1\Mathieu\LOCALS~1\Temp\140.tmp.exe
--> clic sur fix checked

- Télécharge et installe ewido
- Mets le à jour à partir du menu update en haut
- Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci


- Ouvre ewido et clic sur l'onglet [color=#3333FF]Settings[/color], pour [color=#3333FF]How to Act [/color]sélèctionne [color=#3333FF]Quarantine[/color].
Reviens a l'onglet [color=#3333FF]Scan[/color] cliques [color=#3333FF]Complete system Scan[/color].
Le scan démarre.
A la fin cliquer sur [color=#3333FF]Apply all actions[/color]
Puis sur [color=#3333FF]Save report [/color]et pour finir [color=#3333FF]Save report as[/color] enregistrer sur le Bureau.


Aide : N'hésite pas à consulter l'Aide ewido pour tout problème.


-- Redémarre en mode normal : Menu Démarrer / Arreter / Redémarre l'ordinateur
Attention : dans le cas où l'ordinateur redémarre en boucle en mode sans échec, faire la manipulation inverse en décochant l'option /SAFEBOOT à l'aide de msconfig : voir à nouveau cette page : cliquez-ici

Copier/coller le rapport ewido

soca_09
Profil : IDNaute
Plus d'informations
n°109075
24-08-2006 à 11:02:27

Voilà (enfin) le rapport ewido:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:52:47 24/08/2006

+ Scan result:



C:\Documents and Settings\Mathieu\Local Settings\Temp\18024E.tmp -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{37D78ED6-C492-35F1-0216-5B831A80E0AE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{941FE88A-CD35-5376-37CD-662AEF0CD101} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A771213E-BCAA-47E6-BF98-36D9049B7ADF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B603722E-D99E-739D-1178-A7705AF0213C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C0C0E675-BCA8-D1EC-49B2-D7620FCDD5BE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E9657284-84CC-7851-8684-9908CD011A3C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1292428093-854245398-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:syzdhs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:xedfr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\NSREX.INI:btlkc -> Downloader.Agent.td : Cleaned with backup (quarantined).
C:\WINDOWS\control.ini:hzqoow -> Downloader.Agent.td : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@eztracks.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Local Settings\Temp\Cookies\mathieu@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Local Settings\Temp\Cookies\mathieu@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Local Settings\Temp\Cookies\mathieu@casinodelrio[1].txt -> TrackingCookie.Casinodelrio : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Local Settings\Temp\Cookies\mathieu@www.casinodelrio[2].txt -> TrackingCookie.Casinodelrio : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@banner.clubdicecasino[1].txt -> TrackingCookie.Clubdicecasino : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@clubdicecasino[2].txt -> TrackingCookie.Clubdicecasino : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@gibson.fr.35318.fb.dbbsrv[2].txt -> TrackingCookie.Dbbsrv : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@ehg-globalgamingleague.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@ehg-wizardsofthecoast.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@ehg-yvesrocher.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Local Settings\Temp\Cookies\mathieu@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Local Settings\Temp\Cookies\mathieu@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@valueclick[3].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@vegasred[1].txt -> TrackingCookie.Vegasred : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@weborama[1].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Local Settings\Temp\Cookies\mathieu@weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Luc\Cookies\jean-luc@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathieu\Cookies\mathieu@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:kzriku -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\bootstat.dat:oyyjul -> Trojan.Agent.bi : Cleaned with backup (quarantined).


::Report end


Un pop up vient juste de réapparaitre...

Je refais un scan hijack this, au cas ou...

Logfile of HijackThis v1.99.1
Scan saved at 11:02:15, on 24/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mathieu\Bureau\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.guitarpart.fr/forum/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?9df473757e4cb883b51dd8d5de20ab
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?9df473757e4cb883b51dd8d5de20ab
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 3071835578
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.caramail.lycos.fr [...] loader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe


Merci pour votre aide.

Angeldark
Profil : Helper
Plus d'informations
n°109115
24-08-2006 à 19:33:35
Masquer