Mon pc a décidé de décéder ce soir.
Il y a 3 crois rouges, avec des "your computer is in Danger", "your computer is infected" en bas à droite de l'écran.
Des fenêtres Internet s'ouvrent toutes seules. Des programmes anti-spyware (BraveSentry 2.0 entre autres) se sont installés tout seuls. Impossible d'aller sur Msn.
Il est archi-lent. . C'est vraiment la misère, et je peux pas le formater car j'ai pas le CD Windows.
Je suis à deux doigts de le débrancher et de le jeter par la fenêtre.
On m'a conseillé de faire un log Hijack This et de démander votre aide. Voici donc mon log. Accrochez vous bien:
Logfile of HijackThis v1.99.1
Scan saved at 22:02:08, on 05/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\inet20026\winlogon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\sndman.exe
C:\WINDOWS\System32\MMTray.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ipwins\ipwins.exe
C:\defender25.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\timed.exe
C:\WINDOWS\System32\kernels8.exe
C:\WINDOWS\System32\cae78f99.exe
C:\WINDOWS\System32\spoolsvv.exe
C:\WINDOWS\System32\spoolsvv.exe
C:\WINDOWS\System32\dxvwvfrm.exe
C:\WINDOWS\System32\jsssvc.exe
C:\WINDOWS\inet20026\socks.exe
C:\Program Files\ceys.exe
C:\WINDOWS\System32\6a780955.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\YSTEM3~1\taskmgr.exe
C:\DOCUME~1\ADMINI~1\MESDOC~1\WNSXS~1\WNSPOO~1.EXE
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Windows\xpupdate.exe
C:\Program Files\BraveSentry\BraveSentry.exe
C:\winstall.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\GreatMemo\GreatMemo.exe
C:\Program Files\TribalWeb.net\tribalweb.exe
C:\Program Files\Weather\Weather.exe
C:\WINDOWS\c2Zy\command.exe
C:\WINDOWS\System32\services.exe
C:\Program Files\Lexmark 2200 Series\lfdxf13n.exe
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\explorer.exe
C:\WINDOWS\timed.exe
C:\WINDOWS\System32\dlh9jkdq2.exe
C:\WINDOWS\System32\vxgamet4.exe
C:\WINDOWS\System32\vxgame4.exe
C:\WINDOWS\System32\vxgame6.exe
C:\WINDOWS\System32\0mcamcap.exe
C:\WINDOWS\System32\TheMatrixHasYou.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
c:\cwfcpf.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dxvwgjmz.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msn.exe
c:\Program Files\ceys.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\dxvwhpxn.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dxvwnfwg.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
C:\WINDOWS\system32\cmd.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00020.exe"
F3 - REG:win.ini: run=C:\WINDOWS\inet20026\winlogon.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20026\3.03.00.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [SoundMan] C:\WINDOWS\sndman.exe -i
O4 - HKLM\..\Run: [SoundMan] C:\WINDOWS\sndman.exe -i
O4 - HKLM\..\Run: [OliCPIN] C:\WINDOWS\OliCPin.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\wmplayer\wmplayer.exe /auto
O4 - HKLM\..\Run: [] p2pnetworking.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe
O4 - HKLM\..\Run: [newname] C:\\newname25.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [w00a0ccd.dll] RUNDLL32.EXE w00a0ccd.dll,I2 000af70d000a0ccd
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [defender] C:\\defender25.exe
O4 - HKLM\..\Run: [MediaCtr] C:\WINDOWS\mediacon.exe -i
O4 - HKLM\..\Run: [w0025b18.dll] RUNDLL32.EXE w0025b18.dll,I2 000af70d00025b18
O4 - HKLM\..\Run: [ImMsn] C:\WINDOWS\timed.exe /i
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [cae78f99.exe] C:\WINDOWS\System32\cae78f99.exe
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20026\winlogon.exe
O4 - HKLM\..\Run: [DCOM Server] C:\WINDOWS\System32\dxvwnfwg.exe
O4 - HKLM\..\Run: [jssvc23] jsssvc.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\inet20026\socks.exe
O4 - HKLM\..\Run: [SysTray] c:\Program Files\ceys.exe
O4 - HKLM\..\Run: [6a780955.exe] C:\WINDOWS\System32\6a780955.exe
O4 - HKLM\..\Run: [Windows hSox Server] C:\WINDOWS\System32\hSox.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKLM\..\RunServices: [jssvc23] jsssvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [mkwq] C:\PROGRA~1\FICHIE~1\mkwq\mkwqm.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [Thao] "C:\PROGRA~1\YSTEM3~1\taskmgr.exe" -vt yazr
O4 - HKCU\..\Run: [Tzmvzx] C:\DOCUME~1\ADMINI~1\MESDOC~1\WNSXS~1\WNSPOO~1.EXE
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE" -turbo
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [cae78f99.exe] C:\Documents and Settings\Administrateur\Local Settings\Application Data\cae78f99.exe
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: GreatMemo.lnk = C:\Program Files\GreatMemo\GreatMemo.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: Weather.lnk = C:\Program Files\Weather\Weather.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) -
https://www.canalplus.com/canalplay/
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Monordinateur
O17 - HKLM\Software\..\Telephony: DomainName = Monordinateur
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Monordinateur
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Monordinateur
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\svchost.dll C:\WINDOWS\System32\mshta.dll
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\en0sl1d71.dll
O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\System32\lmnnfhhf.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\explorer.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\c2Zy\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Merci de votre aide. Que faire?
Afficher la suite
