Sujet Précédent Sujet Suivant

W32

Loïc -  
 pinto -
Bonjour

Depui le reformatage de mon pc mon antivirus (mc affee) menvoi plusieurs messages de virus mais je ne parvien po a les suprimer ou alor il revienne. jai utiliser Hijack pour vous montrer la liste de virus regardez:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\System32\csdata32.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\systerm.exe
C:\WINDOWS\System32\MSmng32.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\temp\salm.exe
C:\WINDOWS\System32\msa.exe
C:\WINDOWS\msyhcemx.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\System32\SahAgent.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Windows ServeAd\WinServAd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Pinto\Application Data\heac.exe
C:\Program Files\Windows ServeAd\WinServSuit.exe
C:\WINDOWS\System32\l?gonui.exe
C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\WINDOWS\System32\actwp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pinto\Bureau\HijackThis19802.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\systemdir.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=1000399
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=1000399
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1000399
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&ar=runonce&pver={SUB_PVER}&plcid={SUB_CLSID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System32 TCP Manager] systerm.exe
O4 - HKLM\..\Run: [Microsoft MNG32 Service] MSmng32.exe
O4 - HKLM\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Windows Media Player] msa.exe
O4 - HKLM\..\Run: [bC1NCK] C:\WINDOWS\msyhcemx.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [kalvsys] c:\windows\system32\kalvvpz32.exe
O4 - HKLM\..\Run: [mnsf] C:\WINDOWS\mnsf.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\actwp.exe
O4 - HKLM\..\RunServices: [System32 TCP Manager] systerm.exe
O4 - HKLM\..\RunServices: [Microsoft MNG32 Service] MSmng32.exe
O4 - HKLM\..\RunServices: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunServices: [Windows Media Player] msa.exe
O4 - HKLM\..\RunOnce: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Servicio Local] svhost.exe
O4 - HKCU\..\Run: [System32 TCP Manager] systerm.exe
O4 - HKCU\..\Run: [Tate] C:\Documents and Settings\Pinto\Application Data\heac.exe
O4 - HKCU\..\Run: [Szxeadh] C:\WINDOWS\System32\l?gonui.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\Run: [Windows Media Player] msa.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: v3cab - http://searchmiracle.com/cab/5.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=d20fa8d5f4264b86bbb8e647a63708b6c99b4579b01e03cf6596be4b6ccd5f834c226e187f514a57146a2f401658b6ded26faaa420e61eff2d0f04872c2d4e34f5:95ec69cd9832ce7118a329d3cca17b9b
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=4424
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

voila.En plus dan mon disqe du g pl1 de fichier inconu que dois je faire.

Merci bocou de me repondre !!!

@++

18 réponses

Réponse 1 / 18
Utilisateur anonyme
 
Salut
http://www.hijackthis.de/logfiles/90803abc3eff1e8d337402ff975a14c4.html 

Thin is the line between Love and Hate.......
0
Réponse 2 / 18
Loic
 
Je ne compren po je doi suprimer manuellemen les méchants et les autres je les laisses???
0
Réponse 3 / 18
Utilisateur anonyme
 
tu termines les processus en rouge et tu en supprimes les fichiers manuellement(corbeille que tu videras) puis tu relances Hijack et tu fixes les entrees rouges ,et les jaunes suspectes........ 

Thin is the line between Love and Hate.......
0
Réponse 4 / 18
Pinto
 
qan je suprime manuellemen les fichier windows me met impossible de le suprimer !!!!! qe dois je faire et es grave?????repondez silvou plai
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
Utilisateur anonyme
 
REfais la manip en mode sans echec(presser F8 des le demarrage du pc)
tu termines les processus en rouge et tu en supprimes les fichiers manuellement(corbeille que tu videras) puis tu relances Hijack et tu fixes les entrees rouges ,et les jaunes suspectes........ 

Thin is the line between Love and Hate.......
0
Réponse 6 / 18
pinto
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\System32\csdata32.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\systerm.exe
C:\WINDOWS\System32\MSmng32.exe
C:\WINDOWS\msyhcemx.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Windows ServeAd\WinServAd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Pinto\Application Data\heac.exe
C:\WINDOWS\System32\l?gonui.exe
C:\Program Files\Windows ServeAd\WinServSuit.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\msa.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Documents and Settings\Pinto\Bureau\HijackThis19802.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\systemdir.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=1000399
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=1000399
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1000399
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System32 TCP Manager] systerm.exe
O4 - HKLM\..\Run: [Microsoft MNG32 Service] MSmng32.exe
O4 - HKLM\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Windows Media Player] msa.exe
O4 - HKLM\..\Run: [bC1NCK] C:\WINDOWS\msyhcemx.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [kalvsys] c:\windows\system32\kalvvpz32.exe
O4 - HKLM\..\Run: [mnsf] C:\WINDOWS\mnsf.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\actwp.exe
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\urnqql.exe
O4 - HKLM\..\RunServices: [System32 TCP Manager] systerm.exe
O4 - HKLM\..\RunServices: [Microsoft MNG32 Service] MSmng32.exe
O4 - HKLM\..\RunServices: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunServices: [Windows Media Player] msa.exe
O4 - HKLM\..\RunOnce: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Servicio Local] svhost.exe
O4 - HKCU\..\Run: [System32 TCP Manager] systerm.exe
O4 - HKCU\..\Run: [Tate] C:\Documents and Settings\Pinto\Application Data\heac.exe
O4 - HKCU\..\Run: [Szxeadh] C:\WINDOWS\System32\l?gonui.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\Run: [Windows Media Player] msa.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: v3cab - http://searchmiracle.com/cab/5.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=d20fa8d5f4264b86bbb8e647a63708b6c99b4579b01e03cf6596be4b6ccd5f834c226e187f514a57146a2f401658b6ded26faaa420e61eff2d0f04872c2d4e34f5:95ec69cd9832ce7118a329d3cca17b9b
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=4424
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

g relancer hijack et voila ce qi ma mi !!!je fs koi m1tenan svp
0
Réponse 7 / 18
pinto
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\systerm.exe
C:\WINDOWS\System32\MSmng32.exe
C:\WINDOWS\System32\msa.exe
C:\WINDOWS\msyhcemx.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\mnsf.exe
C:\Program Files\Windows ServeAd\WinServAd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Windows ServeAd\WinServSuit.exe
C:\Documents and Settings\Pinto\Application Data\heac.exe
C:\WINDOWS\System32\l?gonui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Pinto\LOCALS~1\Temp\xlnGZp.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Documents and Settings\Pinto\Bureau\HijackThis19802.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=1000399
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=1000399
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1000399
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System32 TCP Manager] systerm.exe
O4 - HKLM\..\Run: [Microsoft MNG32 Service] MSmng32.exe
O4 - HKLM\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Windows Media Player] msa.exe
O4 - HKLM\..\Run: [bC1NCK] C:\WINDOWS\msyhcemx.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [kalvsys] c:\windows\system32\kalvvpz32.exe
O4 - HKLM\..\Run: [mnsf] C:\WINDOWS\mnsf.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\actwp.exe
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\urnqql.exe
O4 - HKLM\..\RunServices: [System32 TCP Manager] systerm.exe
O4 - HKLM\..\RunServices: [Microsoft MNG32 Service] MSmng32.exe
O4 - HKLM\..\RunServices: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunServices: [Windows Media Player] msa.exe
O4 - HKLM\..\RunOnce: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Servicio Local] svhost.exe
O4 - HKCU\..\Run: [System32 TCP Manager] systerm.exe
O4 - HKCU\..\Run: [Tate] C:\Documents and Settings\Pinto\Application Data\heac.exe
O4 - HKCU\..\Run: [Szxeadh] C:\WINDOWS\System32\l?gonui.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\Run: [Windows Media Player] msa.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: v3cab - http://searchmiracle.com/cab/5.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=d20fa8d5f4264b86bbb8e647a63708b6c99b4579b01e03cf6596be4b6ccd5f834c226e187f514a57146a2f401658b6ded26faaa420e61eff2d0f04872c2d4e34f5:95ec69cd9832ce7118a329d3cca17b9b
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=4424
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

g re relancer hijack et voila ce qi ma mi!! qe doije faire??et ceux qi sont inconu jen fs koi svp!!!!
0
Réponse 8 / 18
Utilisateur anonyme
 
Ok !mets juste un peu de bonne volonté

redemarres en mode sans echec comme expliqué plus haut
ensuite relances Hijack puis COCHES toutes ces lignes et FIXES les ..............

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=1000399
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=1000399
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1000399
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O4 - HKLM\..\Run: [System32 TCP Manager] systerm.exe
O4 - HKLM\..\Run: [Microsoft MNG32 Service] MSmng32.exe
O4 - HKLM\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Windows Media Player] msa.exe
O4 - HKLM\..\Run: [bC1NCK] C:\WINDOWS\msyhcemx.exe
O4 - HKLM\..\Run: [kalvsys] c:\windows\system32\kalvvpz32.exe
O4 - HKLM\..\Run: [mnsf] C:\WINDOWS\mnsf.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\actwp.exe
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\urnqql.exe
O4 - HKLM\..\RunServices: [System32 TCP Manager] systerm.exe
O4 - HKLM\..\RunServices: [Microsoft MNG32 Service] MSmng32.exe
O4 - HKLM\..\RunServices: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunServices: [Windows Media Player] msa.exe
O4 - HKLM\..\RunOnce: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\Run: [Servicio Local] svhost.exe
O4 - HKCU\..\Run: [System32 TCP Manager] systerm.exe
O4 - HKCU\..\Run: [Tate] C:\Documents and Settings\Pinto\Application Data\heac.exe
O4 - HKCU\..\Run: [Szxeadh] C:\WINDOWS\System32\l?gonui.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\Run: [Windows Media Player] msa.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROProj.dll
O16 - DPF: v3cab - http://searchmiracle.com/cab/5.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=d20fa8d5f4264b86bbb8e647a6370 8b6c99b4579b01e03cf6596be4b6ccd5f834c226e187f514a57146a2f401658b6ded26faaa420e61 eff2d0f04872c2d4e34f5:95ec69cd9832ce7118a329d3cca17b9b
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=4424 

Thin is the line between Love and Hate.......
0
Réponse 9 / 18
Utilisateur anonyme
 
....j'oublais

trouver et supprimer ce fichier C:\Program Files\ISTsvc\istsvc.exe 

Thin is the line between Love and Hate.......
0
Réponse 10 / 18
pinto
 
voila
g tou fs
m1tenan qan je lance hijack i me di qe jen es plu
et m1tenan i ne von plu revenir a ton avi
es ce qe c t grave ca aurai pu niker mon pc??? repondez svp!!!
0
Réponse 11 / 18
Utilisateur anonyme
 
mets le nouveau rapport pour voir...... 

Thin is the line between Love and Hate.......
0
Réponse 12 / 18
pinto
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pinto\Bureau\Accesoires\HijackThis19802.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/

voila!!!alor???
0
Réponse 13 / 18
pinto
 
alor ta recu le nouvo plan??? ca done koi???
et m1tenan i ne von plu revenir a ton avi
es ce qe c t grave ca aurai pu niker mon pc??? repondez svp!!!
et c koi le logiciel de telechargement le plus rapide du monde?????rep svp
0
Réponse 14 / 18
Utilisateur anonyme
 
tu n'as pas supprimer le fichier que je t'ai indiqué post 9
http://www.hijackthis.de/index.php........ 

Thin is the line between Love and Hate.......
0
Réponse 15 / 18
Utilisateur anonyme
 
Voir ici il est tjrs actif
terminer le processus et le supprimer
http://www.hijackthis.de/logfiles/906a21f2a5eaa791c0d4fb8a2cfb877f.html 
Thin is the line between Love and Hate.......
0
Réponse 16 / 18
pinto
 
nn il es plu actif ya tt marqer bon c fini????
0
Réponse 17 / 18
Utilisateur anonyme
 
desolé je m'emele les pinceaux .....c'est bon tout est OK...... 

Thin is the line between Love and Hate.......
0
Réponse 18 / 18
pinto
 
et m1tenan i ne von plu revenir a ton avi
es ce qe c t grave ca aurai pu niker mon pc??? repondez svp!!!
et c koi le logiciel de telechargement le plus rapide du monde?????rep svp
0

Discussions similaires

W32 L32: correspondance entre taille US et taille française
efg -
sibel -

6 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses
Supprimer un virus type Win32:Malware:Gen
m4tt1337 -
Fish66 -

4 réponses
WIN32:MALWARE-GEN
danielmar -
bazfile -

1 réponse