Aide
Fermé
pmlo
-
Utilisateur anonyme -
Utilisateur anonyme -
le 17 01 2005, bien le bonjour à tous le monde de Pmlo,demande de coup de main à distance,si quelqu'un peut me donner des petits conseils ça serait bien sympa,voici la liste noire:
Logfile of HijackThis v1.99.0
Scan saved at 16:22:19, on 17/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\crsss.exe
D:\eMule\emule.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\franck\Bureau\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MSWINHELP] wuadmpr.exe
O4 - HKLM\..\Run: [yvsqnn] C:\WINDOWS\System32\fhrpypjhtlm.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NDIS Adapter] servenxp.exe
O4 - HKLM\..\Run: [EXPLORE] exme.exe
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [Sygate Personals Firewalls] cssrnn.exe
O4 - HKLM\..\Run: [RSPC Driver D] xfeyp.exe
O4 - HKLM\..\Run: [Active shield] C:\Documents and Settings\franck\Bureau\ActiveShield.exe
O4 - HKLM\..\Run: [start extracting] spoolvse.exe
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [MSWINHELP] wuadmpr.exe
O4 - HKLM\..\RunServices: [Sygate Personals Firewalls] cssrnn.exe
O4 - HKLM\..\RunServices: [NDIS Adapter] servenxp.exe
O4 - HKLM\..\RunServices: [EXPLORE] exme.exe
O4 - HKLM\..\RunServices: [start extracting] spoolvse.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSWINHELP] wuadmpr.exe
O4 - HKCU\..\Run: [NDIS Adapter] servenxp.exe
O4 - HKCU\..\Run: [Machine Update Soft] wusas.exe
O4 - HKCU\..\Run: [Sygate Personals Firewalls] cssrnn.exe
O4 - HKCU\..\Run: [start extracting] spoolvse.exe
O4 - HKCU\..\Run: [Windows media service] crsss.exe
O4 - HKCU\..\RunServices: [start extracting] spoolvse.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4B24CDC-20E3-4420-B5CD-7FB36A04558E}: NameServer = 80.118.196.40 80.118.192.110
O21 - SSODL: mtklefa - {C8627717-CDAF-4A86-28AF-37A92EE3687E} - (no file)
O21 - SSODL: mtklefap - {19929FFB-7286-43B0-49A5-D88CBC3C2266} - (no file)
O23 - Service: AVP Control Centre Service - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: KAV Monitor Service - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NDIS Adapter - Unknown - C:\WINDOWS\System32\servenxp.exe (file missing)
O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv. exe
bon courage.
Logfile of HijackThis v1.99.0
Scan saved at 16:22:19, on 17/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\crsss.exe
D:\eMule\emule.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\franck\Bureau\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MSWINHELP] wuadmpr.exe
O4 - HKLM\..\Run: [yvsqnn] C:\WINDOWS\System32\fhrpypjhtlm.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NDIS Adapter] servenxp.exe
O4 - HKLM\..\Run: [EXPLORE] exme.exe
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [Sygate Personals Firewalls] cssrnn.exe
O4 - HKLM\..\Run: [RSPC Driver D] xfeyp.exe
O4 - HKLM\..\Run: [Active shield] C:\Documents and Settings\franck\Bureau\ActiveShield.exe
O4 - HKLM\..\Run: [start extracting] spoolvse.exe
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [MSWINHELP] wuadmpr.exe
O4 - HKLM\..\RunServices: [Sygate Personals Firewalls] cssrnn.exe
O4 - HKLM\..\RunServices: [NDIS Adapter] servenxp.exe
O4 - HKLM\..\RunServices: [EXPLORE] exme.exe
O4 - HKLM\..\RunServices: [start extracting] spoolvse.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSWINHELP] wuadmpr.exe
O4 - HKCU\..\Run: [NDIS Adapter] servenxp.exe
O4 - HKCU\..\Run: [Machine Update Soft] wusas.exe
O4 - HKCU\..\Run: [Sygate Personals Firewalls] cssrnn.exe
O4 - HKCU\..\Run: [start extracting] spoolvse.exe
O4 - HKCU\..\Run: [Windows media service] crsss.exe
O4 - HKCU\..\RunServices: [start extracting] spoolvse.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4B24CDC-20E3-4420-B5CD-7FB36A04558E}: NameServer = 80.118.196.40 80.118.192.110
O21 - SSODL: mtklefa - {C8627717-CDAF-4A86-28AF-37A92EE3687E} - (no file)
O21 - SSODL: mtklefap - {19929FFB-7286-43B0-49A5-D88CBC3C2266} - (no file)
O23 - Service: AVP Control Centre Service - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: KAV Monitor Service - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NDIS Adapter - Unknown - C:\WINDOWS\System32\servenxp.exe (file missing)
O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv. exe
bon courage.
2 réponses
Salut.
Quel est ton problème exactement ???
-=O(_BmV_)O=- L'amour comme épée,
|| || l'humour comme bouclier.
Quel est ton problème exactement ???
-=O(_BmV_)O=- L'amour comme épée,
|| || l'humour comme bouclier.
Salut
terminer ce processus et supprimer l'exe
C:\WINDOWS\System32\crsss.exe
cocher et fixer ces lignes
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKCU\..\Run: [Windows media service] crsss.exe
O23 - Service: NDIS Adapter - Unknown - C:\WINDOWS\System32\servenxp.exe (file missing)
O21 - SSODL: mtklefa - {C8627717-CDAF-4A86-28AF-37A92EE3687E} - (no file)
O21 - SSODL: mtklefap - {19929FFB-7286-43B0-49A5-D88CBC3C2266} - (no file)
celles ci sont suspectes(fixer avec precaution)
O4 - HKLM\..\Run: [MSWINHELP] wuadmpr.exe
O4 - HKLM\..\Run: [yvsqnn] C:\WINDOWS\System32\fhrpypjhtlm.exe
O4 - HKLM\..\Run: [EXPLORE] exme.exe
O4 - HKLM\..\Run: [RSPC Driver D] xfeyp.exe
O4 - HKLM\..\Run: [start extracting] spoolvse.exe
O4 - HKLM\..\RunServices: [MSWINHELP] wuadmpr.exe
O4 - HKLM\..\RunServices: [EXPLORE] exme.exe
O4 - HKLM\..\RunServices: [start extracting] spoolvse.exe
O4 - HKCU\..\Run: [Machine Update Soft] wusas.exe
O4 - HKCU\..\Run: [start extracting] spoolvse.exe
O4 - HKCU\..\RunServices: [start extracting] spoolvse.exe
terminer ce processus et supprimer l'exe
C:\WINDOWS\System32\crsss.exe
cocher et fixer ces lignes
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKCU\..\Run: [Windows media service] crsss.exe
O23 - Service: NDIS Adapter - Unknown - C:\WINDOWS\System32\servenxp.exe (file missing)
O21 - SSODL: mtklefa - {C8627717-CDAF-4A86-28AF-37A92EE3687E} - (no file)
O21 - SSODL: mtklefap - {19929FFB-7286-43B0-49A5-D88CBC3C2266} - (no file)
celles ci sont suspectes(fixer avec precaution)
O4 - HKLM\..\Run: [MSWINHELP] wuadmpr.exe
O4 - HKLM\..\Run: [yvsqnn] C:\WINDOWS\System32\fhrpypjhtlm.exe
O4 - HKLM\..\Run: [EXPLORE] exme.exe
O4 - HKLM\..\Run: [RSPC Driver D] xfeyp.exe
O4 - HKLM\..\Run: [start extracting] spoolvse.exe
O4 - HKLM\..\RunServices: [MSWINHELP] wuadmpr.exe
O4 - HKLM\..\RunServices: [EXPLORE] exme.exe
O4 - HKLM\..\RunServices: [start extracting] spoolvse.exe
O4 - HKCU\..\Run: [Machine Update Soft] wusas.exe
O4 - HKCU\..\Run: [start extracting] spoolvse.exe
O4 - HKCU\..\RunServices: [start extracting] spoolvse.exe
There's a thin line between Love and Hate....
