Virus trojan

sage herve -  
Teddy-Bear Messages postés 759 Statut Membre -
bonsoir. suite a de gros problemes avec les virus j'ai fait une analyse avec un logiciel decouvert grace a votre forum(hijackthis).de ce fait j'ai edite un rapport ci-joint, et j'aurai besoin de votre participation pour resoudre mes problemes.dans l'attente merci.
Logfile of HijackThis v1.99.1
Scan saved at 22:01:12, on 28/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\sysrf32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\systime.exe
C:\WINDOWS\system32\syshw32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\systime.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Propriétaire\Local Settings\Temp\Répertoire temporaire 2 pour hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\catyv.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\catyv.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\catyv.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\catyv.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\catyv.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\catyv.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D0116D4A-FE0B-91BA-B055-4FBFEE58BD6D} - C:\WINDOWS\system32\sysge32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [crypthost] C:\WINDOWS\System32\expolerdata.exe
O4 - HKLM\..\Run: [spool32cryptx] C:\WINDOWS\System32\dirdiag.exe %srun%
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [syshw32.exe] C:\WINDOWS\system32\syshw32.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [host32service] C:\WINDOWS\System32\expolerdata.exe
O4 - HKCU\..\Run: [discsmss32x] C:\WINDOWS\System32\dirdiag.exe %srun%
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1031.dll,InstantAccess
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.157.152.82/AxisCamControl.ocx
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/cab/14/fr/SysWebTelecomInt.cab
O16 - DPF: {FF521631-31DA-48AC-B4E9-390A7694C906} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1031_FR_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79F2F6DA-AD69-4E4D-86CD-EE11446D89AA}: NameServer = 80.10.246.1 80.10.246.132
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Workstation NetLogon Service ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\sysrf32.exe

3 réponses

  1. Teddy-Bear Messages postés 759 Statut Membre 91
     
    Bonsoir,

    Mais !!! quels sont tes problemes ....nous aimons comprendre !!!!!

    Commence par dawnloader le logiciel suivant: adwarealways

    http://www.adwareaway.com/

    Tu fais un scan complet, et tu eradique la TOTALITE de ce qu'il t'as detecté comme probleme

    ensuite tu re post un log Hijackthis

    Et n'oublie pas d'expliquer ton probleme nous ne sommes pas devin ....lol
    0
    1. herve sage
       
      Tout d'abord bonsoir et merci beaucoup pour ta collaboration.suite a tes conseils, ci-joint mon nouveau log.dans l'attente merci pour la suite.herve.
      Logfile of HijackThis v1.99.1
      Scan saved at 22:29:42, on 28/02/2005
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\sysrf32.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\windows\system\hpsysdrv.exe
      C:\HP\KBD\KBD.EXE
      C:\Program Files\Microsoft Works\WksSb.exe
      C:\WINDOWS\System32\pctspk.exe
      C:\WINDOWS\System32\GSICON.EXE
      C:\WINDOWS\System32\dslagent.exe
      C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
      C:\Program Files\Microsoft IntelliPoint\point32.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\System32\systime.exe
      C:\WINDOWS\system32\syshw32.exe
      C:\WINDOWS\System32\RUNDLL32.EXE
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\WINDOWS\System32\rundll32.exe
      C:\WINDOWS\System32\systime.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
      C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
      C:\WINDOWS\System32\msiexec.exe
      C:\Documents and Settings\Propriétaire\Local Settings\Temp\Répertoire temporaire 3 pour hijackthis[1].zip\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\catyv.dll/sp.html#28129
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\catyv.dll/sp.html#28129
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\catyv.dll/sp.html#28129
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\catyv.dll/sp.html#28129
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\catyv.dll/sp.html#28129
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\catyv.dll/sp.html#28129
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - Default URLSearchHook is missing
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: (no name) - {D0116D4A-FE0B-91BA-B055-4FBFEE58BD6D} - C:\WINDOWS\system32\sysge32.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
      O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
      O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
      O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
      O4 - HKLM\..\Run: [crypthost] C:\WINDOWS\System32\expolerdata.exe
      O4 - HKLM\..\Run: [spool32cryptx] C:\WINDOWS\System32\dirdiag.exe %srun%
      O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
      O4 - HKLM\..\Run: [syshw32.exe] C:\WINDOWS\system32\syshw32.exe
      O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
      O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [host32service] C:\WINDOWS\System32\expolerdata.exe
      O4 - HKCU\..\Run: [discsmss32x] C:\WINDOWS\System32\dirdiag.exe %srun%
      O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1031.dll,InstantAccess
      O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
      O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
      O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O15 - Trusted Zone: *.05p.com
      O15 - Trusted Zone: *.awmdabest.com
      O15 - Trusted Zone: *.blazefind.com
      O15 - Trusted Zone: *.clickspring.net
      O15 - Trusted Zone: *.flingstone.com
      O15 - Trusted Zone: *.frame.crazywinnings.com
      O15 - Trusted Zone: *.iframedollars.biz
      O15 - Trusted Zone: *.mt-download.com
      O15 - Trusted Zone: *.my-internet.info
      O15 - Trusted Zone: *.scoobidoo.com
      O15 - Trusted Zone: *.searchbarcash.com
      O15 - Trusted Zone: *.searchmiracle.com
      O15 - Trusted Zone: *.skoobidoo.com
      O15 - Trusted Zone: *.slotch.com
      O15 - Trusted Zone: *.slotchbar.com
      O15 - Trusted Zone: *.static.topconverting.com
      O15 - Trusted Zone: *.windupdates.com
      O15 - Trusted Zone: *.xxxtoolbar.com
      O15 - Trusted Zone: *.ysbweb.com
      O15 - Trusted Zone: *.05p.com (HKLM)
      O15 - Trusted Zone: *.awmdabest.com (HKLM)
      O15 - Trusted Zone: *.blazefind.com (HKLM)
      O15 - Trusted Zone: *.clickspring.net (HKLM)
      O15 - Trusted Zone: *.flingstone.com (HKLM)
      O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
      O15 - Trusted Zone: *.iframedollars.biz (HKLM)
      O15 - Trusted Zone: *.mt-download.com (HKLM)
      O15 - Trusted Zone: *.my-internet.info (HKLM)
      O15 - Trusted Zone: *.scoobidoo.com (HKLM)
      O15 - Trusted Zone: *.searchbarcash.com (HKLM)
      O15 - Trusted Zone: *.searchmiracle.com (HKLM)
      O15 - Trusted Zone: *.skoobidoo.com (HKLM)
      O15 - Trusted Zone: *.slotch.com (HKLM)
      O15 - Trusted Zone: *.slotchbar.com (HKLM)
      O15 - Trusted Zone: *.static.topconverting.com (HKLM)
      O15 - Trusted Zone: *.windupdates.com (HKLM)
      O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
      O15 - Trusted Zone: *.ysbweb.com (HKLM)
      O15 - Trusted IP range: 206.161.125.149
      O15 - Trusted IP range: 206.161.124.130 (HKLM)
      O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.157.152.82/AxisCamControl.ocx
      O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/cab/14/fr/SysWebTelecomInt.cab
      O16 - DPF: {FF521631-31DA-48AC-B4E9-390A7694C906} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1031_FR_XP.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{79F2F6DA-AD69-4E4D-86CD-EE11446D89AA}: NameServer = 80.10.246.1 80.10.246.132
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Workstation NetLogon Service ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\sysrf32.exe
      0
  2. Teddy-Bear Messages postés 759 Statut Membre 91
     
    Re,

    es tu sur de ne pas avoir seulement fait le scan avecAdwareaways ?
    tu as bien fait ensuite l'ellimination des problemes ?
    0
    1. herve sage
       
      quand le logiciel a fait le scan et identifie les fichiers je fais quelle manip?MERCI
      0
      1. Teddy-Bear Messages postés 759 Statut Membre 91 > herve sage
         
        Bonjour

        Mode d'emploi:

        Executer adwareAway

        Cliquer sur "Remove HIJACKERS"
        Cliquer sur "Scan all"

        .... a la fin du scan .......

        Cliquer sur "Remove



        Repeter l'operation pour :

        "Remove Adware"
        "Remove Spyware"
        "Remove Trojan et Worm"
        "

        0
  3. Teddy-Bear Messages postés 759 Statut Membre 91
     
    Re,

    Commence par appliquer la procedure suivante:

    Verifie que "Windows" (windowsupdate) et "Internet Explorer" soit a jour

    Telecharge les logiciels suivants

    CWshredder
    http://telechargement.journaldunet.com/fiche/5348/2/cwshredder/

    AboutBuster
    http://www.malwarebytes.biz/index.php?page=downloads

    Ad-Aware :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html

    Le patch en Français pour Ad-Aware :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html

    Spybot :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html

    Ensuite :
    1.tu mets à jour ces programmes (fonction mise a jour ou "update") + Mise a jour de la base signature de ton Antivirus
    2.afficher les dossiers cachés et protégés du système

    "Demarrer"
    "Poste de travail"
    "outil"
    "options des dossiers"
    "affichage"
    "Afficher les fichiers et dossiers caches"

    3.nettoyage de disque : poste de travail/clique droit sur ton disque dur/propriétés/choisir nettoyage de disque
    4.DESACTIVER ta restauration systeme : clique droit sur poste de travail/Propriété/onglet restauration systeme/cocher " desactiver la rest.systeme".
    5.redémarrer en mode sans échec

    "effectuer les scans et nettoyages avec les 4 logiciels (Adaware,Spybot,Cwshredder, Aboutbuster)"
    "effectuer un scan avec ton antivirus resident"

    6.revenir en mode normal
    7.reactiver la rest.systeme
    8. nous tenir au courant :0)

    Si le probleme persiste: (SEULEMENT APRES AVOIR EFFECTUE LA PROCEDURE COMPLETEMENT)

    Telecharge:

    Hijackthis

    http://www.hijackthis.de/downloads/hijackthis_199.zip

    Executer Hijackthis (Do a system scan only)

    Effectuer une sauvegarde du log (Save log)

    Copier collé du log que tu post dans ton prochain message accompagnés des commentaires concernant la reussite ou echec
    des autres logiciels
    0