mon rapport hijack Résolu

Question

Bonjour ,j'ai quelques soucis concernant les prog qui demarrent seul notamment msnplus.exe,et iexplorer.exe, je joint donc mon hijack log et si kk'un pouvait me dire comment bloquer ça?merci d'avanceRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcIp.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcLog.exeC:\WINDOWS\System32
vsvc32.exeC:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcAppFlt.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\System32
vraidservice.exeC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\WINDOWS\System32\RUNDLL32.EXEC:\Program Files\Java\jre1.5.0\bin\jusched.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
TrayFw.exeC:\Program Files\Messenger Plus! 3\MsgPlus.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exeC:\Program Files\Logitech\SetPoint\kem.exeC:\PROGRAM FILES\LOGITECH\SETPOINT\KHALMNPR.EXEC:\WINDOWS\System32\wbem\unsecapp.exeC:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXEC:\Program Files\Logitech\SetPoint\MediaPlayerMgr.exec:\progra~1\intern~1\iexplore.exeC:\Program Files\Overnet\overnet.exeC:\Program Files\Yahoo!\Messenger\Y!Multi-Gold.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings
ero5\Bureau\HijackThis.exe--------------------------------------------------Listing of startup folders:Shell folders Common Startup:[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]BTTray.lnk = ?Logitech SetPoint.lnk = ?Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXESpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe--------------------------------------------------Checking Windows NT UserInit:[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]UserInit = C:\WINDOWS\system32\userinit.exe,--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunSoundMan = SOUNDMAN.EXENVRaidService = C:\WINDOWS\System32
vraidservice.exeNvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupnwiz = nwiz.exe /installLogitech Hardware Abstraction Layer = KHALMNPR.EXESpeedTouch USB Diagnostics = "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /iconWebCam Go Plus Sti Service Application = WcgopsvcMicrosofts MediaScope = winmedplay.exeNetwork Host Service = msmna32.execcApp = "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitMicrosoft Works Update Detection = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exeSunJavaUpdateSched = C:\Program Files\Java\jre1.5.0\bin\jusched.exenTrayFw = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
TrayFw.exeMsn Updater = msnplus.exeMessengerPlus3 = "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"Enc Love Show Sixth = C:\Documents and Settings\All Users\Application Data\ViewOozeEncLove\OWNSBIRD.exeOutpost Firewall = C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceMsn Updater = msnplus.exe--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesMicrosofts MediaScope = winmedplay.exeNetwork Host Service = msmna32.exeMsn Updater = msnplus.exe--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunCTFMON.EXE = C:\WINDOWS\System32\ctfmon.exeSteam = Msn Plug = msnplus.exeMsn Updater = msnplus.exeGreat bird = C:\DOCUME~1
ero5\APPLIC~1\BIBACE~1\curb test tick.exe--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceMsn Updater = msnplus.exe--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesstart uploading = smsss.exe--------------------------------------------------Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:Shell=*INI section not found*SCRNSAVE.EXE=*INI section not found*drivers=*INI section not found*Shell & screensaver key from Registry:Shell=Explorer.exeSCRNSAVE.EXE=*Registry value not found*drivers=*Registry value not found*Policies Shell key:HKCU\..\Policies: Shell=*Registry value not found*HKLM\..\Policies: Shell=*Registry value not found*--------------------------------------------------Enumerating Browser Helper Objects:(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(no name) - C:\DOCUME~1
ero5\APPLIC~1\MAILME~1\SOAP MAPI.exe - {D5A4DD21-2761-B4FD-487A-AB5D9A11E8AD}--------------------------------------------------Enumerating Download Program Files:[Shockwave Flash Object]InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash.ocxCODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab--------------------------------------------------Enumerating Winsock LSP files:Protocol #1: C:\WINDOWS\system32
vappfilter.dllProtocol #2: C:\WINDOWS\system32
vappfilter.dllProtocol #3: C:\WINDOWS\system32
vappfilter.dllProtocol #4: C:\WINDOWS\system32
vappfilter.dllProtocol #5: C:\WINDOWS\system32
vappfilter.dllProtocol #6: C:\WINDOWS\system32
vappfilter.dllProtocol #7: C:\WINDOWS\system32
vappfilter.dllProtocol #8: C:\WINDOWS\system32
vappfilter.dllProtocol #9: C:\WINDOWS\system32
vappfilter.dllProtocol #10: C:\WINDOWS\system32
vappfilter.dllProtocol #11: C:\WINDOWS\system32
vappfilter.dllProtocol #12: C:\WINDOWS\system32
vappfilter.dllProtocol #13: C:\WINDOWS\system32
vappfilter.dllProtocol #14: C:\WINDOWS\system32
vappfilter.dllProtocol #15: C:\WINDOWS\system32
vappfilter.dllProtocol #16: C:\WINDOWS\system32
vappfilter.dllProtocol #17: C:\WINDOWS\system32
vappfilter.dllProtocol #18: C:\WINDOWS\system32
vappfilter.dllProtocol #19: C:\WINDOWS\system32
vappfilter.dllProtocol #39: C:\WINDOWS\system32
vappfilter.dll--------------------------------------------------Enumerating Windows NT logon/logoff scripts:*No scripts set to run*Windows NT checkdisk command:BootExecute = autocheck autochk *Windows NT 'Wininit.ini':PendingFileRenameOperations: C:\DOCUME~1
ero5\LOCALS~1\Temp\WZSE1.TMP\QREMOVE.COM||C:\DOCUME~1
ero5\LOCALS~1\Temp\WZSE1.TMP--------------------------------------------------Enumerating ShellServiceObjectDelayLoad items:PostBootReminder: C:\WINDOWS\system32\SHELL32.dllCDBurn: C:\WINDOWS\system32\SHELL32.dllWebCheck: C:\WINDOWS\System32\webcheck.dllSysTray: C:\WINDOWS\System32\stobject.dll

bernie61 · Answer

salut
applique LSPFIX
http://www.cexx.org/lspfix.htm
et nettoie ton ordi en installant +màj +scan avec ces log
anti adware de lavasoft là gratuit
http://www.lavasoftusa.com/support/download/
Et SpySwepper là :
http://www.webroot.com/products/spysweeper/ free 1mois puis payant
http://www.pctools.com/spyware-doctor/ scan en ligne+download gratuit 15j puis payant pour update
et surtout celui là Spybot S&D là: (free) version 1.4beta2
http://www.softpedia.com/progDownload/SpyBot--Search--Destroy--beta-Download-1865.html

refais un HijackThis après pour contrôle
a+

Teddy-Bear · Answer

hello bernieTiens des fois que tu ne le connaisse pas : un site a visiter pour plein de bonnes idées :http://lists.gpick.com/

balltrap34 · Answer

salutattention avec lspfixTu le lances. Tu coches "I know what I'm doing" Tu fais passer dans "remove" tout ce qui a trait à nvappfilter.dll Et surtout rien d'autre! Tu cliques "finish".

nero5 · Answer

4ai reussi a supprmier pas mal de chose avec hijack notamment msnplus etIEXPLOREMais pkoi dois je corriger tout ce qui a attrait au nvappfilter.dll ???

balltrap34 · Answer

retu as fait se que je t ai mis au n°3

nero5 · Answer

oui oui je l'ai  fais j'avais une seule ligne

balltrap34 · Answer

ou en sont tes probleme
Hijackthis http://pageperso.aol.fr/balltrap34/page%20virus.htm

telecharge le et met le dans son propre dossier ex/c :hj

clik sur do a systeme scan et save a logfile
et copier coller le rapport
-----------------

nero5 · Answer

apparement c'est bon 0% d'occupation deu processeur au demarrage .Je te remercie..C'est sympa

balltrap34 · Answer

content pour toia++

Mon rapport hijack

9 réponses

Votre réponse

Discussions similaires

Newsletters