Click me
charlotte13
Messages postés
10
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
J'ai chopé Click met d'autre virus!
Je n'arrive pas à m'en débarrasser.
Pouvez-vous m'aider?????
Voici mon log sur Hijackthis.
Logfile of HijackThis v1.99.1
Scan saved at 08:40:44, on 05/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Atiptaxx.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\GENIUS~1\mouseElf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\msnmsgrsc.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\temp\salm.exe
C:\WINDOWS\cehlk.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\System32\ap9h4qmo.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\wpnmxs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wdiwave.exe
C:\Documents and Settings\xpassemard\Application Data\aaeo.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\j?vaw.exe
c:\windows\system32\palsp.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\deqq\palsp.exe
C:\Program Files\HijackThis.exe
C:\program files\internet explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-pc-asia.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.133.25.208:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.suez;<local>
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [P] C:\documents and settings\xpassemard\local settings\temp\P.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitecup32.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [qIJdMWDo] C:\WINDOWS\cehlk.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [bcdupwn] C:\WINDOWS\bcdupwn.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\france.exe -N
O4 - HKLM\..\Run: [Boarddata] c:\windows\system32\repcale.exe c:\windows\system32\palsp.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [uF9U33W] wpnmxs.exe
O4 - HKLM\..\Run: [looodkfk] c:\windows\system32\deqq\repcale.exe c:\windows\system32\deqq\palsp.exe
O4 - HKLM\..\RunServices: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [foq8RTaml] wdiwave.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Bcsb] C:\Documents and Settings\xpassemard\Application Data\aaeo.exe
O4 - HKCU\..\Run: [Ahsn] C:\WINDOWS\System32\j?vaw.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-pc-asia.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/website.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=3655
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A997538-4E44-4B08-A82E-A43DF725C47F}: NameServer = 10.133.25.9,10.133.24.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{945157C4-F887-4668-B28A-B89194E63572}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = free.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = free.fr
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe
J'ai chopé Click met d'autre virus!
Je n'arrive pas à m'en débarrasser.
Pouvez-vous m'aider?????
Voici mon log sur Hijackthis.
Logfile of HijackThis v1.99.1
Scan saved at 08:40:44, on 05/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Atiptaxx.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\GENIUS~1\mouseElf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\msnmsgrsc.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\temp\salm.exe
C:\WINDOWS\cehlk.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\System32\ap9h4qmo.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\wpnmxs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wdiwave.exe
C:\Documents and Settings\xpassemard\Application Data\aaeo.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\j?vaw.exe
c:\windows\system32\palsp.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\deqq\palsp.exe
C:\Program Files\HijackThis.exe
C:\program files\internet explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-pc-asia.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.133.25.208:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.suez;<local>
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [P] C:\documents and settings\xpassemard\local settings\temp\P.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitecup32.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [qIJdMWDo] C:\WINDOWS\cehlk.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [bcdupwn] C:\WINDOWS\bcdupwn.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\france.exe -N
O4 - HKLM\..\Run: [Boarddata] c:\windows\system32\repcale.exe c:\windows\system32\palsp.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [uF9U33W] wpnmxs.exe
O4 - HKLM\..\Run: [looodkfk] c:\windows\system32\deqq\repcale.exe c:\windows\system32\deqq\palsp.exe
O4 - HKLM\..\RunServices: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [foq8RTaml] wdiwave.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Bcsb] C:\Documents and Settings\xpassemard\Application Data\aaeo.exe
O4 - HKCU\..\Run: [Ahsn] C:\WINDOWS\System32\j?vaw.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-pc-asia.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/website.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=3655
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A997538-4E44-4B08-A82E-A43DF725C47F}: NameServer = 10.133.25.9,10.133.24.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{945157C4-F887-4668-B28A-B89194E63572}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = free.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = free.fr
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe
A voir également:
- Click me
- Click&clean - Télécharger - Nettoyage
- By click downloader avis ✓ - Forum Virus
- Msi click bios 5 bloqué - Forum BIOS
- Click-n-type - Télécharger - Vie quotidienne
- Msi click bios 5 au démarrage ✓ - Forum BIOS
15 réponses
vas voir la mais fais attention à ce qu'il te dis certains trucs peuvent ne pas etre nuisible:
http://www.hijackthis.de/fr
sinon vois ça aussi:
http://aplusvirus.free.fr/
http://www.hijackthis.de/fr
sinon vois ça aussi:
http://aplusvirus.free.fr/
Bonjour, une veritable infection !!!!!!!!!!!!!!!!!
Méthode a suivre dans l'ordre...
---------------------------------------------------------------------------------------
¤Télécharge ces 3 logiciels mais que tu n utilises pas tout de suite:
1/Ad-Aware :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html
Le patch en Français pour Ad-Aware :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
2/Spybot :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
3/Clean Up 312:
http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
-----------------------------------------
¤Démarre en mode sans echec :
Pour cela, tu tapote la touche F8 des le debut de l allumage du pc sans t arreter
Une fenetre va souvrir tu te deplaces avec les fleches du clavier sur demarrer en mode sans echec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c est normal !
(Si F8 ne marche pas utilise la touche F5)
----------------------------------------------------------
¤Désactive ta restauration systeme:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer !
---------------------------------
¤Vide tes fichiers temps et tempory internet file:
utilise ceci pour le faire (tu as telecharger avant)
3/http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
--------------------------------------------
¤Relance Hijack This, coche les cases devant ces lignes et ensuite clik sur fix:
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitecup32.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [qIJdMWDo] C:\WINDOWS\cehlk.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [bcdupwn] C:\WINDOWS\bcdupwn.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\france.exe -N
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\RunServices: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [foq8RTaml] wdiwave.exe
O4 - HKCU\..\Run: [Ahsn] C:\WINDOWS\System32\j?vaw.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/website.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=3655
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe
------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers
C:\WINDOWS\System32\msnmsgrsc.exe
C:\temp\salm.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\cehlk.exe
C:\Program Files\Internet Optimizer<le dossier
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\System32\ap9h4qmo.exe
C:\windows\system32\elitecup32.exe
C:\WINDOWS\System32\france.exe -N
C:\Program Files\AutoUpdate\AutoUpdate.exe"
---------------------------------
Passe adaware et vire tous se qu il trouve
----------------------------------
Passe spybot et vire tous se qu il trouve
-----------------------------------
Tu vide ta poubelle et tu redemarre en mode normal et refait un Hijack
---------------------------------
¤Reactive ta restauration systeme:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu décoche la case désactiver la restauration et applique
----------------------------
lance un scan chez RAV :
http://www.ravantivirus.com/scan/
Clique sur "To continue without subscribing click here" et attends quelques minutes.
Lorsque "Ready" est affiché dans "status", coche la case "Autoclean" puis clique sur "Scan my PC"
A la fin de l'analyse, copie/colle le rapport ici
----------
Tu caches tes fichiers cachés:
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Décocher afficher les dossiers cacher
Coche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Cocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
-----------------------------------------------
Precise tes soucis si il en restes....recolle moi un log hijack this pour finir le boulot !!!!
Tiens moi au courant
a+
Méthode a suivre dans l'ordre...
---------------------------------------------------------------------------------------
¤Télécharge ces 3 logiciels mais que tu n utilises pas tout de suite:
1/Ad-Aware :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html
Le patch en Français pour Ad-Aware :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
2/Spybot :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
3/Clean Up 312:
http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
-----------------------------------------
¤Démarre en mode sans echec :
Pour cela, tu tapote la touche F8 des le debut de l allumage du pc sans t arreter
Une fenetre va souvrir tu te deplaces avec les fleches du clavier sur demarrer en mode sans echec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c est normal !
(Si F8 ne marche pas utilise la touche F5)
----------------------------------------------------------
¤Désactive ta restauration systeme:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer !
---------------------------------
¤Vide tes fichiers temps et tempory internet file:
utilise ceci pour le faire (tu as telecharger avant)
3/http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
--------------------------------------------
¤Relance Hijack This, coche les cases devant ces lignes et ensuite clik sur fix:
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitecup32.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [qIJdMWDo] C:\WINDOWS\cehlk.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [bcdupwn] C:\WINDOWS\bcdupwn.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\france.exe -N
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\RunServices: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [foq8RTaml] wdiwave.exe
O4 - HKCU\..\Run: [Ahsn] C:\WINDOWS\System32\j?vaw.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/website.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=3655
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe
------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers
C:\WINDOWS\System32\msnmsgrsc.exe
C:\temp\salm.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\cehlk.exe
C:\Program Files\Internet Optimizer<le dossier
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\System32\ap9h4qmo.exe
C:\windows\system32\elitecup32.exe
C:\WINDOWS\System32\france.exe -N
C:\Program Files\AutoUpdate\AutoUpdate.exe"
---------------------------------
Passe adaware et vire tous se qu il trouve
----------------------------------
Passe spybot et vire tous se qu il trouve
-----------------------------------
Tu vide ta poubelle et tu redemarre en mode normal et refait un Hijack
---------------------------------
¤Reactive ta restauration systeme:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu décoche la case désactiver la restauration et applique
----------------------------
lance un scan chez RAV :
http://www.ravantivirus.com/scan/
Clique sur "To continue without subscribing click here" et attends quelques minutes.
Lorsque "Ready" est affiché dans "status", coche la case "Autoclean" puis clique sur "Scan my PC"
A la fin de l'analyse, copie/colle le rapport ici
----------
Tu caches tes fichiers cachés:
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Décocher afficher les dossiers cacher
Coche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Cocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
-----------------------------------------------
Precise tes soucis si il en restes....recolle moi un log hijack this pour finir le boulot !!!!
Tiens moi au courant
a+
re,
au fait fujitsu.asia ca te dit quelque chose? ou tu es embete aussi par ca?
tu as du boulot tu sais, je sais pas comment tu as choper tout ca mais tu es celle qui a ete le +infecte que j ai jamais vu lol
tu as la palme d or lol
a bientot !
au fait fujitsu.asia ca te dit quelque chose? ou tu es embete aussi par ca?
tu as du boulot tu sais, je sais pas comment tu as choper tout ca mais tu es celle qui a ete le +infecte que j ai jamais vu lol
tu as la palme d or lol
a bientot !
Merci de ton aide.
J'ai essayé de tout faire.
MAIS Pb: impossible de telecharger Spybot et Clean Up 312 (mes parametre sde securité ne le permettent pas..).
De meme, impossible de scanner avec Ravantivirus (ils ont changé leur accueil et les possibilites de telechargement).
Voici mon dernier Log.
Merci de ton temps!!!
Logfile of HijackThis v1.99.1
Scan saved at 16:22:32, on 05/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\Atiptaxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\GENIUS~1\mouseElf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wpnmxs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\xpassemard\Application Data\aaeo.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\windows\system32\palsp.exe
c:\windows\system32\deqq\palsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-pc-asia.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.133.25.208:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.suez;<local>
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [P] C:\documents and settings\xpassemard\local settings\temp\P.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Boarddata] c:\windows\system32\repcale.exe c:\windows\system32\palsp.exe
O4 - HKLM\..\Run: [uF9U33W] wpnmxs.exe
O4 - HKLM\..\Run: [looodkfk] c:\windows\system32\deqq\repcale.exe c:\windows\system32\deqq\palsp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Bcsb] C:\Documents and Settings\xpassemard\Application Data\aaeo.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-pc-asia.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A997538-4E44-4B08-A82E-A43DF725C47F}: NameServer = 10.133.25.9,10.133.24.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{945157C4-F887-4668-B28A-B89194E63572}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = free.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = free.fr
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
J'ai essayé de tout faire.
MAIS Pb: impossible de telecharger Spybot et Clean Up 312 (mes parametre sde securité ne le permettent pas..).
De meme, impossible de scanner avec Ravantivirus (ils ont changé leur accueil et les possibilites de telechargement).
Voici mon dernier Log.
Merci de ton temps!!!
Logfile of HijackThis v1.99.1
Scan saved at 16:22:32, on 05/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\Atiptaxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\GENIUS~1\mouseElf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wpnmxs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\xpassemard\Application Data\aaeo.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\windows\system32\palsp.exe
c:\windows\system32\deqq\palsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-pc-asia.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.133.25.208:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.suez;<local>
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [P] C:\documents and settings\xpassemard\local settings\temp\P.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Boarddata] c:\windows\system32\repcale.exe c:\windows\system32\palsp.exe
O4 - HKLM\..\Run: [uF9U33W] wpnmxs.exe
O4 - HKLM\..\Run: [looodkfk] c:\windows\system32\deqq\repcale.exe c:\windows\system32\deqq\palsp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Bcsb] C:\Documents and Settings\xpassemard\Application Data\aaeo.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-pc-asia.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A997538-4E44-4B08-A82E-A43DF725C47F}: NameServer = 10.133.25.9,10.133.24.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{945157C4-F887-4668-B28A-B89194E63572}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = free.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = free.fr
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
salut
panneau de configuration/option internet
onglet securite / personnaliser le niveaux et dans le menu deroulant met tes paramettre sur moyen
essai de telecharger les logiciels+RAV
clik me a bien disparu?
a+
panneau de configuration/option internet
onglet securite / personnaliser le niveaux et dans le menu deroulant met tes paramettre sur moyen
essai de telecharger les logiciels+RAV
clik me a bien disparu?
a+
re,
il y en a encore pas mal a virer, dis moi auparavant, ceci:
Fujitsu est present plusieurs fois, tu le reconnais?
a+
il y en a encore pas mal a virer, dis moi auparavant, ceci:
Fujitsu est present plusieurs fois, tu le reconnais?
a+
Merci. J'ai tout chargé.
Fujitsu, c'est la marque de mon portable!!!
Voici les log:
Hijack
Logfile of HijackThis v1.99.1
Scan saved at 17:31:12, on 05/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\Atiptaxx.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\GENIUS~1\mouseElf.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\wpnmxs.exe
c:\windows\system32\palsp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\xpassemard\Application Data\aaeo.exe
c:\windows\system32\deqq\palsp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://results.dashbar.com/search?c=27440&b=17862&t=0&ce=DI&m=MA==&ver=2.1.0.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-pc-asia.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.133.25.208:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.suez;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [P] C:\documents and settings\xpassemard\local settings\temp\P.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Boarddata] c:\windows\system32\repcale.exe c:\windows\system32\palsp.exe
O4 - HKLM\..\Run: [uF9U33W] wpnmxs.exe
O4 - HKLM\..\Run: [looodkfk] c:\windows\system32\deqq\repcale.exe c:\windows\system32\deqq\palsp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Bcsb] C:\Documents and Settings\xpassemard\Application Data\aaeo.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-pc-asia.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A997538-4E44-4B08-A82E-A43DF725C47F}: NameServer = 10.133.25.9,10.133.24.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{945157C4-F887-4668-B28A-B89194E63572}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = free.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = free.fr
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
RAvantivirus
Scan started at 05/21/2005 18:10:19
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\WINDOWS\cxtpls_loader.exe - TrojanDownloader:Win32/Apropo.S (exact) -> Infected
C:\WINDOWS\installer_SIAC.exe - TrojanDownloader:Win32/Adload.E -> Infected
C:\WINDOWS\system32\gto.exe - Trojan:Win32/Lowzones.AV -> Infected
C:\WINDOWS\system32\eliteacy32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitecar32.exe - Trojan:Win32/StartPage.NK -> Infected
C:\WINDOWS\system32\eliteosm32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitevxy32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitetgx32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitekyr32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\WINDOWS\system32\elitebgl32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\WINDOWS\system32\zema - Trojan:IRC/Sayma.A* -> Infected
C:\WINDOWS\system32\elitefaa32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitemlm32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitedrb32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\deqq\hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\WINDOWS\system32\deqq\repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\WINDOWS\system32\deqq\zema - Trojan:IRC/Sayma.A* -> Infected
C:\Documents and Settings\xpassemard\gto.exe - Trojan:Win32/Lowzones.AV -> Infected
C:\Documents and Settings\xpassemard\funnnc.exe->(CABSfx)->hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\Documents and Settings\xpassemard\funnnc.exe->(CABSfx)->repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\Documents and Settings\xpassemard\funnnc.exe->(CABSfx)->zema - Trojan:IRC/Sayma.A* -> Infected
C:\Documents and Settings\xpassemard\Call.exe->(CABSfx)->hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\Documents and Settings\xpassemard\Call.exe->(CABSfx)->repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\Documents and Settings\xpassemard\Call.exe->(CABSfx)->zema - Trojan:IRC/Sayma.A* -> Infected
Scanned
============================
Objects: 34901
Directories: 2067
Archives: 12295
Size(Kb): -360882
Infected files: 26
Found
============================
Viruses found: 8
Suspicious files: 0
Disinfected files: 0
Mail files: 33
Scan started at 05/21/2005 18:10:19
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\WINDOWS\cxtpls_loader.exe - TrojanDownloader:Win32/Apropo.S (exact) -> Infected
C:\WINDOWS\installer_SIAC.exe - TrojanDownloader:Win32/Adload.E -> Infected
C:\WINDOWS\system32\gto.exe - Trojan:Win32/Lowzones.AV -> Infected
C:\WINDOWS\system32\eliteacy32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitecar32.exe - Trojan:Win32/StartPage.NK -> Infected
C:\WINDOWS\system32\eliteosm32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitevxy32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitetgx32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitekyr32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\WINDOWS\system32\elitebgl32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\WINDOWS\system32\zema - Trojan:IRC/Sayma.A* -> Infected
C:\WINDOWS\system32\elitefaa32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitemlm32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitedrb32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\deqq\hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\WINDOWS\system32\deqq\repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\WINDOWS\system32\deqq\zema - Trojan:IRC/Sayma.A* -> Infected
C:\Documents and Settings\xpassemard\gto.exe - Trojan:Win32/Lowzones.AV -> Infected
C:\Documents and Settings\xpassemard\funnnc.exe->(CABSfx)->hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\Documents and Settings\xpassemard\funnnc.exe->(CABSfx)->repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\Documents and Settings\xpassemard\funnnc.exe->(CABSfx)->zema - Trojan:IRC/Sayma.A* -> Infected
C:\Documents and Settings\xpassemard\Call.exe->(CABSfx)->hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\Documents and Settings\xpassemard\Call.exe->(CABSfx)->repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\Documents and Settings\xpassemard\Call.exe->(CABSfx)->zema - Trojan:IRC/Sayma.A* -> Infected
Scanned
============================
Objects: 34901
Directories: 2067
Archives: 12295
Size(Kb): -360882
Infected files: 26
Found
============================
Viruses found: 8
Suspicious files: 0
Disinfected files: 0
Mail files: 33
Fujitsu, c'est la marque de mon portable!!!
Voici les log:
Hijack
Logfile of HijackThis v1.99.1
Scan saved at 17:31:12, on 05/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\Atiptaxx.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\GENIUS~1\mouseElf.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\wpnmxs.exe
c:\windows\system32\palsp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\xpassemard\Application Data\aaeo.exe
c:\windows\system32\deqq\palsp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://results.dashbar.com/search?c=27440&b=17862&t=0&ce=DI&m=MA==&ver=2.1.0.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-pc-asia.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.133.25.208:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.suez;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [P] C:\documents and settings\xpassemard\local settings\temp\P.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Boarddata] c:\windows\system32\repcale.exe c:\windows\system32\palsp.exe
O4 - HKLM\..\Run: [uF9U33W] wpnmxs.exe
O4 - HKLM\..\Run: [looodkfk] c:\windows\system32\deqq\repcale.exe c:\windows\system32\deqq\palsp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Bcsb] C:\Documents and Settings\xpassemard\Application Data\aaeo.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-pc-asia.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A997538-4E44-4B08-A82E-A43DF725C47F}: NameServer = 10.133.25.9,10.133.24.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{945157C4-F887-4668-B28A-B89194E63572}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = free.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = free.fr
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
RAvantivirus
Scan started at 05/21/2005 18:10:19
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\WINDOWS\cxtpls_loader.exe - TrojanDownloader:Win32/Apropo.S (exact) -> Infected
C:\WINDOWS\installer_SIAC.exe - TrojanDownloader:Win32/Adload.E -> Infected
C:\WINDOWS\system32\gto.exe - Trojan:Win32/Lowzones.AV -> Infected
C:\WINDOWS\system32\eliteacy32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitecar32.exe - Trojan:Win32/StartPage.NK -> Infected
C:\WINDOWS\system32\eliteosm32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitevxy32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitetgx32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitekyr32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\WINDOWS\system32\elitebgl32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\WINDOWS\system32\zema - Trojan:IRC/Sayma.A* -> Infected
C:\WINDOWS\system32\elitefaa32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitemlm32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitedrb32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\deqq\hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\WINDOWS\system32\deqq\repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\WINDOWS\system32\deqq\zema - Trojan:IRC/Sayma.A* -> Infected
C:\Documents and Settings\xpassemard\gto.exe - Trojan:Win32/Lowzones.AV -> Infected
C:\Documents and Settings\xpassemard\funnnc.exe->(CABSfx)->hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\Documents and Settings\xpassemard\funnnc.exe->(CABSfx)->repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\Documents and Settings\xpassemard\funnnc.exe->(CABSfx)->zema - Trojan:IRC/Sayma.A* -> Infected
C:\Documents and Settings\xpassemard\Call.exe->(CABSfx)->hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\Documents and Settings\xpassemard\Call.exe->(CABSfx)->repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\Documents and Settings\xpassemard\Call.exe->(CABSfx)->zema - Trojan:IRC/Sayma.A* -> Infected
Scanned
============================
Objects: 34901
Directories: 2067
Archives: 12295
Size(Kb): -360882
Infected files: 26
Found
============================
Viruses found: 8
Suspicious files: 0
Disinfected files: 0
Mail files: 33
Scan started at 05/21/2005 18:10:19
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\WINDOWS\cxtpls_loader.exe - TrojanDownloader:Win32/Apropo.S (exact) -> Infected
C:\WINDOWS\installer_SIAC.exe - TrojanDownloader:Win32/Adload.E -> Infected
C:\WINDOWS\system32\gto.exe - Trojan:Win32/Lowzones.AV -> Infected
C:\WINDOWS\system32\eliteacy32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitecar32.exe - Trojan:Win32/StartPage.NK -> Infected
C:\WINDOWS\system32\eliteosm32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitevxy32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitetgx32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitekyr32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\WINDOWS\system32\elitebgl32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\WINDOWS\system32\zema - Trojan:IRC/Sayma.A* -> Infected
C:\WINDOWS\system32\elitefaa32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitemlm32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\elitedrb32.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\WINDOWS\system32\deqq\hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\WINDOWS\system32\deqq\repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\WINDOWS\system32\deqq\zema - Trojan:IRC/Sayma.A* -> Infected
C:\Documents and Settings\xpassemard\gto.exe - Trojan:Win32/Lowzones.AV -> Infected
C:\Documents and Settings\xpassemard\funnnc.exe->(CABSfx)->hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\Documents and Settings\xpassemard\funnnc.exe->(CABSfx)->repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\Documents and Settings\xpassemard\funnnc.exe->(CABSfx)->zema - Trojan:IRC/Sayma.A* -> Infected
C:\Documents and Settings\xpassemard\Call.exe->(CABSfx)->hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\Documents and Settings\xpassemard\Call.exe->(CABSfx)->repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\Documents and Settings\xpassemard\Call.exe->(CABSfx)->zema - Trojan:IRC/Sayma.A* -> Infected
Scanned
============================
Objects: 34901
Directories: 2067
Archives: 12295
Size(Kb): -360882
Infected files: 26
Found
============================
Viruses found: 8
Suspicious files: 0
Disinfected files: 0
Mail files: 33
salut, on va commencer par ravantivirus, tu es pas infecter comme tu as pu le voir !
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer !
supprime ce qui est en gras:
C:\WINDOWS\cxtpls_loader.exe
C:\WINDOWS\installer_SIAC.exe
C:\WINDOWS\system32\gto.exe
C:\WINDOWS\system32\eliteacy32.exe
C:\WINDOWS\system32\elitecar32.exe
C:\WINDOWS\system32\eliteosm32.exe
C:\WINDOWS\system32\elitevxy32.exe
C:\WINDOWS\system32\elitetgx32.exe
C:\WINDOWS\system32\elitekyr32.exe
C:\WINDOWS\system32\hosts
C:\WINDOWS\system32\elitebgl32.exe
C:\WINDOWS\system32\repcale.exe
C:\WINDOWS\system32\zema
C:\WINDOWS\system32\elitefaa32.exe
C:\WINDOWS\system32\elitemlm32.exe
C:\WINDOWS\system32\elitedrb32.exe
C:\WINDOWS\system32\deqq\hosts
C:\WINDOWS\system32\deqq\repcale.exe
C:\WINDOWS\system32\deqq\zema
C:\Documents and Settings\xpassemard\gto.exe -
C:\Documents andSettings\xpassemard\funnnc.exe
C:\Documents and Settings\xpassemard\Call.exe
puis refais un scan chez rav et colle le resultat
a+
PS: spybot et ad aware ont trouvé quelque chose?
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer !
supprime ce qui est en gras:
C:\WINDOWS\cxtpls_loader.exe
C:\WINDOWS\installer_SIAC.exe
C:\WINDOWS\system32\gto.exe
C:\WINDOWS\system32\eliteacy32.exe
C:\WINDOWS\system32\elitecar32.exe
C:\WINDOWS\system32\eliteosm32.exe
C:\WINDOWS\system32\elitevxy32.exe
C:\WINDOWS\system32\elitetgx32.exe
C:\WINDOWS\system32\elitekyr32.exe
C:\WINDOWS\system32\hosts
C:\WINDOWS\system32\elitebgl32.exe
C:\WINDOWS\system32\repcale.exe
C:\WINDOWS\system32\zema
C:\WINDOWS\system32\elitefaa32.exe
C:\WINDOWS\system32\elitemlm32.exe
C:\WINDOWS\system32\elitedrb32.exe
C:\WINDOWS\system32\deqq\hosts
C:\WINDOWS\system32\deqq\repcale.exe
C:\WINDOWS\system32\deqq\zema
C:\Documents and Settings\xpassemard\gto.exe -
C:\Documents andSettings\xpassemard\funnnc.exe
C:\Documents and Settings\xpassemard\Call.exe
puis refais un scan chez rav et colle le resultat
a+
PS: spybot et ad aware ont trouvé quelque chose?
Ok pour les suppressions.
Ad aware ne donne plus rien.
Pour Spybot :
/DSO Exploit: Data source object exploit (Modification du registre, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modification du registre, fixed)
HKEY_USERS\S-1-5-21-3020190987-645757453-568730901-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modification du registre, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modification du registre, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modification du registre, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\Cookies.sbi
2004-05-12 Includes\Dialer.sbi
2004-05-12 Includes\Hijackers.sbi
2004-05-12 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-12 Includes\Malware.sbi
2004-05-12 Includes\Revision.sbi
2004-05-12 Includes\Security.sbi
2004-05-12 Includes\Spybots.sbi
2004-05-12 Includes\Tracks.uti
2004-05-12 Includes\Trojans.sbi
Et voici le log de RAV.
Scan started at 05/21/2005 19:33:50
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000026.exe - TrojanDownloader:Win32/Apropo.S (exact) -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000027.exe - TrojanDownloader:Win32/Adload.E -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000028.exe - Trojan:Win32/Lowzones.AV -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000029.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000030.exe - Trojan:Win32/StartPage.NK -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000031.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000032.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000033.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000034.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000035.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000036.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000037.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000038.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000039.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000040.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000041.exe - Trojan:Win32/Lowzones.AV -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000042.exe->(CABSfx)->hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000042.exe->(CABSfx)->repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000042.exe->(CABSfx)->zema - Trojan:IRC/Sayma.A* -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000043.exe->(CABSfx)->hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000043.exe->(CABSfx)->repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000043.exe->(CABSfx)->zema - Trojan:IRC/Sayma.A* -> Infected
Scanned
============================
Objects: 35003
Directories: 2078
Archives: 12300
Size(Kb): -296452
Infected files: 22
Found
============================
Viruses found: 8
Suspicious files: 0
Disinfected files: 0
Mail files: 34
A+ MERCI
Ad aware ne donne plus rien.
Pour Spybot :
/DSO Exploit: Data source object exploit (Modification du registre, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modification du registre, fixed)
HKEY_USERS\S-1-5-21-3020190987-645757453-568730901-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modification du registre, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modification du registre, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modification du registre, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\Cookies.sbi
2004-05-12 Includes\Dialer.sbi
2004-05-12 Includes\Hijackers.sbi
2004-05-12 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-12 Includes\Malware.sbi
2004-05-12 Includes\Revision.sbi
2004-05-12 Includes\Security.sbi
2004-05-12 Includes\Spybots.sbi
2004-05-12 Includes\Tracks.uti
2004-05-12 Includes\Trojans.sbi
Et voici le log de RAV.
Scan started at 05/21/2005 19:33:50
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000026.exe - TrojanDownloader:Win32/Apropo.S (exact) -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000027.exe - TrojanDownloader:Win32/Adload.E -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000028.exe - Trojan:Win32/Lowzones.AV -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000029.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000030.exe - Trojan:Win32/StartPage.NK -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000031.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000032.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000033.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000034.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000035.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000036.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000037.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000038.exe - TrojanDropper:Win32/Small.EA -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000039.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000040.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000041.exe - Trojan:Win32/Lowzones.AV -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000042.exe->(CABSfx)->hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000042.exe->(CABSfx)->repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000042.exe->(CABSfx)->zema - Trojan:IRC/Sayma.A* -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000043.exe->(CABSfx)->hosts - Trojan:Win32/Qhosts.remnants* -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000043.exe->(CABSfx)->repcale.exe - VirTool:Win32/HiddenRun.B -> Infected
C:\System Volume Information\_restore{C4B6EFB0-DAB3-48BE-B350-2F1377748056}\RP1\A0000043.exe->(CABSfx)->zema - Trojan:IRC/Sayma.A* -> Infected
Scanned
============================
Objects: 35003
Directories: 2078
Archives: 12300
Size(Kb): -296452
Infected files: 22
Found
============================
Viruses found: 8
Suspicious files: 0
Disinfected files: 0
Mail files: 34
A+ MERCI
re,
¤Désactive ta restauration systeme:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
puis decoche la case !
Maintenant refais moi un hijack this stp
a+
¤Désactive ta restauration systeme:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
puis decoche la case !
Maintenant refais moi un hijack this stp
a+
Bonjour,
Voici le nouveau log.
A+
Logfile of HijackThis v1.99.1
Scan saved at 08:47:29, on 05/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Atiptaxx.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\GENIUS~1\mouseElf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\wpnmxs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-pc-asia.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.133.25.208:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.suez;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [P] C:\documents and settings\xpassemard\local settings\temp\P.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Boarddata] c:\windows\system32\repcale.exe c:\windows\system32\palsp.exe
O4 - HKLM\..\Run: [uF9U33W] wpnmxs.exe
O4 - HKLM\..\Run: [looodkfk] c:\windows\system32\deqq\repcale.exe c:\windows\system32\deqq\palsp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Bcsb] C:\Documents and Settings\xpassemard\Application Data\aaeo.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-pc-asia.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A997538-4E44-4B08-A82E-A43DF725C47F}: NameServer = 10.133.25.9,10.133.24.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{945157C4-F887-4668-B28A-B89194E63572}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = free.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = free.fr
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Voici le nouveau log.
A+
Logfile of HijackThis v1.99.1
Scan saved at 08:47:29, on 05/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Atiptaxx.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\GENIUS~1\mouseElf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\wpnmxs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-pc-asia.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.133.25.208:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.suez;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [P] C:\documents and settings\xpassemard\local settings\temp\P.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Boarddata] c:\windows\system32\repcale.exe c:\windows\system32\palsp.exe
O4 - HKLM\..\Run: [uF9U33W] wpnmxs.exe
O4 - HKLM\..\Run: [looodkfk] c:\windows\system32\deqq\repcale.exe c:\windows\system32\deqq\palsp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Bcsb] C:\Documents and Settings\xpassemard\Application Data\aaeo.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-pc-asia.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A997538-4E44-4B08-A82E-A43DF725C47F}: NameServer = 10.133.25.9,10.133.24.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{945157C4-F887-4668-B28A-B89194E63572}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = free.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = free.fr
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Bonjour,
Voici le nouveau log.
A+
Logfile of HijackThis v1.99.1
Scan saved at 08:47:29, on 05/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Atiptaxx.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\GENIUS~1\mouseElf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\wpnmxs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-pc-asia.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.133.25.208:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.suez;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [P] C:\documents and settings\xpassemard\local settings\temp\P.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Boarddata] c:\windows\system32\repcale.exe c:\windows\system32\palsp.exe
O4 - HKLM\..\Run: [uF9U33W] wpnmxs.exe
O4 - HKLM\..\Run: [looodkfk] c:\windows\system32\deqq\repcale.exe c:\windows\system32\deqq\palsp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Bcsb] C:\Documents and Settings\xpassemard\Application Data\aaeo.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-pc-asia.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A997538-4E44-4B08-A82E-A43DF725C47F}: NameServer = 10.133.25.9,10.133.24.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{945157C4-F887-4668-B28A-B89194E63572}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = free.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = free.fr
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Voici le nouveau log.
A+
Logfile of HijackThis v1.99.1
Scan saved at 08:47:29, on 05/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Atiptaxx.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\GENIUS~1\mouseElf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\wpnmxs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-pc-asia.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.133.25.208:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.suez;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [P] C:\documents and settings\xpassemard\local settings\temp\P.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Boarddata] c:\windows\system32\repcale.exe c:\windows\system32\palsp.exe
O4 - HKLM\..\Run: [uF9U33W] wpnmxs.exe
O4 - HKLM\..\Run: [looodkfk] c:\windows\system32\deqq\repcale.exe c:\windows\system32\deqq\palsp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Bcsb] C:\Documents and Settings\xpassemard\Application Data\aaeo.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-pc-asia.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A997538-4E44-4B08-A82E-A43DF725C47F}: NameServer = 10.133.25.9,10.133.24.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{945157C4-F887-4668-B28A-B89194E63572}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = free.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = free.fr
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Bonjour,
Méthode a suivre dans l'ordre...
---------------------------------------------------------------------------------------
¤Télécharge ces 3 logiciels mais que tu n utilises pas tout de suite:
1/Ad-Aware :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html
Le patch en Français pour Ad-Aware :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
2/Spybot :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
3/Clean Up 312:
http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
-----------------------------------------
¤Démarre en mode sans echec :
Pour cela, tu tapote la touche F8 des le debut de l allumage du pc sans t arreter
Une fenetre va souvrir tu te deplaces avec les fleches du clavier sur demarrer en mode sans echec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c est normal !
(Si F8 ne marche pas utilise la touche F5)
----------------------------------------------------------
¤Désactive ta restauration systeme:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer !
---------------------------------
¤Vide tes fichiers temps et tempory internet file:
utilise ceci pour le faire (tu as telecharger avant)
3/http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
--------------------------------------------
¤Relance Hijack This, coche les cases devant ces lignes et ensuite clik sur fix:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [uF9U33W] wpnmxs.exe
O4 - HKLM\..\Run: [Boarddata] c:\windows\system32\repcale.exe c:\windows\system32\palsp.exe
O4 - HKLM\..\Run: [looodkfk] c:\windows\system32\deqq\repcale.exe c:\windows\system32\deqq\palsp.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
fix aussi les fujitsu pc asia ci dessou si qd tu vas sur le site tu reconnais pas
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-pc-asia.com
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-pc-asia.com
------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers
C:\Program Files\QuickTime\qttask.exe
c:\windows\system32\palsp.exe <==le dossier
c:\windows\system32\deqq<==le dossier
---------------------------------
Passe adaware et vire tous se qu il trouve
----------------------------------
Passe spybot et vire tous se qu il trouve
-----------------------------------
Tu vide ta poubelle et tu redemarre en mode normal et refait un Hijack
---------------------------------
¤Reactive ta restauration systeme:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu décoche la case désactiver la restauration et applique
----------------------------
Tu caches tes fichiers cachés:
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Décocher afficher les dossiers cacher
Coche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Cocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
-----------------------------------------------
Precise tes soucis si il en restes....ton pc devrait mieux se comporter desormais
Tiens moi au courant et remet un dernier hijack this
a+
Méthode a suivre dans l'ordre...
---------------------------------------------------------------------------------------
¤Télécharge ces 3 logiciels mais que tu n utilises pas tout de suite:
1/Ad-Aware :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html
Le patch en Français pour Ad-Aware :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
2/Spybot :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
3/Clean Up 312:
http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
-----------------------------------------
¤Démarre en mode sans echec :
Pour cela, tu tapote la touche F8 des le debut de l allumage du pc sans t arreter
Une fenetre va souvrir tu te deplaces avec les fleches du clavier sur demarrer en mode sans echec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c est normal !
(Si F8 ne marche pas utilise la touche F5)
----------------------------------------------------------
¤Désactive ta restauration systeme:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer !
---------------------------------
¤Vide tes fichiers temps et tempory internet file:
utilise ceci pour le faire (tu as telecharger avant)
3/http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
--------------------------------------------
¤Relance Hijack This, coche les cases devant ces lignes et ensuite clik sur fix:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [uF9U33W] wpnmxs.exe
O4 - HKLM\..\Run: [Boarddata] c:\windows\system32\repcale.exe c:\windows\system32\palsp.exe
O4 - HKLM\..\Run: [looodkfk] c:\windows\system32\deqq\repcale.exe c:\windows\system32\deqq\palsp.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
fix aussi les fujitsu pc asia ci dessou si qd tu vas sur le site tu reconnais pas
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-pc-asia.com
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-pc-asia.com
------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers
C:\Program Files\QuickTime\qttask.exe
c:\windows\system32\palsp.exe <==le dossier
c:\windows\system32\deqq<==le dossier
---------------------------------
Passe adaware et vire tous se qu il trouve
----------------------------------
Passe spybot et vire tous se qu il trouve
-----------------------------------
Tu vide ta poubelle et tu redemarre en mode normal et refait un Hijack
---------------------------------
¤Reactive ta restauration systeme:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu décoche la case désactiver la restauration et applique
----------------------------
Tu caches tes fichiers cachés:
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Décocher afficher les dossiers cacher
Coche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Cocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
-----------------------------------------------
Precise tes soucis si il en restes....ton pc devrait mieux se comporter desormais
Tiens moi au courant et remet un dernier hijack this
a+
GENIAL!!! MERCI DE TON AIDE!!! J'AI CRU NE JAMAIS M'EN SORTIR!!!!!!!!!
voici le log final
Logfile of HijackThis v1.99.1
Scan saved at 12:34:01, on 05/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Atiptaxx.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\GENIUS~1\mouseElf.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.133.25.208:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.suez;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [P] C:\documents and settings\xpassemard\local settings\temp\P.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Bcsb] C:\Documents and Settings\xpassemard\Application Data\aaeo.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A997538-4E44-4B08-A82E-A43DF725C47F}: NameServer = 10.133.25.9,10.133.24.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{945157C4-F887-4668-B28A-B89194E63572}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = free.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = free.fr
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
voici le log final
Logfile of HijackThis v1.99.1
Scan saved at 12:34:01, on 05/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Atiptaxx.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\GENIUS~1\mouseElf.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.133.25.208:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.suez;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [P] C:\documents and settings\xpassemard\local settings\temp\P.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Bcsb] C:\Documents and Settings\xpassemard\Application Data\aaeo.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A997538-4E44-4B08-A82E-A43DF725C47F}: NameServer = 10.133.25.9,10.133.24.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{945157C4-F887-4668-B28A-B89194E63572}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = free.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = free.fr
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
salut,
tu peux meme fixer celle ci:
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
apparemment tout est clean, tu ne dois plus avoir de soucis et si la prochaine fois cela reapparait , adresse toi directement dans virus/securité, cela sera plus vite traité ;-)
Bon surf ^^
Bye
tu peux meme fixer celle ci:
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
apparemment tout est clean, tu ne dois plus avoir de soucis et si la prochaine fois cela reapparait , adresse toi directement dans virus/securité, cela sera plus vite traité ;-)
Bon surf ^^
Bye
