A voir également:
- Analyse de log Hijackthis SVP
- Hijackthis windows 10 - Télécharger - Antivirus & Antimalwares
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Analyse performance pc - Guide
- Analyse composant pc - Guide
- Analyse batterie pc - Guide
1 réponse
joelabete
Messages postés
126
Date d'inscription
samedi 23 juillet 2005
Statut
Membre
Dernière intervention
22 novembre 2007
6
29 juil. 2005 à 08:22
29 juil. 2005 à 08:22
Slt, telecharge spybot,adaware et microsoft antispyware sur telecharger.com, supprime tous se qu'il te propose, fé une analyse antivirus sur bitdefender et securiser.com.
Rapport ===> Supprime sa en mode sans échec!!
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R3 - Default URLSearchHook is missing
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\pumba3.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINNT\pumba3.dll
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_new.exe
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
EFFACE SA SI TU CONNAIS PAS CES IP OU SI ELLE N'ONT PAS RAPPORT A TON FAI!!
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PAR.fr O17 - HKLM\System\CCS\Services\Tcpip\..\{4F86CF66-1916-415F-B341-42DC89EF7B4E}: NameServer = 192.9.201.250
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PAR.fr
O17 - HKLM\System\CS1\Services\Tcpip\..\{4F86CF66-1916-415F-B341-42DC89EF7B4E}: NameServer = 192.9.201.250
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = PAR.fr
O17 - HKLM\System\CS2\Services\Tcpip\..\{4F86CF66-1916-415F-B341-42DC89EF7B4E}: NameServer = 192.9.201.250
voila efface deja tous sa et reposte un log apres!!
Rapport ===> Supprime sa en mode sans échec!!
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R3 - Default URLSearchHook is missing
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\pumba3.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINNT\pumba3.dll
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_new.exe
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
EFFACE SA SI TU CONNAIS PAS CES IP OU SI ELLE N'ONT PAS RAPPORT A TON FAI!!
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PAR.fr O17 - HKLM\System\CCS\Services\Tcpip\..\{4F86CF66-1916-415F-B341-42DC89EF7B4E}: NameServer = 192.9.201.250
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PAR.fr
O17 - HKLM\System\CS1\Services\Tcpip\..\{4F86CF66-1916-415F-B341-42DC89EF7B4E}: NameServer = 192.9.201.250
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = PAR.fr
O17 - HKLM\System\CS2\Services\Tcpip\..\{4F86CF66-1916-415F-B341-42DC89EF7B4E}: NameServer = 192.9.201.250
voila efface deja tous sa et reposte un log apres!!
25 août 2005 à 17:10
Merci pour tes indications que j'ai suivies.
Mais je reste infecté.
Ci-dessous le nouveau log. Peux-tu m'aider STP ?
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\Installation\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
D:\Installation\lotus\notes\ntmulti.exe
D:\Installation\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
d:\instal~1\softwin\bitdef~1\bdmcon.exe
C:\DOCUME~1\ole\LOCALS~1\Temp\pjpd.dat
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Installation\lotus\notes\NLNOTES.EXE
D:\Installation\lotus\notes\ntaskldr.EXE
C:\GESTION PULS\GESTION PULS ACTION.EXE
C:\WINNT\msagent\AgentSvr.exe
D:\Installation\Symantec\ACT\Act.exe
D:\Installation\zabkat\xplorer2_lite\xplorer2.exe
D:\Installation\Avant Browser\avant.exe
D:\Installation\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\ole\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://lookfor.cc/sp.php?pin=83556
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lookfor.cc?pin=83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://lookfor.cc/sp.php?pin=83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://lookfor.cc/sp.php?pin=83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lookfor.cc?pin=83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] D:\Installation\NavNT\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Installation\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [BDMCon] d:\INSTAL~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] d:\installation\softwin\bitdefender free edition\bdnagent.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Installation\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Ub4TrayApp] "D:\Installation\Astase\UltraBackup\4.0\bin\ubtray.exe" /start
O4 - Global Startup: Microsoft Office.lnk = D:\Installation\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Bloquer ce serveur... - D:\Installation\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - D:\Installation\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - D:\Installation\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Ouvrir tous les liens de la page... - D:\Installation\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Rechercher avec Google... - D:\Installation\Avant Browser\Search.htm
O8 - Extra context menu item: Rechercher sur le Web... - D:\Installation\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - D:\Installation\Avant Browser\Highlight.htm
O9 - Extra button: Corel Network monitor worker - {8F5212A5-8009-448D-95B4-B5900A419135} - C:\WINNT\system32\iegfxfrw.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {8F5212A5-8009-448D-95B4-B5900A419135} - C:\WINNT\system32\iegfxfrw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - D:\Installation\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Corel Network monitor worker - {8F5212A5-8009-448D-95B4-B5900A419135} - C:\WINNT\system32\iegfxfrw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {8F5212A5-8009-448D-95B4-B5900A419135} - C:\WINNT\system32\iegfxfrw.dll (HKCU)
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124289624992
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PAR.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F86CF66-1916-415F-B341-42DC89EF7B4E}: NameServer = 192.9.201.250
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PAR.fr
O17 - HKLM\System\CS1\Services\Tcpip\..\{4F86CF66-1916-415F-B341-42DC89EF7B4E}: NameServer = 192.9.201.250
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = PAR.fr
O17 - HKLM\System\CS2\Services\Tcpip\..\{4F86CF66-1916-415F-B341-42DC89EF7B4E}: NameServer = 192.9.201.250
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: DefWatch - Symantec Corporation - D:\Installation\NavNT\defwatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - D:\Installation\lotus\notes\ntmulti.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Installation\NavNT\rtvscan.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe