Fichier host modifie?
coollfake
Messages postés
57
Statut
Membre
-
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
Je trouve beaucoup de fichiers host modifié ,voici mon log hijackthis
Que faut'il faire?
Logfile of HijackThis v1.99.1
Scan saved at 09:46:48, on 30/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\PCCMAIN.EXE
F:\Program Files\a2 Free\a2start.exe
F:\Program Files\a2 Free\a2scan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\SpamPal\spampal.exe
F:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pc-cillin9.antivirus.com/en/90/PccReg/wcoRegister.asp?SN=PCEB%2D9995%2D7410%2D2629%2D5085&GUID=0103030603060101030B0304000633
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: (null) onlineaccounts2.abbeynational.co.uk
O1 - Hosts: (null) www3.aibgbonline.co.uk
O1 - Hosts: (null) www.bank.alliance-leicester.co.uk
O1 - Hosts: (null) login.iblogin.com
O1 - Hosts: (null) ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: (null) inet.barclays.co.uk
O1 - Hosts: (null) iibank.barclays.co.uk
O1 - Hosts: (null) iibank.cahoot.com
O1 - Hosts: (null) www3.coventrybuildingsociety.co.uk
O1 - Hosts: (null) ww.hsbc.co.uk
O1 - Hosts: (null) login.ebank.offshore.hsbc.co.je
O1 - Hosts: (null) ww3.online-offshore.lloydstsb.com
O1 - Hosts: (null) ww3.online-business.lloydstsb.co.uk
O1 - Hosts: (null) ww3.online.lloydstsb.co.uk
O1 - Hosts: (null) ww3.online.lloydstsb.co.uk
O1 - Hosts: (null) ww3.online-business.lloydstsb.co.uk
O1 - Hosts: (null) ob2.nationet.com
O1 - Hosts: (null) ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: (null) ww1.nwolb.com
O1 - Hosts: (null) ww1.onlinebanking.iombank.com
O1 - Hosts: (null) ww1.www.rbsdigital.com
O1 - Hosts: (null) welcome.smile.co.uk
O1 - Hosts: (null) login.365online.com
O1 - Hosts: (null) wvw.citizensbankonline.com
O1 - Hosts: (null) esecure.regionsnet.com
O1 - Hosts: (null) rollb.associatedbank.com
O1 - Hosts: (null) upb.unionplanters.com
O1 - Hosts: (null) www.onlinebanking.huntington.com
O1 - Hosts: (null) inet.southtrustonlinebanking.com
O1 - Hosts: (null) logon.personal.wamu.com
O1 - Hosts: (null) login.compassweb.com
O1 - Hosts: (null) logon.firstmeritib.com
O1 - Hosts: (null) login.ccfcuonline.org
O1 - Hosts: (null) ww3.etimebanker.bankofthewest.com
O1 - Hosts: (null) ww2.onlinebanking.lasallebank.com
O1 - Hosts: (null) wvw.totallyfreebanking.com
O1 - Hosts: (null) www.online.wellsfargo.com
O1 - Hosts: (null) www.onlinebanking.bankofoklahoma.com
O1 - Hosts: (null) accounts4.keybank.com
O1 - Hosts: (null) logon.bankone.com
O1 - Hosts: (null) www.secure.tdbanknorth.com
O1 - Hosts: (null) www.secure.mvnt4.com
O1 - Hosts: (null) ww.mynfbonline.com
O1 - Hosts: (null) login.forumcuonline.com
O1 - Hosts: (null) www.eds.usersonlnet.com
O1 - Hosts: (null) www.onlineid.bankofamerica.com
O1 - Hosts: (null) wvw.e-gold.com
O1 - Hosts: (null) pcbs.peoples.com
O1 - Hosts: (null) www.global1.onlinebank.com
O1 - Hosts: (null) ww2.mybranch.lafcu.com
O1 - Hosts: (null) login.webbanking.comerica.com
O1 - Hosts: (null) web.banking.firsttennessee.com
O1 - Hosts: (null) logon.members1st.org
O1 - Hosts: (null) www.cib.ibanking-services.com
O1 - Hosts: (null) www.miwebbusbank.ebanking-services.com
O1 - Hosts: (null) wvw.paypal.com
O1 - Hosts: (null) www.signin.ebay.com
O1 - Hosts: (null) wvw.etrade.com
O1 - Hosts: (null) ww4.fleethomelink.fleet.com
O1 - Hosts: (null) ww3.connect.skyfi.com
O1 - Hosts: (null) www6.usbank.com
O1 - Hosts: (null) www.bvi.bancodevalencia.es
O1 - Hosts: (null) extrant.banesto.es
O1 - Hosts: (null) banesnt.banesto.es
O1 - Hosts: (null) activia.caixagalicia.es
O1 - Hosts: (null) www.bancae.caixapenedes.com
O1 - Hosts: (null) login.caixasabadell.net
O1 - Hosts: (null) oii.cajamadrid.es
O1 - Hosts: (null) login.cajamar.es
O1 - Hosts: (null) login.ccm.es
O1 - Hosts: (null) ww.unicaja.es
O1 - Hosts: (null) www5.bancopopular.es
O1 - Hosts: (null) ww3.bbvanet.com
O1 - Hosts: (null) ww.bayernlb.de
O1 - Hosts: (null) ww2.berliner-volksbank.de
O1 - Hosts: (null) ww7.homebanking-berlin.de
O1 - Hosts: (null) portal09.commerzbanking.de
O1 - Hosts: (null) www.meine.deutsche-bank.de
O1 - Hosts: (null) ww2.dresdner-privat.de
O1 - Hosts: (null) ww.e-banking.helaba.de
O1 - Hosts: (null) ww.hsh-nordbank.de
O1 - Hosts: (null) www.my.hypovereinsbank.de
O1 - Hosts: (null) ww3.homebanking-berlin.de
O1 - Hosts: (null) ww3.homebanking-berlin.de
O1 - Hosts: (null) www.banking.lbbw.de
O1 - Hosts: (null) lrp.sparkasse-banking.de
O1 - Hosts: (null) ww3.homebanking-niedersachsen.de
O1 - Hosts: (null) www.onlinebanking.norisbank.de
O1 - Hosts: (null) www.banking.postbank.de
O1 - Hosts: (null) wvw.internetbanking.gad.de
O1 - Hosts: (null) ww1.portal.izb.de
O1 - Hosts: (null) wvw.kunden-service.lbs.de
O1 - Hosts: (null) ibanking.seb.de
O1 - Hosts: (null) bw7.sparkasse-banking.de
O1 - Hosts: (null) ww2.homebanking-sparkasse.de
O1 - Hosts: (null) ww2.vr-networld-ebanking.de
O1 - Hosts: (null) ww.bics.fr
O1 - Hosts: (null) www.co.caixabank.fr
O1 - Hosts: (null) ww.creditmutuel.fr
O1 - Hosts: (null) internetbank.intesabci.it
O1 - Hosts: (null) ww.extensive.bancalombarda.it
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Msxml32DOMDocument Class - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - C:\WINDOWS\System32\dllcache\msxml32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{D22C7942-4958-4F2A-8C1A-E4BA605829AC}: NameServer = 213.36.80.1 65.254.52.240
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: MpService - Canon Inc. - f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
Que faut'il faire?
Logfile of HijackThis v1.99.1
Scan saved at 09:46:48, on 30/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\PCCMAIN.EXE
F:\Program Files\a2 Free\a2start.exe
F:\Program Files\a2 Free\a2scan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\SpamPal\spampal.exe
F:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pc-cillin9.antivirus.com/en/90/PccReg/wcoRegister.asp?SN=PCEB%2D9995%2D7410%2D2629%2D5085&GUID=0103030603060101030B0304000633
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: (null) onlineaccounts2.abbeynational.co.uk
O1 - Hosts: (null) www3.aibgbonline.co.uk
O1 - Hosts: (null) www.bank.alliance-leicester.co.uk
O1 - Hosts: (null) login.iblogin.com
O1 - Hosts: (null) ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: (null) inet.barclays.co.uk
O1 - Hosts: (null) iibank.barclays.co.uk
O1 - Hosts: (null) iibank.cahoot.com
O1 - Hosts: (null) www3.coventrybuildingsociety.co.uk
O1 - Hosts: (null) ww.hsbc.co.uk
O1 - Hosts: (null) login.ebank.offshore.hsbc.co.je
O1 - Hosts: (null) ww3.online-offshore.lloydstsb.com
O1 - Hosts: (null) ww3.online-business.lloydstsb.co.uk
O1 - Hosts: (null) ww3.online.lloydstsb.co.uk
O1 - Hosts: (null) ww3.online.lloydstsb.co.uk
O1 - Hosts: (null) ww3.online-business.lloydstsb.co.uk
O1 - Hosts: (null) ob2.nationet.com
O1 - Hosts: (null) ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: (null) ww1.nwolb.com
O1 - Hosts: (null) ww1.onlinebanking.iombank.com
O1 - Hosts: (null) ww1.www.rbsdigital.com
O1 - Hosts: (null) welcome.smile.co.uk
O1 - Hosts: (null) login.365online.com
O1 - Hosts: (null) wvw.citizensbankonline.com
O1 - Hosts: (null) esecure.regionsnet.com
O1 - Hosts: (null) rollb.associatedbank.com
O1 - Hosts: (null) upb.unionplanters.com
O1 - Hosts: (null) www.onlinebanking.huntington.com
O1 - Hosts: (null) inet.southtrustonlinebanking.com
O1 - Hosts: (null) logon.personal.wamu.com
O1 - Hosts: (null) login.compassweb.com
O1 - Hosts: (null) logon.firstmeritib.com
O1 - Hosts: (null) login.ccfcuonline.org
O1 - Hosts: (null) ww3.etimebanker.bankofthewest.com
O1 - Hosts: (null) ww2.onlinebanking.lasallebank.com
O1 - Hosts: (null) wvw.totallyfreebanking.com
O1 - Hosts: (null) www.online.wellsfargo.com
O1 - Hosts: (null) www.onlinebanking.bankofoklahoma.com
O1 - Hosts: (null) accounts4.keybank.com
O1 - Hosts: (null) logon.bankone.com
O1 - Hosts: (null) www.secure.tdbanknorth.com
O1 - Hosts: (null) www.secure.mvnt4.com
O1 - Hosts: (null) ww.mynfbonline.com
O1 - Hosts: (null) login.forumcuonline.com
O1 - Hosts: (null) www.eds.usersonlnet.com
O1 - Hosts: (null) www.onlineid.bankofamerica.com
O1 - Hosts: (null) wvw.e-gold.com
O1 - Hosts: (null) pcbs.peoples.com
O1 - Hosts: (null) www.global1.onlinebank.com
O1 - Hosts: (null) ww2.mybranch.lafcu.com
O1 - Hosts: (null) login.webbanking.comerica.com
O1 - Hosts: (null) web.banking.firsttennessee.com
O1 - Hosts: (null) logon.members1st.org
O1 - Hosts: (null) www.cib.ibanking-services.com
O1 - Hosts: (null) www.miwebbusbank.ebanking-services.com
O1 - Hosts: (null) wvw.paypal.com
O1 - Hosts: (null) www.signin.ebay.com
O1 - Hosts: (null) wvw.etrade.com
O1 - Hosts: (null) ww4.fleethomelink.fleet.com
O1 - Hosts: (null) ww3.connect.skyfi.com
O1 - Hosts: (null) www6.usbank.com
O1 - Hosts: (null) www.bvi.bancodevalencia.es
O1 - Hosts: (null) extrant.banesto.es
O1 - Hosts: (null) banesnt.banesto.es
O1 - Hosts: (null) activia.caixagalicia.es
O1 - Hosts: (null) www.bancae.caixapenedes.com
O1 - Hosts: (null) login.caixasabadell.net
O1 - Hosts: (null) oii.cajamadrid.es
O1 - Hosts: (null) login.cajamar.es
O1 - Hosts: (null) login.ccm.es
O1 - Hosts: (null) ww.unicaja.es
O1 - Hosts: (null) www5.bancopopular.es
O1 - Hosts: (null) ww3.bbvanet.com
O1 - Hosts: (null) ww.bayernlb.de
O1 - Hosts: (null) ww2.berliner-volksbank.de
O1 - Hosts: (null) ww7.homebanking-berlin.de
O1 - Hosts: (null) portal09.commerzbanking.de
O1 - Hosts: (null) www.meine.deutsche-bank.de
O1 - Hosts: (null) ww2.dresdner-privat.de
O1 - Hosts: (null) ww.e-banking.helaba.de
O1 - Hosts: (null) ww.hsh-nordbank.de
O1 - Hosts: (null) www.my.hypovereinsbank.de
O1 - Hosts: (null) ww3.homebanking-berlin.de
O1 - Hosts: (null) ww3.homebanking-berlin.de
O1 - Hosts: (null) www.banking.lbbw.de
O1 - Hosts: (null) lrp.sparkasse-banking.de
O1 - Hosts: (null) ww3.homebanking-niedersachsen.de
O1 - Hosts: (null) www.onlinebanking.norisbank.de
O1 - Hosts: (null) www.banking.postbank.de
O1 - Hosts: (null) wvw.internetbanking.gad.de
O1 - Hosts: (null) ww1.portal.izb.de
O1 - Hosts: (null) wvw.kunden-service.lbs.de
O1 - Hosts: (null) ibanking.seb.de
O1 - Hosts: (null) bw7.sparkasse-banking.de
O1 - Hosts: (null) ww2.homebanking-sparkasse.de
O1 - Hosts: (null) ww2.vr-networld-ebanking.de
O1 - Hosts: (null) ww.bics.fr
O1 - Hosts: (null) www.co.caixabank.fr
O1 - Hosts: (null) ww.creditmutuel.fr
O1 - Hosts: (null) internetbank.intesabci.it
O1 - Hosts: (null) ww.extensive.bancalombarda.it
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Msxml32DOMDocument Class - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - C:\WINDOWS\System32\dllcache\msxml32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{D22C7942-4958-4F2A-8C1A-E4BA605829AC}: NameServer = 213.36.80.1 65.254.52.240
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: MpService - Canon Inc. - f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
A voir également:
- Fichier host modifie?
- Fichier host - Guide
- Fichier bin - Guide
- Fichier epub - Guide
- Fichier rar - Guide
- Comment réduire la taille d'un fichier - Guide
18 réponses
Slt telecherge spybot adaware et microsoft antispyware sur telecharger.com et fé une analyse avec supprimpe tous se qui trouve et fé aussi une analyse antivirus sur securiser.com et bitdefender!
Rapport==>supprime sa en mode sans échec!
O1 - Hosts: (null) onlineaccounts2.abbeynational.co.uk
O1 - Hosts: (null) www3.aibgbonline.co.uk
O1 - Hosts: (null) www.bank.alliance-leicester.co.uk
O1 - Hosts: (null) login.iblogin.com
O1 - Hosts: (null) ww2.bankofscotlandhalifax-online.co.uk O1 - Hosts: (null) inet.barclays.co.uk
O1 - Hosts: (null) iibank.barclays.co.uk
O1 - Hosts: (null) iibank.cahoot.com
O1 - Hosts: (null) www3.coventrybuildingsociety.co.uk
O1 - Hosts: (null) ww.hsbc.co.uk
O1 - Hosts: (null) login.ebank.offshore.hsbc.co.je
O1 - Hosts: (null) ww3.online-offshore.lloydstsb.com
O1 - Hosts: (null) ww3.online-business.lloydstsb.co.uk
O1 - Hosts: (null) ww3.online.lloydstsb.co.uk
O1 - Hosts: (null) ww3.online.lloydstsb.co.uk
O1 - Hosts: (null) ww3.online-business.lloydstsb.co.uk
O1 - Hosts: (null) ob2.nationet.com
O1 - Hosts: (null) ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: (null) ww1.nwolb.com
O1 - Hosts: (null) ww1.onlinebanking.iombank.com
O1 - Hosts: (null) ww1.www.rbsdigital.com
O1 - Hosts: (null) welcome.smile.co.uk
O1 - Hosts: (null) login.365online.com
O1 - Hosts: (null) wvw.citizensbankonline.com
O1 - Hosts: (null) esecure.regionsnet.com
O1 - Hosts: (null) rollb.associatedbank.com
O1 - Hosts: (null) upb.unionplanters.com
O1 - Hosts: (null) www.onlinebanking.huntington.com
O1 - Hosts: (null) inet.southtrustonlinebanking.com
O1 - Hosts: (null) logon.personal.wamu.com
O1 - Hosts: (null) login.compassweb.com
O1 - Hosts: (null) logon.firstmeritib.com
O1 - Hosts: (null) login.ccfcuonline.org
O1 - Hosts: (null) ww3.etimebanker.bankofthewest.com
O1 - Hosts: (null) ww2.onlinebanking.lasallebank.com
O1 - Hosts: (null) wvw.totallyfreebanking.com
O1 - Hosts: (null) www.online.wellsfargo.com
O1 - Hosts: (null) www.onlinebanking.bankofoklahoma.com
O1 - Hosts: (null) accounts4.keybank.com
O1 - Hosts: (null) logon.bankone.com
O1 - Hosts: (null) www.secure.tdbanknorth.com
O1 - Hosts: (null) www.secure.mvnt4.com
O1 - Hosts: (null) ww.mynfbonline.com
O1 - Hosts: (null) login.forumcuonline.com
O1 - Hosts: (null) www.eds.usersonlnet.com
O1 - Hosts: (null) www.onlineid.bankofamerica.com
O1 - Hosts: (null) wvw.e-gold.com
O1 - Hosts: (null) pcbs.peoples.com
O1 - Hosts: (null) www.global1.onlinebank.com
O1 - Hosts: (null) ww2.mybranch.lafcu.com
O1 - Hosts: (null) login.webbanking.comerica.com
O1 - Hosts: (null) web.banking.firsttennessee.com
O1 - Hosts: (null) logon.members1st.org
O1 - Hosts: (null) www.cib.ibanking-services.com
O1 - Hosts: (null) www.miwebbusbank.ebanking-services.com
O1 - Hosts: (null) wvw.paypal.com
O1 - Hosts: (null) www.signin.ebay.com
O1 - Hosts: (null) wvw.etrade.com
O1 - Hosts: (null) ww4.fleethomelink.fleet.com
O1 - Hosts: (null) ww3.connect.skyfi.com
O1 - Hosts: (null) www6.usbank.com
O1 - Hosts: (null)
www.bvi.bancodevalencia.es
O1 - Hosts: (null) extrant.banesto.es
O1 - Hosts: (null) banesnt.banesto.es
O1 - Hosts: (null) activia.caixagalicia.es
O1 - Hosts: (null) www.bancae.caixapenedes.com
O1 - Hosts: (null) login.caixasabadell.net
O1 - Hosts: (null) oii.cajamadrid.es
O1 - Hosts: (null) login.cajamar.es
O1 - Hosts: (null) login.ccm.es
O1 - Hosts: (null) ww.unicaja.es
O1 - Hosts: (null) www5.bancopopular.es
O1 - Hosts: (null) ww3.bbvanet.com
O1 - Hosts: (null) ww.bayernlb.de
O1 - Hosts: (null) ww2
.berliner-volksbank.de
O1 - Hosts: (null) ww7.homebanking-berlin.de
O1 - Hosts: (null) portal09.commerzbanking.de
O1 - Hosts: (null) www.meine.deutsche-bank.de
O1 - Hosts: (null) ww2.dresdner-privat.de
O1 - Hosts: (null) ww.e-banking.helaba.de
O1 - Hosts: (null) ww.hsh-nordbank.de
O1 - Hosts: (null) www.my.hypovereinsbank.de
O1 - Hosts: (null) ww3.homebanking-berlin.de
O1 - Hosts: (null) ww3.homebanking-berlin.de
O1 - Hosts: (null) www.banking.lbbw.de
O1 - Hosts: (null) lrp.sparkasse-banking.de
O1 - Hosts: (null) ww3.homebanking-niedersachsen.de
O1 - Hosts: (null) www.onlinebanking.norisbank.de
O1 - Hosts: (null) www.banking.postbank.de
O1 - Hosts: (null) wvw.internetbanking.gad.de
O1 - Hosts: (null) ww1.portal.izb.de
O1 - Hosts: (null) wvw.kunden-service.lbs.de
O1 - Hosts: (null) ibanking.seb.de
O1 - Hosts: (null) bw7.sparkasse-banking.de
O1 - Hosts: (null) ww2.homebanking-sparkasse.de
O1 - Hosts: (null) ww2.vr-networld-ebanking.de
O1 - Hosts: (null) ww.bics.fr
O1 - Hosts: (null) www.co.caixabank.fr
O1 - Hosts: (null) ww.creditmutuel.fr
O1 - Hosts: (null) internetbank.intesabci.it
O1 - Hosts: (null) ww.extensive.bancalombarda.it
Supprime sa aussi:
C:\Program Files\Trend Micro\PC-cillin 2002\PCCMAIN.EXE
Supprime c'est fichier si tu les trouve! (en mode sans échec!)
* C:\Windows\AD3.vbs
* C:\Windows\System\Miss.vbs
* C:\Windows\System\Kelly.vbs
* C:\Windows\System\Rainbow.vbs
* C:\Program Files\Norton AntiVirus\NMain.exe
* C:\Program Files\Norton AntiVirus\NAVW32.EXE
* C:\Program Files\Norton AntiVirus\Nsched32.exe
* C:\Program Files\Symantec\LiveUpdate\LUAll.exe
* C:\Program Files\AntiViral Toolkit Pro\Avpm.exe
* C:\Program Files\Trend PC-cillin 98\PCCWIN98.exe
* C:\Program Files\Trend PC-cillin 2000\Pccmain.exe
* C:\Program Files\Trend PC-cillin 98 PLUS!\Pccwin98.exe
1. Va dans ton registre==> exécuter et tape regedit! Sauvegarde ton registre avant!!
3. Ouvre cette clef:
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
4. Supprime ces valeur si tu les trouve !
AD3
miss
Kelly
rainbow
5. Ouvre cette clef:
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
6. Supprime cette valeur
AD3
7. Ouvre cette clef
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\RunServices
8. Supprime sa si tu le trouve
PCCIOMON.EXE
9. Supprime ses clefs! si tu les trouve
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\
Microsoft\Office\9.0\Word\Security\
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Network\Installed
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Network\LanMan\530\Path
10. Quitte le registre et redémarre le pc!
Rapport==>supprime sa en mode sans échec!
O1 - Hosts: (null) onlineaccounts2.abbeynational.co.uk
O1 - Hosts: (null) www3.aibgbonline.co.uk
O1 - Hosts: (null) www.bank.alliance-leicester.co.uk
O1 - Hosts: (null) login.iblogin.com
O1 - Hosts: (null) ww2.bankofscotlandhalifax-online.co.uk O1 - Hosts: (null) inet.barclays.co.uk
O1 - Hosts: (null) iibank.barclays.co.uk
O1 - Hosts: (null) iibank.cahoot.com
O1 - Hosts: (null) www3.coventrybuildingsociety.co.uk
O1 - Hosts: (null) ww.hsbc.co.uk
O1 - Hosts: (null) login.ebank.offshore.hsbc.co.je
O1 - Hosts: (null) ww3.online-offshore.lloydstsb.com
O1 - Hosts: (null) ww3.online-business.lloydstsb.co.uk
O1 - Hosts: (null) ww3.online.lloydstsb.co.uk
O1 - Hosts: (null) ww3.online.lloydstsb.co.uk
O1 - Hosts: (null) ww3.online-business.lloydstsb.co.uk
O1 - Hosts: (null) ob2.nationet.com
O1 - Hosts: (null) ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: (null) ww1.nwolb.com
O1 - Hosts: (null) ww1.onlinebanking.iombank.com
O1 - Hosts: (null) ww1.www.rbsdigital.com
O1 - Hosts: (null) welcome.smile.co.uk
O1 - Hosts: (null) login.365online.com
O1 - Hosts: (null) wvw.citizensbankonline.com
O1 - Hosts: (null) esecure.regionsnet.com
O1 - Hosts: (null) rollb.associatedbank.com
O1 - Hosts: (null) upb.unionplanters.com
O1 - Hosts: (null) www.onlinebanking.huntington.com
O1 - Hosts: (null) inet.southtrustonlinebanking.com
O1 - Hosts: (null) logon.personal.wamu.com
O1 - Hosts: (null) login.compassweb.com
O1 - Hosts: (null) logon.firstmeritib.com
O1 - Hosts: (null) login.ccfcuonline.org
O1 - Hosts: (null) ww3.etimebanker.bankofthewest.com
O1 - Hosts: (null) ww2.onlinebanking.lasallebank.com
O1 - Hosts: (null) wvw.totallyfreebanking.com
O1 - Hosts: (null) www.online.wellsfargo.com
O1 - Hosts: (null) www.onlinebanking.bankofoklahoma.com
O1 - Hosts: (null) accounts4.keybank.com
O1 - Hosts: (null) logon.bankone.com
O1 - Hosts: (null) www.secure.tdbanknorth.com
O1 - Hosts: (null) www.secure.mvnt4.com
O1 - Hosts: (null) ww.mynfbonline.com
O1 - Hosts: (null) login.forumcuonline.com
O1 - Hosts: (null) www.eds.usersonlnet.com
O1 - Hosts: (null) www.onlineid.bankofamerica.com
O1 - Hosts: (null) wvw.e-gold.com
O1 - Hosts: (null) pcbs.peoples.com
O1 - Hosts: (null) www.global1.onlinebank.com
O1 - Hosts: (null) ww2.mybranch.lafcu.com
O1 - Hosts: (null) login.webbanking.comerica.com
O1 - Hosts: (null) web.banking.firsttennessee.com
O1 - Hosts: (null) logon.members1st.org
O1 - Hosts: (null) www.cib.ibanking-services.com
O1 - Hosts: (null) www.miwebbusbank.ebanking-services.com
O1 - Hosts: (null) wvw.paypal.com
O1 - Hosts: (null) www.signin.ebay.com
O1 - Hosts: (null) wvw.etrade.com
O1 - Hosts: (null) ww4.fleethomelink.fleet.com
O1 - Hosts: (null) ww3.connect.skyfi.com
O1 - Hosts: (null) www6.usbank.com
O1 - Hosts: (null)
www.bvi.bancodevalencia.es
O1 - Hosts: (null) extrant.banesto.es
O1 - Hosts: (null) banesnt.banesto.es
O1 - Hosts: (null) activia.caixagalicia.es
O1 - Hosts: (null) www.bancae.caixapenedes.com
O1 - Hosts: (null) login.caixasabadell.net
O1 - Hosts: (null) oii.cajamadrid.es
O1 - Hosts: (null) login.cajamar.es
O1 - Hosts: (null) login.ccm.es
O1 - Hosts: (null) ww.unicaja.es
O1 - Hosts: (null) www5.bancopopular.es
O1 - Hosts: (null) ww3.bbvanet.com
O1 - Hosts: (null) ww.bayernlb.de
O1 - Hosts: (null) ww2
.berliner-volksbank.de
O1 - Hosts: (null) ww7.homebanking-berlin.de
O1 - Hosts: (null) portal09.commerzbanking.de
O1 - Hosts: (null) www.meine.deutsche-bank.de
O1 - Hosts: (null) ww2.dresdner-privat.de
O1 - Hosts: (null) ww.e-banking.helaba.de
O1 - Hosts: (null) ww.hsh-nordbank.de
O1 - Hosts: (null) www.my.hypovereinsbank.de
O1 - Hosts: (null) ww3.homebanking-berlin.de
O1 - Hosts: (null) ww3.homebanking-berlin.de
O1 - Hosts: (null) www.banking.lbbw.de
O1 - Hosts: (null) lrp.sparkasse-banking.de
O1 - Hosts: (null) ww3.homebanking-niedersachsen.de
O1 - Hosts: (null) www.onlinebanking.norisbank.de
O1 - Hosts: (null) www.banking.postbank.de
O1 - Hosts: (null) wvw.internetbanking.gad.de
O1 - Hosts: (null) ww1.portal.izb.de
O1 - Hosts: (null) wvw.kunden-service.lbs.de
O1 - Hosts: (null) ibanking.seb.de
O1 - Hosts: (null) bw7.sparkasse-banking.de
O1 - Hosts: (null) ww2.homebanking-sparkasse.de
O1 - Hosts: (null) ww2.vr-networld-ebanking.de
O1 - Hosts: (null) ww.bics.fr
O1 - Hosts: (null) www.co.caixabank.fr
O1 - Hosts: (null) ww.creditmutuel.fr
O1 - Hosts: (null) internetbank.intesabci.it
O1 - Hosts: (null) ww.extensive.bancalombarda.it
Supprime sa aussi:
C:\Program Files\Trend Micro\PC-cillin 2002\PCCMAIN.EXE
Supprime c'est fichier si tu les trouve! (en mode sans échec!)
* C:\Windows\AD3.vbs
* C:\Windows\System\Miss.vbs
* C:\Windows\System\Kelly.vbs
* C:\Windows\System\Rainbow.vbs
* C:\Program Files\Norton AntiVirus\NMain.exe
* C:\Program Files\Norton AntiVirus\NAVW32.EXE
* C:\Program Files\Norton AntiVirus\Nsched32.exe
* C:\Program Files\Symantec\LiveUpdate\LUAll.exe
* C:\Program Files\AntiViral Toolkit Pro\Avpm.exe
* C:\Program Files\Trend PC-cillin 98\PCCWIN98.exe
* C:\Program Files\Trend PC-cillin 2000\Pccmain.exe
* C:\Program Files\Trend PC-cillin 98 PLUS!\Pccwin98.exe
1. Va dans ton registre==> exécuter et tape regedit! Sauvegarde ton registre avant!!
3. Ouvre cette clef:
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
4. Supprime ces valeur si tu les trouve !
AD3
miss
Kelly
rainbow
5. Ouvre cette clef:
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
6. Supprime cette valeur
AD3
7. Ouvre cette clef
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\RunServices
8. Supprime sa si tu le trouve
PCCIOMON.EXE
9. Supprime ses clefs! si tu les trouve
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\
Microsoft\Office\9.0\Word\Security\
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Network\Installed
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Network\LanMan\530\Path
10. Quitte le registre et redémarre le pc!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voici le resultat de bitfender online scanner
C:\WINDOWS\system32\dllcache\msxml32.dll
Infecté par: Trojan.Banker.SN
C:\WINDOWS\system32\dllcache\msxml32.dll
Echec de la désinfection
C:\WINDOWS\system32\dllcache\msxml32.dll
Echec de la suppression
C:\WINDOWS\system32\dllcache\msxml32.dll
Infecté par: Trojan.Banker.SN
C:\WINDOWS\system32\dllcache\msxml32.dll
Echec de la désinfection
C:\WINDOWS\system32\dllcache\msxml32.dll
Echec de la suppression
mon dernier log j'ai reussi a supprimer
C:\WINDOWS\system32\dllcache\msxml32.dll en mode sans echec
Logfile of HijackThis v1.99.1
Scan saved at 14:35:54, on 30/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\PCCMAIN.EXE
F:\Program Files\a2 Free\a2start.exe
F:\Program Files\a2 Free\a2scan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\taskmgr.exe
f:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
F:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pc-cillin9.antivirus.com/en/90/PccReg/wcoRegister.asp?SN=PCEB%2D9995%2D7410%2D2629%2D5085&GUID=0103030603060101030B0304000633
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4544/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D22C7942-4958-4F2A-8C1A-E4BA605829AC}: NameServer = 213.36.80.1 65.254.52.240
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: MpService - Canon Inc. - f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
je refais un scan en ligne a tout hazard
C:\WINDOWS\system32\dllcache\msxml32.dll en mode sans echec
Logfile of HijackThis v1.99.1
Scan saved at 14:35:54, on 30/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\PCCMAIN.EXE
F:\Program Files\a2 Free\a2start.exe
F:\Program Files\a2 Free\a2scan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\taskmgr.exe
f:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
F:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pc-cillin9.antivirus.com/en/90/PccReg/wcoRegister.asp?SN=PCEB%2D9995%2D7410%2D2629%2D5085&GUID=0103030603060101030B0304000633
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4544/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D22C7942-4958-4F2A-8C1A-E4BA605829AC}: NameServer = 213.36.80.1 65.254.52.240
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: MpService - Canon Inc. - f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
je refais un scan en ligne a tout hazard
j'ai fait scanner C:\Program Files\Trend Micro\PC-cillin 2002\pccmain.exe par http://www.virustotal.com/xhtml/virustotal_en.html
pas de virus trouvé, il s'agit bien de l'executable principal de PCCillin2002
pas de virus trouvé, il s'agit bien de l'executable principal de PCCillin2002
salut, tu l as telecharger ou ce hijack this?
tu peux le supprimer et le re telecharger ici stp
télécharge hijackthis ici:
http://www.hijackthis.de/downloads/hijackthis_199.zip
Dézippe le dans un dossier prévu a cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Lancez le puis:
clic sur "do a system scan and save logfile" (cf demo)
faire un copier coller du log entier sur le forum
Démo : (merci a balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
Bon courage
A+
et dis moi ou en sont tes soucis
tu peux le supprimer et le re telecharger ici stp
télécharge hijackthis ici:
http://www.hijackthis.de/downloads/hijackthis_199.zip
Dézippe le dans un dossier prévu a cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Lancez le puis:
clic sur "do a system scan and save logfile" (cf demo)
faire un copier coller du log entier sur le forum
Démo : (merci a balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
Bon courage
A+
et dis moi ou en sont tes soucis
Salut
Joe, pourquoi tu fais supprimer ces cles ?
a+
Joe, pourquoi tu fais supprimer ces cles ?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run AD3 miss Kelly rainbow HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run AD3 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices PCCIOMON.EXE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Word\Security\ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Network\Installed HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Network\LanMan\530\Path
a+
salut ne fait rien de se qu il ta dit
et joe je t est deja dit ne fait pas si tu c est pas
tu lui vire son av et tu tape dans le registre sans dicernementcela suffit
il faut ensuite ratrapper et cela nuit a la bonne appreciation de cette section et du forum en general
et joe je t est deja dit ne fait pas si tu c est pas
tu lui vire son av et tu tape dans le registre sans dicernementcela suffit
il faut ensuite ratrapper et cela nuit a la bonne appreciation de cette section et du forum en general
j'ai telecharger hijackthis sur ce site http://pchelpbordeaux.free.fr/
il s'agit de la version francaise v1.99.1
j'ai regardé dans regedit mais n'est rien trouvé donc rien supprimé
j'ai laissé Pccmain a sa place
mon dernier log
Logfile of HijackThis v1.99.1
Scan saved at 23:36:08, on 30/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
f:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
F:\Program Files\TuneUp Utilities 2004\ProcessManager.exe
C:\Program Files\SpamPal\spampal.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
F:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pc-cillin9.antivirus.com/en/90/PccReg/wcoRegister.asp?SN=PCEB%2D9995%2D7410%2D2629%2D5085&GUID=0103030603060101030B0304000633
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4544/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D22C7942-4958-4F2A-8C1A-E4BA605829AC}: NameServer = 213.36.80.1 65.254.52.240
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: MpService - Canon Inc. - f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
merci pour vos reponses
il s'agit de la version francaise v1.99.1
j'ai regardé dans regedit mais n'est rien trouvé donc rien supprimé
j'ai laissé Pccmain a sa place
mon dernier log
Logfile of HijackThis v1.99.1
Scan saved at 23:36:08, on 30/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
f:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
F:\Program Files\TuneUp Utilities 2004\ProcessManager.exe
C:\Program Files\SpamPal\spampal.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
F:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pc-cillin9.antivirus.com/en/90/PccReg/wcoRegister.asp?SN=PCEB%2D9995%2D7410%2D2629%2D5085&GUID=0103030603060101030B0304000633
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4544/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D22C7942-4958-4F2A-8C1A-E4BA605829AC}: NameServer = 213.36.80.1 65.254.52.240
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: MpService - Canon Inc. - f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
merci pour vos reponses
rien de mechant
► relance hijack coche ces lignes et ensuite clik sur fix
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
et utilise ces prog
ad-aware (1)version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
► relance hijack coche ces lignes et ensuite clik sur fix
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
et utilise ces prog
ad-aware (1)version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
ok j'ai fixé O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
spybot n'a trouvé aucun mouchard
a2 et ad-aware sont en cours de recherche
clean-up m'a enlevé 1 GO de données , j'espere qu'il n'a rien oté de capital.
spybot n'a trouvé aucun mouchard
a2 et ad-aware sont en cours de recherche
clean-up m'a enlevé 1 GO de données , j'espere qu'il n'a rien oté de capital.
voila g tout fait .
Mon dernier log
Logfile of HijackThis v1.99.1
Scan saved at 12:48:13, on 31/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Program Files\SpamPal\spampal.exe
f:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\TuneUp Utilities 2004\ProcessManager.exe
F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
F:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pc-cillin9.antivirus.com/en/90/PccReg/wcoRegister.asp?SN=PCEB%2D9995%2D7410%2D2629%2D5085&GUID=0103030603060101030B0304000633
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4544/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D22C7942-4958-4F2A-8C1A-E4BA605829AC}: NameServer = 213.36.80.1 65.254.52.240
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: MpService - Canon Inc. - f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
je pense que tout a ete nettoyé non?
Mon dernier log
Logfile of HijackThis v1.99.1
Scan saved at 12:48:13, on 31/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Program Files\SpamPal\spampal.exe
f:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\TuneUp Utilities 2004\ProcessManager.exe
F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
F:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pc-cillin9.antivirus.com/en/90/PccReg/wcoRegister.asp?SN=PCEB%2D9995%2D7410%2D2629%2D5085&GUID=0103030603060101030B0304000633
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4544/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D22C7942-4958-4F2A-8C1A-E4BA605829AC}: NameServer = 213.36.80.1 65.254.52.240
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: MpService - Canon Inc. - f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
je pense que tout a ete nettoyé non?
