Fichier host modifie?

coollfake Messages postés 57 Statut Membre -  
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
Je trouve beaucoup de fichiers host modifié ,voici mon log hijackthis

Que faut'il faire?

Logfile of HijackThis v1.99.1
Scan saved at 09:46:48, on 30/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\PCCMAIN.EXE
F:\Program Files\a2 Free\a2start.exe
F:\Program Files\a2 Free\a2scan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\SpamPal\spampal.exe
F:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pc-cillin9.antivirus.com/en/90/PccReg/wcoRegister.asp?SN=PCEB%2D9995%2D7410%2D2629%2D5085&GUID=0103030603060101030B0304000633
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: (null) onlineaccounts2.abbeynational.co.uk
O1 - Hosts: (null) www3.aibgbonline.co.uk
O1 - Hosts: (null) www.bank.alliance-leicester.co.uk
O1 - Hosts: (null) login.iblogin.com
O1 - Hosts: (null) ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: (null) inet.barclays.co.uk
O1 - Hosts: (null) iibank.barclays.co.uk
O1 - Hosts: (null) iibank.cahoot.com
O1 - Hosts: (null) www3.coventrybuildingsociety.co.uk
O1 - Hosts: (null) ww.hsbc.co.uk
O1 - Hosts: (null) login.ebank.offshore.hsbc.co.je
O1 - Hosts: (null) ww3.online-offshore.lloydstsb.com
O1 - Hosts: (null) ww3.online-business.lloydstsb.co.uk
O1 - Hosts: (null) ww3.online.lloydstsb.co.uk
O1 - Hosts: (null) ww3.online.lloydstsb.co.uk
O1 - Hosts: (null) ww3.online-business.lloydstsb.co.uk
O1 - Hosts: (null) ob2.nationet.com
O1 - Hosts: (null) ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: (null) ww1.nwolb.com
O1 - Hosts: (null) ww1.onlinebanking.iombank.com
O1 - Hosts: (null) ww1.www.rbsdigital.com
O1 - Hosts: (null) welcome.smile.co.uk
O1 - Hosts: (null) login.365online.com
O1 - Hosts: (null) wvw.citizensbankonline.com
O1 - Hosts: (null) esecure.regionsnet.com
O1 - Hosts: (null) rollb.associatedbank.com
O1 - Hosts: (null) upb.unionplanters.com
O1 - Hosts: (null) www.onlinebanking.huntington.com
O1 - Hosts: (null) inet.southtrustonlinebanking.com
O1 - Hosts: (null) logon.personal.wamu.com
O1 - Hosts: (null) login.compassweb.com
O1 - Hosts: (null) logon.firstmeritib.com
O1 - Hosts: (null) login.ccfcuonline.org
O1 - Hosts: (null) ww3.etimebanker.bankofthewest.com
O1 - Hosts: (null) ww2.onlinebanking.lasallebank.com
O1 - Hosts: (null) wvw.totallyfreebanking.com
O1 - Hosts: (null) www.online.wellsfargo.com
O1 - Hosts: (null) www.onlinebanking.bankofoklahoma.com
O1 - Hosts: (null) accounts4.keybank.com
O1 - Hosts: (null) logon.bankone.com
O1 - Hosts: (null) www.secure.tdbanknorth.com
O1 - Hosts: (null) www.secure.mvnt4.com
O1 - Hosts: (null) ww.mynfbonline.com
O1 - Hosts: (null) login.forumcuonline.com
O1 - Hosts: (null) www.eds.usersonlnet.com
O1 - Hosts: (null) www.onlineid.bankofamerica.com
O1 - Hosts: (null) wvw.e-gold.com
O1 - Hosts: (null) pcbs.peoples.com
O1 - Hosts: (null) www.global1.onlinebank.com
O1 - Hosts: (null) ww2.mybranch.lafcu.com
O1 - Hosts: (null) login.webbanking.comerica.com
O1 - Hosts: (null) web.banking.firsttennessee.com
O1 - Hosts: (null) logon.members1st.org
O1 - Hosts: (null) www.cib.ibanking-services.com
O1 - Hosts: (null) www.miwebbusbank.ebanking-services.com
O1 - Hosts: (null) wvw.paypal.com
O1 - Hosts: (null) www.signin.ebay.com
O1 - Hosts: (null) wvw.etrade.com
O1 - Hosts: (null) ww4.fleethomelink.fleet.com
O1 - Hosts: (null) ww3.connect.skyfi.com
O1 - Hosts: (null) www6.usbank.com
O1 - Hosts: (null) www.bvi.bancodevalencia.es
O1 - Hosts: (null) extrant.banesto.es
O1 - Hosts: (null) banesnt.banesto.es
O1 - Hosts: (null) activia.caixagalicia.es
O1 - Hosts: (null) www.bancae.caixapenedes.com
O1 - Hosts: (null) login.caixasabadell.net
O1 - Hosts: (null) oii.cajamadrid.es
O1 - Hosts: (null) login.cajamar.es
O1 - Hosts: (null) login.ccm.es
O1 - Hosts: (null) ww.unicaja.es
O1 - Hosts: (null) www5.bancopopular.es
O1 - Hosts: (null) ww3.bbvanet.com
O1 - Hosts: (null) ww.bayernlb.de
O1 - Hosts: (null) ww2.berliner-volksbank.de
O1 - Hosts: (null) ww7.homebanking-berlin.de
O1 - Hosts: (null) portal09.commerzbanking.de
O1 - Hosts: (null) www.meine.deutsche-bank.de
O1 - Hosts: (null) ww2.dresdner-privat.de
O1 - Hosts: (null) ww.e-banking.helaba.de
O1 - Hosts: (null) ww.hsh-nordbank.de
O1 - Hosts: (null) www.my.hypovereinsbank.de
O1 - Hosts: (null) ww3.homebanking-berlin.de
O1 - Hosts: (null) ww3.homebanking-berlin.de
O1 - Hosts: (null) www.banking.lbbw.de
O1 - Hosts: (null) lrp.sparkasse-banking.de
O1 - Hosts: (null) ww3.homebanking-niedersachsen.de
O1 - Hosts: (null) www.onlinebanking.norisbank.de
O1 - Hosts: (null) www.banking.postbank.de
O1 - Hosts: (null) wvw.internetbanking.gad.de
O1 - Hosts: (null) ww1.portal.izb.de
O1 - Hosts: (null) wvw.kunden-service.lbs.de
O1 - Hosts: (null) ibanking.seb.de
O1 - Hosts: (null) bw7.sparkasse-banking.de
O1 - Hosts: (null) ww2.homebanking-sparkasse.de
O1 - Hosts: (null) ww2.vr-networld-ebanking.de
O1 - Hosts: (null) ww.bics.fr
O1 - Hosts: (null) www.co.caixabank.fr
O1 - Hosts: (null) ww.creditmutuel.fr
O1 - Hosts: (null) internetbank.intesabci.it
O1 - Hosts: (null) ww.extensive.bancalombarda.it
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Msxml32DOMDocument Class - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - C:\WINDOWS\System32\dllcache\msxml32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{D22C7942-4958-4F2A-8C1A-E4BA605829AC}: NameServer = 213.36.80.1 65.254.52.240
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: MpService - Canon Inc. - f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

18 réponses

  1. joelabete Messages postés 126 Statut Membre 6
     
    Slt telecherge spybot adaware et microsoft antispyware sur telecharger.com et fé une analyse avec supprimpe tous se qui trouve et fé aussi une analyse antivirus sur securiser.com et bitdefender!

    Rapport==>supprime sa en mode sans échec!

    O1 - Hosts: (null) onlineaccounts2.abbeynational.co.uk

    O1 - Hosts: (null) www3.aibgbonline.co.uk

    O1 - Hosts: (null) www.bank.alliance-leicester.co.uk

    O1 - Hosts: (null) login.iblogin.com

    O1 - Hosts: (null) ww2.bankofscotlandhalifax-online.co.uk O1 - Hosts: (null) inet.barclays.co.uk

    O1 - Hosts: (null) iibank.barclays.co.uk

    O1 - Hosts: (null) iibank.cahoot.com

    O1 - Hosts: (null) www3.coventrybuildingsociety.co.uk

    O1 - Hosts: (null) ww.hsbc.co.uk

    O1 - Hosts: (null) login.ebank.offshore.hsbc.co.je

    O1 - Hosts: (null) ww3.online-offshore.lloydstsb.com

    O1 - Hosts: (null) ww3.online-business.lloydstsb.co.uk

    O1 - Hosts: (null) ww3.online.lloydstsb.co.uk

    O1 - Hosts: (null) ww3.online.lloydstsb.co.uk

    O1 - Hosts: (null) ww3.online-business.lloydstsb.co.uk

    O1 - Hosts: (null) ob2.nationet.com

    O1 - Hosts: (null) ww3.onlinebanking.natwestoffshore.com

    O1 - Hosts: (null) ww1.nwolb.com

    O1 - Hosts: (null) ww1.onlinebanking.iombank.com

    O1 - Hosts: (null) ww1.www.rbsdigital.com

    O1 - Hosts: (null) welcome.smile.co.uk

    O1 - Hosts: (null) login.365online.com

    O1 - Hosts: (null) wvw.citizensbankonline.com

    O1 - Hosts: (null) esecure.regionsnet.com

    O1 - Hosts: (null) rollb.associatedbank.com

    O1 - Hosts: (null) upb.unionplanters.com

    O1 - Hosts: (null) www.onlinebanking.huntington.com

    O1 - Hosts: (null) inet.southtrustonlinebanking.com

    O1 - Hosts: (null) logon.personal.wamu.com

    O1 - Hosts: (null) login.compassweb.com

    O1 - Hosts: (null) logon.firstmeritib.com

    O1 - Hosts: (null) login.ccfcuonline.org

    O1 - Hosts: (null) ww3.etimebanker.bankofthewest.com

    O1 - Hosts: (null) ww2.onlinebanking.lasallebank.com

    O1 - Hosts: (null) wvw.totallyfreebanking.com

    O1 - Hosts: (null) www.online.wellsfargo.com

    O1 - Hosts: (null) www.onlinebanking.bankofoklahoma.com

    O1 - Hosts: (null) accounts4.keybank.com

    O1 - Hosts: (null) logon.bankone.com

    O1 - Hosts: (null) www.secure.tdbanknorth.com

    O1 - Hosts: (null) www.secure.mvnt4.com

    O1 - Hosts: (null) ww.mynfbonline.com

    O1 - Hosts: (null) login.forumcuonline.com

    O1 - Hosts: (null) www.eds.usersonlnet.com

    O1 - Hosts: (null) www.onlineid.bankofamerica.com

    O1 - Hosts: (null) wvw.e-gold.com

    O1 - Hosts: (null) pcbs.peoples.com

    O1 - Hosts: (null) www.global1.onlinebank.com

    O1 - Hosts: (null) ww2.mybranch.lafcu.com

    O1 - Hosts: (null) login.webbanking.comerica.com

    O1 - Hosts: (null) web.banking.firsttennessee.com

    O1 - Hosts: (null) logon.members1st.org

    O1 - Hosts: (null) www.cib.ibanking-services.com

    O1 - Hosts: (null) www.miwebbusbank.ebanking-services.com

    O1 - Hosts: (null) wvw.paypal.com

    O1 - Hosts: (null) www.signin.ebay.com

    O1 - Hosts: (null) wvw.etrade.com

    O1 - Hosts: (null) ww4.fleethomelink.fleet.com

    O1 - Hosts: (null) ww3.connect.skyfi.com

    O1 - Hosts: (null) www6.usbank.com

    O1 - Hosts: (null)
    www.bvi.bancodevalencia.es

    O1 - Hosts: (null) extrant.banesto.es

    O1 - Hosts: (null) banesnt.banesto.es

    O1 - Hosts: (null) activia.caixagalicia.es

    O1 - Hosts: (null) www.bancae.caixapenedes.com

    O1 - Hosts: (null) login.caixasabadell.net

    O1 - Hosts: (null) oii.cajamadrid.es

    O1 - Hosts: (null) login.cajamar.es

    O1 - Hosts: (null) login.ccm.es

    O1 - Hosts: (null) ww.unicaja.es

    O1 - Hosts: (null) www5.bancopopular.es

    O1 - Hosts: (null) ww3.bbvanet.com

    O1 - Hosts: (null) ww.bayernlb.de

    O1 - Hosts: (null) ww2
    .berliner-volksbank.de

    O1 - Hosts: (null) ww7.homebanking-berlin.de

    O1 - Hosts: (null) portal09.commerzbanking.de

    O1 - Hosts: (null) www.meine.deutsche-bank.de

    O1 - Hosts: (null) ww2.dresdner-privat.de

    O1 - Hosts: (null) ww.e-banking.helaba.de

    O1 - Hosts: (null) ww.hsh-nordbank.de

    O1 - Hosts: (null) www.my.hypovereinsbank.de

    O1 - Hosts: (null) ww3.homebanking-berlin.de

    O1 - Hosts: (null) ww3.homebanking-berlin.de

    O1 - Hosts: (null) www.banking.lbbw.de

    O1 - Hosts: (null) lrp.sparkasse-banking.de

    O1 - Hosts: (null) ww3.homebanking-niedersachsen.de

    O1 - Hosts: (null) www.onlinebanking.norisbank.de

    O1 - Hosts: (null) www.banking.postbank.de

    O1 - Hosts: (null) wvw.internetbanking.gad.de

    O1 - Hosts: (null) ww1.portal.izb.de

    O1 - Hosts: (null) wvw.kunden-service.lbs.de

    O1 - Hosts: (null) ibanking.seb.de

    O1 - Hosts: (null) bw7.sparkasse-banking.de

    O1 - Hosts: (null) ww2.homebanking-sparkasse.de

    O1 - Hosts: (null) ww2.vr-networld-ebanking.de

    O1 - Hosts: (null) ww.bics.fr

    O1 - Hosts: (null) www.co.caixabank.fr

    O1 - Hosts: (null) ww.creditmutuel.fr

    O1 - Hosts: (null) internetbank.intesabci.it

    O1 - Hosts: (null) ww.extensive.bancalombarda.it

    Supprime sa aussi:

    C:\Program Files\Trend Micro\PC-cillin 2002\PCCMAIN.EXE

    Supprime c'est fichier si tu les trouve! (en mode sans échec!)

    * C:\Windows\AD3.vbs
    * C:\Windows\System\Miss.vbs
    * C:\Windows\System\Kelly.vbs
    * C:\Windows\System\Rainbow.vbs
    * C:\Program Files\Norton AntiVirus\NMain.exe
    * C:\Program Files\Norton AntiVirus\NAVW32.EXE
    * C:\Program Files\Norton AntiVirus\Nsched32.exe
    * C:\Program Files\Symantec\LiveUpdate\LUAll.exe
    * C:\Program Files\AntiViral Toolkit Pro\Avpm.exe
    * C:\Program Files\Trend PC-cillin 98\PCCWIN98.exe
    * C:\Program Files\Trend PC-cillin 2000\Pccmain.exe
    * C:\Program Files\Trend PC-cillin 98 PLUS!\Pccwin98.exe

    1. Va dans ton registre==> exécuter et tape regedit! Sauvegarde ton registre avant!!

    3. Ouvre cette clef:
    HKEY_CURRENT_USER\Software\Microsoft\
    Windows\CurrentVersion\Run
    4. Supprime ces valeur si tu les trouve !

    AD3
    miss
    Kelly
    rainbow
    5. Ouvre cette clef:

    HKEY_LOCAL_MACHINE\Software\Microsoft\
    Windows\CurrentVersion\Run
    6. Supprime cette valeur

    AD3
    7. Ouvre cette clef
    HKEY_LOCAL_MACHINE\Software\Microsoft\
    Windows\CurrentVersion\RunServices
    8. Supprime sa si tu le trouve
    PCCIOMON.EXE
    9. Supprime ses clefs! si tu les trouve
    HKEY_CURRENT_USER\Software\Microsoft\Windows\
    CurrentVersion\Internet Settings\ProxyServer

    HKEY_CURRENT_USER\Software\
    Microsoft\Office\9.0\Word\Security\

    HKEY_LOCAL_MACHINE\Software\Microsoft\
    Windows\CurrentVersion\Network\Installed

    HKEY_LOCAL_MACHINE\Software\Microsoft\
    Windows\CurrentVersion\Network\LanMan\530\Path
    10. Quitte le registre et redémarre le pc!
    0
  2. coollfake Messages postés 57 Statut Membre 23
     
    Heu C:\Program Files\Trend PC-cillin 2000\Pccmain.exe c'est l'executable principal de PCcillin non?
    0
  3. joelabete Messages postés 126 Statut Membre 6
     
    Non c un virus!
    0
  4. joelabete Messages postés 126 Statut Membre 6
     
    fé une analyse antivirus avant de le supprimer
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. coollfake Messages postés 57 Statut Membre 23
     
    Voici le resultat de bitfender online scanner

    C:\WINDOWS\system32\dllcache\msxml32.dll

    Infecté par: Trojan.Banker.SN

    C:\WINDOWS\system32\dllcache\msxml32.dll

    Echec de la désinfection

    C:\WINDOWS\system32\dllcache\msxml32.dll

    Echec de la suppression
    0
  7. coollfake Messages postés 57 Statut Membre 23
     
    mon dernier log j'ai reussi a supprimer
    C:\WINDOWS\system32\dllcache\msxml32.dll en mode sans echec

    Logfile of HijackThis v1.99.1
    Scan saved at 14:35:54, on 30/07/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
    F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCMAIN.EXE
    F:\Program Files\a2 Free\a2start.exe
    F:\Program Files\a2 Free\a2scan.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\taskmgr.exe
    f:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
    F:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pc-cillin9.antivirus.com/en/90/PccReg/wcoRegister.asp?SN=PCEB%2D9995%2D7410%2D2629%2D5085&GUID=0103030603060101030B0304000633
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4544/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D22C7942-4958-4F2A-8C1A-E4BA605829AC}: NameServer = 213.36.80.1 65.254.52.240
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: MpService - Canon Inc. - f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

    je refais un scan en ligne a tout hazard
    0
  8. Utilisateur anonyme
     
    salut, tu l as telecharger ou ce hijack this?
    tu peux le supprimer et le re telecharger ici stp
    télécharge hijackthis ici:
    http://www.hijackthis.de/downloads/hijackthis_199.zip

    Dézippe le dans un dossier prévu a cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Lancez le puis:
    clic sur "do a system scan and save logfile" (cf demo)
    faire un copier coller du log entier sur le forum

    Démo : (merci a balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    Bon courage

    A+

    et dis moi ou en sont tes soucis
    0
  9. joelabete Messages postés 126 Statut Membre 6
     
    Désoler coollfake j'avais prix ppcmain pour un virus!
    ;-)
    0
  10. S!Ri Messages postés 932 Statut Contributeur sécurité 10
     
    Salut

    Joe, pourquoi tu fais supprimer ces cles ?

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    AD3
    miss
    Kelly
    rainbow
    
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    AD3
    
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
    PCCIOMON.EXE
    
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
    
    HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Word\Security\
    
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Network\Installed
    
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Network\LanMan\530\Path
    
    


    a+
    0
  11. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    salut ne fait rien de se qu il ta dit
    et joe je t est deja dit ne fait pas si tu c est pas
    tu lui vire son av et tu tape dans le registre sans dicernementcela suffit
    il faut ensuite ratrapper et cela nuit a la bonne appreciation de cette section et du forum en general
    0
  12. Utilisateur anonyme
     
    Moi perso j oses plus rien a dire :-(
    0
  13. coollfake Messages postés 57 Statut Membre 23
     
    j'ai telecharger hijackthis sur ce site http://pchelpbordeaux.free.fr/
    il s'agit de la version francaise v1.99.1

    j'ai regardé dans regedit mais n'est rien trouvé donc rien supprimé

    j'ai laissé Pccmain a sa place

    mon dernier log

    Logfile of HijackThis v1.99.1
    Scan saved at 23:36:08, on 30/07/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
    F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
    f:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
    F:\Program Files\TuneUp Utilities 2004\ProcessManager.exe
    C:\Program Files\SpamPal\spampal.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
    F:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pc-cillin9.antivirus.com/en/90/PccReg/wcoRegister.asp?SN=PCEB%2D9995%2D7410%2D2629%2D5085&GUID=0103030603060101030B0304000633
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4544/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D22C7942-4958-4F2A-8C1A-E4BA605829AC}: NameServer = 213.36.80.1 65.254.52.240
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: MpService - Canon Inc. - f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

    merci pour vos reponses
    0
  14. coollfake Messages postés 57 Statut Membre 23
     
    ok j'ai fixé O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    spybot n'a trouvé aucun mouchard

    a2 et ad-aware sont en cours de recherche

    clean-up m'a enlevé 1 GO de données , j'espere qu'il n'a rien oté de capital.
    0
  15. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    re
    non si tu la laisser par default ou mis sur standard
    il n y a aucun risque
    0
  16. coollfake Messages postés 57 Statut Membre 23
     
    voila g tout fait .

    Mon dernier log

    Logfile of HijackThis v1.99.1
    Scan saved at 12:48:13, on 31/07/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
    F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
    C:\Program Files\SpamPal\spampal.exe
    f:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    F:\Program Files\TuneUp Utilities 2004\ProcessManager.exe
    F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    F:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pc-cillin9.antivirus.com/en/90/PccReg/wcoRegister.asp?SN=PCEB%2D9995%2D7410%2D2629%2D5085&GUID=0103030603060101030B0304000633
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "F:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4544/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D22C7942-4958-4F2A-8C1A-E4BA605829AC}: NameServer = 213.36.80.1 65.254.52.240
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: MpService - Canon Inc. - f:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

    je pense que tout a ete nettoyé non?
    0
  17. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    oui ton log a l air bon
    0