Searchweb2 hijack persistent
Résolu/Fermé
boubou
-
BmV Messages postés 98724 Date d'inscription Statut Modérateur Dernière intervention -
BmV Messages postés 98724 Date d'inscription Statut Modérateur Dernière intervention -
Bonjour a tous
Comme pas mal demonde j'ai ungros probleme avec ce "searchweb2" qui neveut pas partir de ma page d'acceuil et sa toolbar...
G tout éssayé spybot, adware, spywaredoctor, cwshredder, hijackthis (je vais mettre ce qu'il me met plus loin) et registrar lite. G utilisé des antivirus aussi avast, on line g utilisé trend, secuser..... mais le probleme persiste!!! et JEN AI VRAIMENT MARRE aidez moi s'il vous plait (meme si ca vous plait pas d'ailleur ;-))
Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 10:52:10, on 15/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AMD\PowerNow!\GemServ.exe
C:\Program Files\AMD\PowerNow!\gemback.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\swdoctor.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nordine\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cxckdsxtqblqsteqkiha.us/saAwlO0M/3DDkr_Q1jo2tv1DvgrY2AZpMHaMMptXvD7urw83IqfKb7uazN6AkA5t.jpg
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {909AAD29-20D7-11B7-D225-456DE2BD3ADC} - C:\DOCUME~1\Nordine\APPLIC~1\Bonenew\JUMPDEFY.exe
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {CB59588F-BD09-15EF-841C-5E8B2668A210} - C:\DOCUME~1\Nordine\APPLIC~1\Bonenew\JUMPDEFY.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Network Host Service] msmnart32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [hold delete curb file] C:\Documents and Settings\All Users\Application Data\Locks Remote Hold Delete\Buildmags.exe
O4 - HKLM\..\Run: [axischic16grid] C:\Documents and Settings\All Users\Application Data\Clock flag axis chic\heart funk.exe
O4 - HKLM\..\RunServices: [Network Host Service] msmnart32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [flawview] C:\DOCUME~1\Nordine\APPLIC~1\CLOCKI~1\hopechin.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{987E75C0-7504-41CE-ADB0-F7DC965EB4FC}: NameServer = 80.118.192.111 80.118.196.41
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\PowerNow!\GemServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
mmeeeeeeeeerrrrrrrrrrrrrccccccccccccciiiiiiiiiiiiiii!!!!!!!!!
Comme pas mal demonde j'ai ungros probleme avec ce "searchweb2" qui neveut pas partir de ma page d'acceuil et sa toolbar...
G tout éssayé spybot, adware, spywaredoctor, cwshredder, hijackthis (je vais mettre ce qu'il me met plus loin) et registrar lite. G utilisé des antivirus aussi avast, on line g utilisé trend, secuser..... mais le probleme persiste!!! et JEN AI VRAIMENT MARRE aidez moi s'il vous plait (meme si ca vous plait pas d'ailleur ;-))
Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 10:52:10, on 15/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AMD\PowerNow!\GemServ.exe
C:\Program Files\AMD\PowerNow!\gemback.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\swdoctor.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nordine\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cxckdsxtqblqsteqkiha.us/saAwlO0M/3DDkr_Q1jo2tv1DvgrY2AZpMHaMMptXvD7urw83IqfKb7uazN6AkA5t.jpg
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {909AAD29-20D7-11B7-D225-456DE2BD3ADC} - C:\DOCUME~1\Nordine\APPLIC~1\Bonenew\JUMPDEFY.exe
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {CB59588F-BD09-15EF-841C-5E8B2668A210} - C:\DOCUME~1\Nordine\APPLIC~1\Bonenew\JUMPDEFY.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Network Host Service] msmnart32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [hold delete curb file] C:\Documents and Settings\All Users\Application Data\Locks Remote Hold Delete\Buildmags.exe
O4 - HKLM\..\Run: [axischic16grid] C:\Documents and Settings\All Users\Application Data\Clock flag axis chic\heart funk.exe
O4 - HKLM\..\RunServices: [Network Host Service] msmnart32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [flawview] C:\DOCUME~1\Nordine\APPLIC~1\CLOCKI~1\hopechin.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{987E75C0-7504-41CE-ADB0-F7DC965EB4FC}: NameServer = 80.118.192.111 80.118.196.41
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\PowerNow!\GemServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
mmeeeeeeeeerrrrrrrrrrrrrccccccccccccciiiiiiiiiiiiiii!!!!!!!!!
A voir également:
- Searchweb2 hijack persistent
- Hijack this - Télécharger - Antivirus & Antimalwares
- Audio hijack pro - Télécharger - Création musicale
- Lenteur - Rapport Hijack this - Forum Virus
- Analyse de rapport hijack this - Forum Virus
- Igfxtray et igfxpers : résultats hijack ✓ - Forum Virus
3 réponses
Salut,
tu peux fixer ceci:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cxckdsxtqblqsteqkiha.us/saAwlO0M/3DDkr_Q1jo2tv1DvgrY2AZpMHaMMptXvD7urw83IqfKb7uazN6AkA5t.jpg
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {909AAD29-20D7-11B7-D225-456DE2BD3ADC} - C:\DOCUME~1\Nordine\APPLIC~1\Bonenew\JUMPDEFY.exe
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {CB59588F-BD09-15EF-841C-5E8B2668A210} - C:\DOCUME~1\Nordine\APPLIC~1\Bonenew\JUMPDEFY.exe
O4 - HKLM\..\Run: [hold delete curb file] C:\Documents and Settings\All Users\Application Data\Locks Remote Hold Delete\Buildmags.exe
puis vas dans poste de travail, program files et supprime les dossier au nom de PCTools Browser Monitor et vàs voir dans ajouter/supprimer des programmes.
tu peux fixer ceci:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cxckdsxtqblqsteqkiha.us/saAwlO0M/3DDkr_Q1jo2tv1DvgrY2AZpMHaMMptXvD7urw83IqfKb7uazN6AkA5t.jpg
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {909AAD29-20D7-11B7-D225-456DE2BD3ADC} - C:\DOCUME~1\Nordine\APPLIC~1\Bonenew\JUMPDEFY.exe
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {CB59588F-BD09-15EF-841C-5E8B2668A210} - C:\DOCUME~1\Nordine\APPLIC~1\Bonenew\JUMPDEFY.exe
O4 - HKLM\..\Run: [hold delete curb file] C:\Documents and Settings\All Users\Application Data\Locks Remote Hold Delete\Buildmags.exe
puis vas dans poste de travail, program files et supprime les dossier au nom de PCTools Browser Monitor et vàs voir dans ajouter/supprimer des programmes.
boubou
merci beaucoup ca rame déjà moins et je né plus la pagesearchweb2 merci encore
j ai un remord, lol
meme si ton soucis est reparé, il reste un ver il me semble ...
allez, remet moi un log hijack this
a+
meme si ton soucis est reparé, il reste un ver il me semble ...
allez, remet moi un log hijack this
a+
On continue ici http://www.commentcamarche.net/forum/affich-1853722-searchweb2-en-page-d-%23039-accueil svp.
Merci !
Merci !
