searchweb2 hijack persistent Résolu/Fermé

Question

Bonjour a tousComme pas mal demonde j'ai ungros probleme avec ce "searchweb2" qui neveut pas partir de ma page d'acceuil et sa toolbar...G tout éssayé spybot, adware, spywaredoctor, cwshredder, hijackthis (je vais mettre ce qu'il me met plus loin) et registrar lite. G utilisé des antivirus aussi avast, on line g utilisé trend, secuser..... mais le probleme persiste!!! et JEN AI VRAIMENT MARRE aidez moi s'il vous plait (meme si ca vous plait pas d'ailleur ;-))Hijackthis :Logfile of HijackThis v1.99.1Scan saved at 10:52:10, on 15/10/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\AMD\PowerNow!\GemServ.exeC:\Program Files\AMD\PowerNow!\gemback.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\slserv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wdfmgr.exeC:\WINDOWS\System32\UAService7.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Spyware Doctor\swdoctor.exec:\progra~1\intern~1\iexplore.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Nordine\Bureau\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cxckdsxtqblqsteqkiha.us/saAwlO0M/3DDkr_Q1jo2tv1DvgrY2AZpMHaMMptXvD7urw83IqfKb7uazN6AkA5t.jpgR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.frO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1	ools\iesdsg.dllO2 - BHO: (no name) - {909AAD29-20D7-11B7-D225-456DE2BD3ADC} - C:\DOCUME~1\Nordine\APPLIC~1\Bonenew\JUMPDEFY.exeO2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1	ools\iesdpb.dllO2 - BHO: (no name) - {CB59588F-BD09-15EF-841C-5E8B2668A210} - C:\DOCUME~1\Nordine\APPLIC~1\Bonenew\JUMPDEFY.exeO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [Network Host Service] msmnart32.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeO4 - HKLM\..\Run: [hold delete curb file] C:\Documents and Settings\All Users\Application Data\Locks Remote Hold Delete\Buildmags.exeO4 - HKLM\..\Run: [axischic16grid] C:\Documents and Settings\All Users\Application Data\Clock flag axis chic\heart funk.exeO4 - HKLM\..\RunServices: [Network Host Service] msmnart32.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [flawview] C:\DOCUME~1\Nordine\APPLIC~1\CLOCKI~1\hopechin.exeO4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /QO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1	ools\iesdpb.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{987E75C0-7504-41CE-ADB0-F7DC965EB4FC}: NameServer = 80.118.192.111 80.118.196.41O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\PowerNow!\GemServ.exeO23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exeO23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exemmeeeeeeeeerrrrrrrrrrrrrccccccccccccciiiiiiiiiiiiiii!!!!!!!!!

boulepate · Answer

Salut,tu peux fixer ceci:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cxckdsxtqblqsteqkiha.us/saAwlO0M/3DDkr_Q1jo2tv1DvgrY2AZpMHaMMptXvD7urw83IqfKb7uazN6AkA5t.jpg O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1	ools\iesdsg.dll O2 - BHO: (no name) - {909AAD29-20D7-11B7-D225-456DE2BD3ADC} - C:\DOCUME~1\Nordine\APPLIC~1\Bonenew\JUMPDEFY.exe O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1	ools\iesdpb.dll O2 - BHO: (no name) - {CB59588F-BD09-15EF-841C-5E8B2668A210} - C:\DOCUME~1\Nordine\APPLIC~1\Bonenew\JUMPDEFY.exe O4 - HKLM\..\Run: [hold delete curb file] C:\Documents and Settings\All Users\Application Data\Locks Remote Hold Delete\Buildmags.exe puis vas dans poste de travail, program files et supprime les dossier au nom de PCTools Browser Monitor et vàs voir dans ajouter/supprimer des programmes.

Utilisateur anonyme · Answer

j ai un remord, lolmeme si ton soucis est reparé, il reste un ver il me semble ...allez, remet moi un log hijack thisa+

BmV · Answer

On continue ici http://www.commentcamarche.net/forum/affich-1853722-searchweb2-en-page-d-%23039-accueil svp.Merci !

Searchweb2 hijack persistent

3 réponses

Discussions similaires