Pc qui deconne a pls endroit, spy,,,
Brad
-
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
salut :)
voila mon pc deconne, jai passé adware, spybot, ca enleve quelque dob et pis ca revient
en lancant IE6 , ca se referme , jai aussi une page demarage IE6 impossible a modifier
Merci pour vos lumieres :)
Logfile of HijackThis v1.99.1
Scan saved at 23:07:43, on 21/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\SYSTEM32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS2\System32\nvsvc32.exe
C:\WINDOWS2\system32\ZoneLabs\vsmon.exe
C:\WINDOWS2\SOUNDMAN.EXE
C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS2\System32\ctfmon.exe
C:\WINDOWS2\system32\atlsv32.exe
C:\WINDOWS2\system32\appok32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {69A7591F-A5FF-1397-0028-24CB9B405955} - C:\WINDOWS2\system32\msgg32.dll
O2 - BHO: (no name) - {CB994039-3FAC-4AE9-AAFB-7A1523DA63ED} - C:\WINDOWS2\System32\moplgc.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS2\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS2\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS2\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [netru.exe] C:\WINDOWS2\system32\netru.exe
O4 - HKLM\..\Run: [iphm.exe] C:\WINDOWS2\iphm.exe
O4 - HKLM\..\Run: [ipjh32.exe] C:\WINDOWS2\system32\ipjh32.exe
O4 - HKLM\..\Run: [netpc.exe] C:\WINDOWS2\netpc.exe
O4 - HKLM\..\Run: [apirt.exe] C:\WINDOWS2\apirt.exe
O4 - HKLM\..\Run: [addih32.exe] C:\WINDOWS2\addih32.exe
O4 - HKLM\..\Run: [netsz32.exe] C:\WINDOWS2\system32\netsz32.exe
O4 - HKLM\..\Run: [netix.exe] C:\WINDOWS2\netix.exe
O4 - HKLM\..\Run: [atleu.exe] C:\WINDOWS2\atleu.exe
O4 - HKLM\..\Run: [appok32.exe] C:\WINDOWS2\system32\appok32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://abcdelasecurite.free.fr/scan/Msie/bitdefender.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by106fd.bay106.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5E354EC-2DAD-4584-B674-D0915A234ECC}: NameServer = 80.118.196.36 80.118.192.100
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS2\system32\atlsv32.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS2\system32\ZoneLabs\vsmon.exe
voila mon pc deconne, jai passé adware, spybot, ca enleve quelque dob et pis ca revient
en lancant IE6 , ca se referme , jai aussi une page demarage IE6 impossible a modifier
Merci pour vos lumieres :)
Logfile of HijackThis v1.99.1
Scan saved at 23:07:43, on 21/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\SYSTEM32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS2\System32\nvsvc32.exe
C:\WINDOWS2\system32\ZoneLabs\vsmon.exe
C:\WINDOWS2\SOUNDMAN.EXE
C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS2\System32\ctfmon.exe
C:\WINDOWS2\system32\atlsv32.exe
C:\WINDOWS2\system32\appok32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {69A7591F-A5FF-1397-0028-24CB9B405955} - C:\WINDOWS2\system32\msgg32.dll
O2 - BHO: (no name) - {CB994039-3FAC-4AE9-AAFB-7A1523DA63ED} - C:\WINDOWS2\System32\moplgc.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS2\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS2\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS2\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [netru.exe] C:\WINDOWS2\system32\netru.exe
O4 - HKLM\..\Run: [iphm.exe] C:\WINDOWS2\iphm.exe
O4 - HKLM\..\Run: [ipjh32.exe] C:\WINDOWS2\system32\ipjh32.exe
O4 - HKLM\..\Run: [netpc.exe] C:\WINDOWS2\netpc.exe
O4 - HKLM\..\Run: [apirt.exe] C:\WINDOWS2\apirt.exe
O4 - HKLM\..\Run: [addih32.exe] C:\WINDOWS2\addih32.exe
O4 - HKLM\..\Run: [netsz32.exe] C:\WINDOWS2\system32\netsz32.exe
O4 - HKLM\..\Run: [netix.exe] C:\WINDOWS2\netix.exe
O4 - HKLM\..\Run: [atleu.exe] C:\WINDOWS2\atleu.exe
O4 - HKLM\..\Run: [appok32.exe] C:\WINDOWS2\system32\appok32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://abcdelasecurite.free.fr/scan/Msie/bitdefender.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by106fd.bay106.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5E354EC-2DAD-4584-B674-D0915A234ECC}: NameServer = 80.118.196.36 80.118.192.100
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS2\system32\atlsv32.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS2\system32\ZoneLabs\vsmon.exe
A voir également:
- Pc qui deconne a pls endroit, spy,,,
- Pc qui rame - Guide
- Remettre a zero un pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Remettre l'ecran a l'endroit - Guide
- Double ecran pc - Guide
11 réponses
salut fais démarrrer->exécuter-> taper services.msc
recherche s'il y a un service dénommé : "Network Security Service".
Double clique "Network Security Service"
Mets-le en "désactivé" et bien sûr "arrêté"->"Appliquer".
Ensuite ferme Internet Explorer, relance HijackThis, coches ces lignes puis fais fix checked:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {69A7591F-A5FF-1397-0028-24CB9B405955} - C:\WINDOWS2\system32\msgg32.dll
O2 - BHO: (no name) - {CB994039-3FAC-4AE9-AAFB-7A1523DA63ED} - C:\WINDOWS2\System32\moplgc.dll (file missing)
O4 - HKLM\..\Run: [netru.exe] C:\WINDOWS2\system32\netru.exe
O4 - HKLM\..\Run: [iphm.exe] C:\WINDOWS2\iphm.exe
O4 - HKLM\..\Run: [ipjh32.exe] C:\WINDOWS2\system32\ipjh32.exe
O4 - HKLM\..\Run: [netpc.exe] C:\WINDOWS2\netpc.exe
O4 - HKLM\..\Run: [apirt.exe] C:\WINDOWS2\apirt.exe
O4 - HKLM\..\Run: [addih32.exe] C:\WINDOWS2\addih32.exe
O4 - HKLM\..\Run: [netsz32.exe] C:\WINDOWS2\system32\netsz32.exe
O4 - HKLM\..\Run: [netix.exe] C:\WINDOWS2\netix.exe
O4 - HKLM\..\Run: [atleu.exe] C:\WINDOWS2\atleu.exe
O4 - HKLM\..\Run: [appok32.exe] C:\WINDOWS2\system32\appok32.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS2\system32\atlsv32.exe
ensuite recherche et supprime les fichier en gras :
O4 - HKLM\..\Run: [netru.exe] C:\WINDOWS2\system32\netru.exe
O4 - HKLM\..\Run: [iphm.exe] C:\WINDOWS2\iphm.exe
O4 - HKLM\..\Run: [ipjh32.exe] C:\WINDOWS2\system32\ipjh32.exe
O4 - HKLM\..\Run: [netpc.exe] C:\WINDOWS2\netpc.exe
O4 - HKLM\..\Run: [apirt.exe] C:\WINDOWS2\apirt.exe
O4 - HKLM\..\Run: [addih32.exe] C:\WINDOWS2\addih32.exe
O4 - HKLM\..\Run: [netsz32.exe] C:\WINDOWS2\system32\netsz32.exe
O4 - HKLM\..\Run: [netix.exe] C:\WINDOWS2\netix.exe
O4 - HKLM\..\Run: [atleu.exe] C:\WINDOWS2\atleu.exe
O4 - HKLM\..\Run: [appok32.exe] C:\WINDOWS2\system32\appok32.exe
supprime les fichier temporaire :
Demarrer/paneau de configuration/option internet/suprimer fichier temporaaire apres une petite fentre s'ouvre tu coche "suprimer tout le contenu hors connexion" supprime aussi les "cookies"
lance les antispyware ( adware/ spybot... pense a les mettre ajour avant )
telecharge Edwido et execute si tu ne l'as pas deja
http://download.ewido.net/ewido-setup.exe
redemare refait un scan ...
@++++
recherche s'il y a un service dénommé : "Network Security Service".
Double clique "Network Security Service"
Mets-le en "désactivé" et bien sûr "arrêté"->"Appliquer".
Ensuite ferme Internet Explorer, relance HijackThis, coches ces lignes puis fais fix checked:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {69A7591F-A5FF-1397-0028-24CB9B405955} - C:\WINDOWS2\system32\msgg32.dll
O2 - BHO: (no name) - {CB994039-3FAC-4AE9-AAFB-7A1523DA63ED} - C:\WINDOWS2\System32\moplgc.dll (file missing)
O4 - HKLM\..\Run: [netru.exe] C:\WINDOWS2\system32\netru.exe
O4 - HKLM\..\Run: [iphm.exe] C:\WINDOWS2\iphm.exe
O4 - HKLM\..\Run: [ipjh32.exe] C:\WINDOWS2\system32\ipjh32.exe
O4 - HKLM\..\Run: [netpc.exe] C:\WINDOWS2\netpc.exe
O4 - HKLM\..\Run: [apirt.exe] C:\WINDOWS2\apirt.exe
O4 - HKLM\..\Run: [addih32.exe] C:\WINDOWS2\addih32.exe
O4 - HKLM\..\Run: [netsz32.exe] C:\WINDOWS2\system32\netsz32.exe
O4 - HKLM\..\Run: [netix.exe] C:\WINDOWS2\netix.exe
O4 - HKLM\..\Run: [atleu.exe] C:\WINDOWS2\atleu.exe
O4 - HKLM\..\Run: [appok32.exe] C:\WINDOWS2\system32\appok32.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS2\system32\atlsv32.exe
ensuite recherche et supprime les fichier en gras :
O4 - HKLM\..\Run: [netru.exe] C:\WINDOWS2\system32\netru.exe
O4 - HKLM\..\Run: [iphm.exe] C:\WINDOWS2\iphm.exe
O4 - HKLM\..\Run: [ipjh32.exe] C:\WINDOWS2\system32\ipjh32.exe
O4 - HKLM\..\Run: [netpc.exe] C:\WINDOWS2\netpc.exe
O4 - HKLM\..\Run: [apirt.exe] C:\WINDOWS2\apirt.exe
O4 - HKLM\..\Run: [addih32.exe] C:\WINDOWS2\addih32.exe
O4 - HKLM\..\Run: [netsz32.exe] C:\WINDOWS2\system32\netsz32.exe
O4 - HKLM\..\Run: [netix.exe] C:\WINDOWS2\netix.exe
O4 - HKLM\..\Run: [atleu.exe] C:\WINDOWS2\atleu.exe
O4 - HKLM\..\Run: [appok32.exe] C:\WINDOWS2\system32\appok32.exe
supprime les fichier temporaire :
Demarrer/paneau de configuration/option internet/suprimer fichier temporaaire apres une petite fentre s'ouvre tu coche "suprimer tout le contenu hors connexion" supprime aussi les "cookies"
lance les antispyware ( adware/ spybot... pense a les mettre ajour avant )
telecharge Edwido et execute si tu ne l'as pas deja
http://download.ewido.net/ewido-setup.exe
redemare refait un scan ...
@++++
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Logfile of HijackThis v1.99.1
Scan saved at 22:48:09, on 22/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\SYSTEM32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS2\SOUNDMAN.EXE
C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS2\System32\nvsvc32.exe
C:\WINDOWS2\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Opera75\opera.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS2\System32\ctfmon.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS2\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS2\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS2\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://abcdelasecurite.free.fr/scan/Msie/bitdefender.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by106fd.bay106.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5E354EC-2DAD-4584-B674-D0915A234ECC}: NameServer = 80.118.192.112 80.118.196.42
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS2\system32\ZoneLabs\vsmon.exe
Scan saved at 22:48:09, on 22/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\SYSTEM32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS2\SOUNDMAN.EXE
C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS2\System32\nvsvc32.exe
C:\WINDOWS2\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Opera75\opera.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS2\System32\ctfmon.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS2\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS2\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS2\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://abcdelasecurite.free.fr/scan/Msie/bitdefender.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by106fd.bay106.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5E354EC-2DAD-4584-B674-D0915A234ECC}: NameServer = 80.118.192.112 80.118.196.42
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS2\system32\ZoneLabs\vsmon.exe
oki cela veut dire que weido s occupe des
C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
a suivre apres plusieurs redemarrage
C:\WINDOWS2\system32\trrmp.dll/sp.html#17702
a suivre apres plusieurs redemarrage
oui apparement mais je pense que la vrai soluce c'est de supprimer le service "Network Security Service"
@+++++++
@+++++++
