Perte de privilèges admin
Résolu
fxs38
-
aranjuez31 Messages postés 8069 Statut Contributeur -
aranjuez31 Messages postés 8069 Statut Contributeur -
Bonjour a tous,
J'ai été infecté par le virus "nopir" et j'ai eu beaucoup de mal à m'en débarasser... Il me reste quand même quelques problèmes:
Je n'ai plus accès à la restauration système.
Lorsque je tente d'accèder au panneau de configuration il y a toujours une erreur système explorer.exe
De plus il m'est impossible d'installer windows xp sp2 car il me met "acess denied"
Quelqu'un peut-il m'aider SVP ??
Merci
J'ai été infecté par le virus "nopir" et j'ai eu beaucoup de mal à m'en débarasser... Il me reste quand même quelques problèmes:
Je n'ai plus accès à la restauration système.
Lorsque je tente d'accèder au panneau de configuration il y a toujours une erreur système explorer.exe
De plus il m'est impossible d'installer windows xp sp2 car il me met "acess denied"
Quelqu'un peut-il m'aider SVP ??
Merci
A voir également:
- Perte de privilèges admin
- Mot de passe admin - Guide
- Livebox admin - Guide
- Http //easy wifi.config admin - Forum WiFi
- Veuillez ouvrir une session avec les privilèges du gestionnaire ✓ - Forum Jeux vidéo
- Easywifi.config admin ✓ - Forum Réseau
5 réponses
bjr
ta config , stp ?
--------
charge, scan et COLLE rapport de
ewido (dowload)
http://www.ewido.net/fr/download/
---------
sp2 ne peut être installé que si ton ordi est super clean
--------
aprés ewido
http://telechargement.zebulon.fr/160-patch-francais-pour-hijackthis-1991.html
tutos
http://pageperso.aol.fr/balltrap34/Hijenr.gif
http://pageperso.aol.fr/balltrap34/demohijack.htm
ta config , stp ?
--------
charge, scan et COLLE rapport de
ewido (dowload)
http://www.ewido.net/fr/download/
---------
sp2 ne peut être installé que si ton ordi est super clean
--------
aprés ewido
http://telechargement.zebulon.fr/160-patch-francais-pour-hijackthis-1991.html
tutos
http://pageperso.aol.fr/balltrap34/Hijenr.gif
http://pageperso.aol.fr/balltrap34/demohijack.htm
+ rapport ewido :
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 19:23:03, 25/01/2006
+ Somme de contrôle: 405CC922
+ Résultats du scan:
HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{0F2A4ADC-DABF-4980-8DB4-19F67D7B1F95} -> Spyware.ClearSearch : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{2BDB4DA9-94FE-4034-AAC5-CEECDCB3A33B} -> Spyware.Adlogix : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{4D8E41A8-EC1F-4C53-A10D-9120232C71BB} -> Spyware.Adlogix : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{929BB4FA-0AF1-4A01-A0AE-023F4B421DA2} -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{BF5B2E01-73BF-4AE4-8198-A8745C3235F6} -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TypeLib\{1DD8DB5A-7EFC-48EC-8910-40A1AAA8D2F3} -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\VacPro.belgio_ver3 -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\WUSN.1 -> Spyware.SaveNow : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Nettoyer et sauvegarder
HKLM\SOFTWARE\pop -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
HKLM\SOFTWARE\pop\UpdateAgent -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000049-8F91-4D9C-9573-F016E7626484} -> Spyware.BetterInternet : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22B720C7-5FA6-40A8-9F8F-8584BF669690} -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D568F0F-8AC9-40AB-88B7-415134C78777} -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{52FE5233-367C-4EFB-BDD7-0BE4D212C107} -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6685509E-B47B-4F47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{999A06FF-10EF-4A29-8640-69E99882C26B} -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAAE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\_rtneg2 -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\_rtneg2\eeennn -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\_rtneg2\kkws -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\_rtneg2\ppops -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\_rtneg2\reel -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\_rtneg2\ssites -> Spyware.Begin2Search : Nettoyer et sauvegarder
C:\Documents and Settings\Biloute\Cookies\biloute@112.2o7[1].txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.11:C:\Documents and Settings\Jean Luc\Application Data\Mozilla\Firefox\Profiles\1eyfgifu.NovelL\cookies.txt -> Spyware.Cookie.Liveperson : Nettoyer et sauvegarder
:mozilla.13:C:\Documents and Settings\Jean Luc\Application Data\Mozilla\Firefox\Profiles\1eyfgifu.NovelL\cookies.txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder
:mozilla.14:C:\Documents and Settings\Jean Luc\Application Data\Mozilla\Firefox\Profiles\1eyfgifu.NovelL\cookies.txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\Jean Luc\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-6fd9f626-31954275.class -> Downloader.Small.wv : Nettoyer et sauvegarder
::Fin du rapport
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 19:23:03, 25/01/2006
+ Somme de contrôle: 405CC922
+ Résultats du scan:
HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{0F2A4ADC-DABF-4980-8DB4-19F67D7B1F95} -> Spyware.ClearSearch : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{2BDB4DA9-94FE-4034-AAC5-CEECDCB3A33B} -> Spyware.Adlogix : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{4D8E41A8-EC1F-4C53-A10D-9120232C71BB} -> Spyware.Adlogix : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{929BB4FA-0AF1-4A01-A0AE-023F4B421DA2} -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{BF5B2E01-73BF-4AE4-8198-A8745C3235F6} -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TypeLib\{1DD8DB5A-7EFC-48EC-8910-40A1AAA8D2F3} -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\VacPro.belgio_ver3 -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\WUSN.1 -> Spyware.SaveNow : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Nettoyer et sauvegarder
HKLM\SOFTWARE\pop -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
HKLM\SOFTWARE\pop\UpdateAgent -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000049-8F91-4D9C-9573-F016E7626484} -> Spyware.BetterInternet : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22B720C7-5FA6-40A8-9F8F-8584BF669690} -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D568F0F-8AC9-40AB-88B7-415134C78777} -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{52FE5233-367C-4EFB-BDD7-0BE4D212C107} -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6685509E-B47B-4F47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{999A06FF-10EF-4A29-8640-69E99882C26B} -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAAE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} -> Spyware.CoolWebSearch : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\_rtneg2 -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\_rtneg2\eeennn -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\_rtneg2\kkws -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\_rtneg2\ppops -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\_rtneg2\reel -> Spyware.Begin2Search : Nettoyer et sauvegarder
HKU\S-1-5-21-1645522239-1229272821-839522115-1004\Software\_rtneg2\ssites -> Spyware.Begin2Search : Nettoyer et sauvegarder
C:\Documents and Settings\Biloute\Cookies\biloute@112.2o7[1].txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.11:C:\Documents and Settings\Jean Luc\Application Data\Mozilla\Firefox\Profiles\1eyfgifu.NovelL\cookies.txt -> Spyware.Cookie.Liveperson : Nettoyer et sauvegarder
:mozilla.13:C:\Documents and Settings\Jean Luc\Application Data\Mozilla\Firefox\Profiles\1eyfgifu.NovelL\cookies.txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder
:mozilla.14:C:\Documents and Settings\Jean Luc\Application Data\Mozilla\Firefox\Profiles\1eyfgifu.NovelL\cookies.txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\Jean Luc\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-6fd9f626-31954275.class -> Downloader.Small.wv : Nettoyer et sauvegarder
::Fin du rapport
Nouveau log hijackthis après avoir fait ce que tu as demandé :
Logfile of HijackThis v1.99.1
Scan saved at 21:43:13, on 25/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Office keyboard utility\1.2\nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\WCMain.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02CBE8EC-B281-A8DA-5D15-C890FF507629} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C7F8A45-8B85-C946-A5C8-99BD0E1CFEC6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {81647099-2F20-4DB3-2758-6638DE9D720D} - (no file)
O2 - BHO: (no name) - {98945576-1D36-8A15-65CB-E9D9BB8D4D66} - (no file)
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Program Files\Browser mouse\1.2\mouse32a.exe
O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [wqezateudewvu] C:\WINDOWS\System32\qreytop.exe
O4 - HKLM\..\Run: [pcikjirt] C:\WINDOWS\system32\pcikjirt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sysmem] C:\Program Files\system prot\mmsete.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AnyDVD] :C:\Program Files\SlySoft1\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MoodBook] "C:\Program Files\MoodBook\mb.exe" /startup
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [LOSVietnam.exe] C:\DOCUME~1\JEANLU~1\MESDOC~1\Fx\Progs\LOSVIE~1.EXE /r
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Office10\OSA.EXE
O4 - Global Startup: Stardust Screen Saver Control 2003.lnk = C:\WINDOWS\SCMain.exe
O4 - Global Startup: Stardust Wallpaper Control 2003.lnk = C:\WINDOWS\WCMain.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C263E0C3-7044-4E16-9EA4-3B88541130BE}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: okusqtmbgylt (5) - Unknown owner - C:\WINDOWS\system32\5.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Ghostfiles Service (GHOSTFILES) - Unknown owner - C:\Program Files\Lowrie Associates Ltd\Ghostfiles Service\GFService.exe (file missing)
O23 - Service: Miscrosoft Updates Service 5 (MsUpdate5) - Unknown owner - C:\WINDOWS\system32\msupd5.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Office keyboard utility\1.2\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RapApp - Unknown owner - C:\Program Files\ISS\BlackICE\rapapp.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 21:43:13, on 25/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Office keyboard utility\1.2\nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\WCMain.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02CBE8EC-B281-A8DA-5D15-C890FF507629} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C7F8A45-8B85-C946-A5C8-99BD0E1CFEC6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {81647099-2F20-4DB3-2758-6638DE9D720D} - (no file)
O2 - BHO: (no name) - {98945576-1D36-8A15-65CB-E9D9BB8D4D66} - (no file)
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Program Files\Browser mouse\1.2\mouse32a.exe
O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [wqezateudewvu] C:\WINDOWS\System32\qreytop.exe
O4 - HKLM\..\Run: [pcikjirt] C:\WINDOWS\system32\pcikjirt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sysmem] C:\Program Files\system prot\mmsete.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AnyDVD] :C:\Program Files\SlySoft1\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MoodBook] "C:\Program Files\MoodBook\mb.exe" /startup
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [LOSVietnam.exe] C:\DOCUME~1\JEANLU~1\MESDOC~1\Fx\Progs\LOSVIE~1.EXE /r
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Office10\OSA.EXE
O4 - Global Startup: Stardust Screen Saver Control 2003.lnk = C:\WINDOWS\SCMain.exe
O4 - Global Startup: Stardust Wallpaper Control 2003.lnk = C:\WINDOWS\WCMain.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C263E0C3-7044-4E16-9EA4-3B88541130BE}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: okusqtmbgylt (5) - Unknown owner - C:\WINDOWS\system32\5.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Ghostfiles Service (GHOSTFILES) - Unknown owner - C:\Program Files\Lowrie Associates Ltd\Ghostfiles Service\GFService.exe (file missing)
O23 - Service: Miscrosoft Updates Service 5 (MsUpdate5) - Unknown owner - C:\WINDOWS\system32\msupd5.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Office keyboard utility\1.2\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RapApp - Unknown owner - C:\Program Files\ISS\BlackICE\rapapp.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voici le scan hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 19:18:02, on 25/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Office keyboard utility\1.2\nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\WINDOWS\SCMain.exe
C:\WINDOWS\WCMain.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\securitysuite.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02CBE8EC-B281-A8DA-5D15-C890FF507629} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C7F8A45-8B85-C946-A5C8-99BD0E1CFEC6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {81647099-2F20-4DB3-2758-6638DE9D720D} - C:\WINDOWS\system32\hmrvthej.dll (file missing)
O2 - BHO: (no name) - {98945576-1D36-8A15-65CB-E9D9BB8D4D66} - C:\WINDOWS\system32\lkcmohwi.dll (file missing)
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Program Files\Browser mouse\1.2\mouse32a.exe
O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [wqezateudewvu] C:\WINDOWS\System32\qreytop.exe
O4 - HKLM\..\Run: [pcikjirt] C:\WINDOWS\system32\pcikjirt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sysmem] C:\Program Files\system prot\mmsete.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AnyDVD] :C:\Program Files\SlySoft1\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CloneCDTray] :"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MoodBook] "C:\Program Files\MoodBook\mb.exe" /startup
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSSoft\RSEDNClient.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Office10\OSA.EXE
O4 - Global Startup: Stardust Screen Saver Control 2003.lnk = C:\WINDOWS\SCMain.exe
O4 - Global Startup: Stardust Wallpaper Control 2003.lnk = C:\WINDOWS\WCMain.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c32.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.fucam.ac.be/student%20corner/salles%20informatiques/msrdp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C263E0C3-7044-4E16-9EA4-3B88541130BE}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: okusqtmbgylt (5) - Unknown owner - C:\WINDOWS\system32\5.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Ghostfiles Service (GHOSTFILES) - Unknown owner - C:\Program Files\Lowrie Associates Ltd\Ghostfiles Service\GFService.exe (file missing)
O23 - Service: Miscrosoft Updates Service 5 (MsUpdate5) - Unknown owner - C:\WINDOWS\system32\msupd5.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Office keyboard utility\1.2\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RapApp - Unknown owner - C:\Program Files\ISS\BlackICE\rapapp.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
bon , ben , ya du boulot
-------
fixe ces lignes
rappel pour faire : http://pageperso.aol.fr/balltrap34/demohijack.htm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c32.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.fucam.ac.be/student%20corner/salles%20informatiques/msrdp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
+
O2 - BHO: (no name) - {02CBE8EC-B281-A8DA-5D15-C890FF507629} - (no file)
O2 - BHO: (no name) - {2C7F8A45-8B85-C946-A5C8-99BD0E1CFEC6} - (no file)
O2 - BHO: (no name) - {81647099-2F20-4DB3-2758-6638DE9D720D} - C:\WINDOWS\system32\hmrvthej.dll (file missing)
O2 - BHO: (no name) - {98945576-1D36-8A15-65CB-E9D9BB8D4D66} - O2 - BHO: (no name) - {81647099-2F20-4DB3-2758-6638DE9D720D} - C:\WINDOWS\system32\hmrvthej.dll (file missing)
O2 - BHO: (no name) - {98945576-1D36-8A15-65CB-E9D9BB8D4D66} - C:\WINDOWS\system32\lkcmohwi.dll (file missing)
\lkcmohwi.dll (file missing)
--------
va dans C:\WINDOWS\system32
et supprime
lkcmohwi.dll
hmrvthej.dll
ou fais rechercher pour les supprimer
---------
c est loin d être fini
mais j'vais bouffer
remets un hijack
---------
à + tard