Problème de popups! - Page 2

Résolu
Précédent
  • 1
  • 2
  1. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    hello
    pas sur que tu sois sorti d'affaire !
    remets un hijack
    0
  2. Raphaël
     
    OK! Je n'ai pas eu un seul pop up depuis ce matin en tout cas, ce qui est déjà pas mal...

    Logfile of HijackThis v1.99.1
    Scan saved at 17:47:47, on 5/03/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\system32\CTsvcCDA.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINNT\system32\hidserv.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\devldr32.exe
    C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    C:\WINNT\system32\igfxtray.exe
    C:\WINNT\system32\hkcmd.exe
    C:\WINNT\system32\CTHELPER.EXE
    C:\Program Files\Creative\News\NewsUpd.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINNT\system32\rundll32.exe
    C:\mousepad.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Ted1\LOCALS~1\Temp\Rar$EX00.740\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINNT\system32\fcyvt.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
    O4 - HKLM\..\Run: [Microsoft Internet Explorer] lEXPLORE.EXE
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [bxmon] rundll32.exe C:\WINNT\system32\bxmon.dll,start
    O4 - HKLM\..\Run: [tcsvc] rundll32.exe C:\WINNT\system32\tcsvc.dll,start
    O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
    O4 - HKLM\..\Run: [mousepad] C:\\mousepad.exe
    O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys.exe
    O4 - HKLM\..\RunServices: [Microsoft Internet Explorer] lEXPLORE.EXE
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140363643483
    O20 - Winlogon Notify: geecc - C:\WINNT\SYSTEM32\geecc.dll
    O20 - Winlogon Notify: Uninstall - C:\WINNT\system32\mv8ul9l91.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    0
  3. ben13010 Messages postés 3369 Statut Contributeur 387
     
    ce que voulais dire Aran , c'est que tu as des lignes infectées encore

    O20 - Winlogon Notify: geecc - C:\WINNT\SYSTEM32\geecc.dll
    O20 - Winlogon Notify: Uninstall - C:\WINNT\system32\mv8ul9l91.dll (file missing)

    et ca

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

    O4 - HKCU\..\Run: [internat.exe] internat.exe

    O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys.exe

    O4 - HKLM\..\RunServices: [Microsoft Internet Explorer] lEXPLORE.EXE
    0
  4. Raphaël
     
    OK! Voilà, je les ai fixés avec hijack... Voici le nouveau rapport... il a l'air propre, mon PC maintenant ?

    Logfile of HijackThis v1.99.1
    Scan saved at 20:05:10, on 5/03/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\system32\CTsvcCDA.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINNT\system32\hidserv.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\devldr32.exe
    C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    C:\WINNT\system32\igfxtray.exe
    C:\WINNT\system32\hkcmd.exe
    C:\WINNT\system32\CTHELPER.EXE
    C:\Program Files\Creative\News\NewsUpd.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINNT\system32\rundll32.exe
    C:\mousepad.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Program Files\eMule\emule.exe
    C:\DOCUME~1\Ted1\LOCALS~1\Temp\Rar$EX96.134\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINNT\system32\fcyvt.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
    O4 - HKLM\..\Run: [Microsoft Internet Explorer] lEXPLORE.EXE
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [bxmon] rundll32.exe C:\WINNT\system32\bxmon.dll,start
    O4 - HKLM\..\Run: [tcsvc] rundll32.exe C:\WINNT\system32\tcsvc.dll,start
    O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
    O4 - HKLM\..\Run: [mousepad] C:\\mousepad.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140363643483
    O20 - Winlogon Notify: geecc - C:\WINNT\SYSTEM32\geecc.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    re

    non ce n est pas bon
    où est ton pare-feu ?

    sans un vrai , on est là pour longtps, surtout que tu navigues sur du P2P !!

    version de IE obsoléte aussi !!
    faire màj pour être mieux protégé
    0
  7. ben13010 Messages postés 3369 Statut Contributeur 387
     
    O4 - HKLM\..\Run: [tcsvc] rundll32.exe C:\WINNT\system32\tcsvc.dll,start
    O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
    O4 - HKLM\..\Run: [mousepad] C:\\mousepad.exe
    0
Précédent
  • 1
  • 2