De nombreux virus hijackthis à vérifier svp

chr3 Messages postés 31 Statut Membre -  
chr3 Messages postés 31 Statut Membre -
Bonjour,

depuis que j'ai allumé mon ordi ce matin j'ai pleins de virus qui arrive et je n'arrive pas à les supprimer, est-ce que quelqu'un pourrait m'aider svp. merci d'avance. voici mon hijachthis :

Logfile of HijackThis v1.99.1
Scan saved at 12:20:22, on 24/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\lefief\Mes documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.numericable.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.numericable.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par NUMERICABLE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7A1B7D1E-77C7-C16A-B76C-70C87701EC30} - C:\DOCUME~1\lefief\APPLIC~1\Dataadmin\Grey Bleh.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [2 atom find enc] C:\Documents and Settings\All Users\Application Data\basehelp2atom\Junk For.exe
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\system32\hgqhp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [Insidecdrom] C:\DOCUME~1\lefief\APPLIC~1\Dash Mpeg Fast\softheartmp3.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Fr\Felix2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http:\\www.numericable.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{86CF9709-BEB4-49F9-8031-E67169271794}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8489838-9A59-4621-9A37-0568657364DC}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Configuration: système d'exploitation XP PRO

7 réponses

  1. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Salut,

    T'es profondément infecté.

    Commence par faire ceci :

    1/
    Si tu n'en n'a pas, télécharge un firewall.
    Par exemple, la version GRATUITE de ZoneAlarm® : http://www.zonelabs.com/store/content/company/products/znalm/freeDownload2.jsp?dc=34std&ctry=FR&lang=fr
    Tutorial là : http://forum.telecharger.01net.com/microhebdo/questions_techniques_diverses/securite/tutorial_zonealarm-323293/messages-1.html

    2/ Télécharge et scanne ton PC avec Ewido Security Suite : http://www.01net.com/telecharger/windows/Utilitaire/antivirus/fiches/31851.html
    Copie/colle le rapport entier sur le forum.

    3/ Scanne ton PC avec cet antivirus en ligne :
    http://www.bitdefender.com/scan8/ie.html
    Clique sur "I Agree" et scanne tout le PC.
    Pense à accepter l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).
    Copie/colle le rapport entier sur le forum.

    3/ Remets un log HijackThis.

    Bonne chance.

    ++
    0
    1. chr3 Messages postés 31 Statut Membre
       
      voici le rapport de ewido :

      ewido anti-malware - Rapport de scan
      ---------------------------------------------------------

      + Créé le: 13:40:05, 24/03/2006
      + Somme de contrôle: C286653C

      + Résultats du scan:

      HKU\S-1-5-21-2000478354-1450960922-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Nettoyer et sauvegarder
      [684] C:\DOCUME~1\lefief\APPLIC~1\Dataadmin\Grey Bleh.exe -> Downloader.Swizzor.bo : Nettoyer et sauvegarder
      [1844] VM_003B0000 -> Downloader.Agent.tc : Erreur durant le nettoyage
      [2988] C:\DOCUME~1\lefief\APPLIC~1\Dataadmin\Grey Bleh.exe -> Downloader.Swizzor.bo : Erreur durant le nettoyage
      [4084] C:\DOCUME~1\lefief\APPLIC~1\Dataadmin\Grey Bleh.exe -> Downloader.Swizzor.bo : Erreur durant le nettoyage
      C:\Documents and Settings\lefief\Cookies\lefief@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
      C:\Documents and Settings\lefief\Cookies\lefief@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
      C:\Documents and Settings\lefief\Cookies\lefief@com[1].txt -> TrackingCookie.Com : Nettoyer et sauvegarder
      C:\Documents and Settings\lefief\Cookies\lefief@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
      C:\Documents and Settings\lefief\Cookies\lefief@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
      C:\Documents and Settings\lefief\Cookies\lefief@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
      C:\Documents and Settings\lefief\Cookies\lefief@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
      C:\Documents and Settings\lefief\Cookies\lefief@wreport.weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
      C:\Documents and Settings\lefief\Cookies\lefief@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\856J05IZ\ErrorSafeScannerInstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.Agent.d : Nettoyer et sauvegarder
      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\CUQX2GM7\ErrorSafeScannerInstallFR[1].cab/UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Nettoyer et sauvegarder
      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\JNDBRLWW\ErrorSafeScannerInstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.Agent.d : Nettoyer et sauvegarder
      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\adv625[1].htm -> Not-A-Virus.Exploit.HTML.Mht : Nettoyer et sauvegarder
      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\xml[1].htm -> Downloader.Cobase.d : Nettoyer et sauvegarder
      C:\Documents and Settings\lefief\Mes documents\hijackthis.zip/backups/backup-20050403-223344-486.dll -> Hijacker.StartPage.ix : Nettoyer et sauvegarder


      ::Fin du rapport
      0
    2. chr3 Messages postés 31 Statut Membre
       
      voici le rapport de l'antivirus en ligne :

      BitDefender Online Scanner



      Scan report generated at: Fri, Mar 24, 2006 - 15:05:26





      Scan path: C:\;E:\;F:\;







      Statistics

      Time
      01:20:04

      Files
      418833

      Folders
      4098

      Boot Sectors
      2

      Archives
      2050

      Packed Files
      34438




      Results

      Identified Viruses
      8

      Infected Files
      24

      Suspect Files
      1

      Warnings
      0

      Disinfected
      0

      Deleted Files
      25




      Engines Info

      Virus Definitions
      329905

      Engine build
      AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

      Scan plugins
      13

      Archive plugins
      39

      Unpack plugins
      4

      E-mail plugins
      6

      System plugins
      1




      Scan Settings

      First Action
      Disinfect

      Second Action
      Delete

      Heuristics
      Yes

      Enable Warnings
      Yes

      Scanned Extensions
      *;

      Exclude Extensions


      Scan Emails
      Yes

      Scan Archives
      Yes

      Scan Packed
      Yes

      Scan Files
      Yes

      Scan Boot
      Yes




      Scanned File
      Status

      C:\Documents and Settings\lefief\Application Data\Dash Mpeg Fast\Move show bike.exe
      Infected with: Trojan.Swizzor.DH

      C:\Documents and Settings\lefief\Application Data\Dash Mpeg Fast\Move show bike.exe
      Disinfection failed

      C:\Documents and Settings\lefief\Application Data\Dash Mpeg Fast\Move show bike.exe
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\37BBFSL1\movie[1].htm
      Infected with: Exploit.Html.Codebase.Exec.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\37BBFSL1\movie[1].htm
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\37BBFSL1\movie[1].htm
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\5[1].htm
      Suspected of: Exploit.ADODB.Stream.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\5[1].htm
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\5[1].htm
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[10].ani
      Infected with: Exploit.Win32.MS05-002.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[10].ani
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[10].ani
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[1].ani
      Infected with: Exploit.Win32.MS05-002.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[1].ani
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[1].ani
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[2].ani
      Infected with: Exploit.Win32.MS05-002.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[2].ani
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[2].ani
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[3].ani
      Infected with: Exploit.Win32.MS05-002.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[3].ani
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[3].ani
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[4].ani
      Infected with: Exploit.Win32.MS05-002.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[4].ani
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[4].ani
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[5].ani
      Infected with: Exploit.Win32.MS05-002.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[5].ani
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[5].ani
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[6].ani
      Infected with: Exploit.Win32.MS05-002.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[6].ani
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[6].ani
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[7].ani
      Infected with: Exploit.Win32.MS05-002.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[7].ani
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[7].ani
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[8].ani
      Infected with: Exploit.Win32.MS05-002.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[8].ani
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[8].ani
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[9].ani
      Infected with: Exploit.Win32.MS05-002.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[9].ani
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[9].ani
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[1].htm
      Infected with: Exploit.IECrashJS2.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[1].htm
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[1].htm
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[2].htm
      Infected with: Exploit.IECrashJS2.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[2].htm
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[2].htm
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[3].htm
      Infected with: Exploit.IECrashJS2.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[3].htm
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[3].htm
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[4].htm
      Infected with: Exploit.IECrashJS2.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[4].htm
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[4].htm
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[5].htm
      Infected with: Exploit.IECrashJS2.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[5].htm
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[5].htm
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[6].htm
      Infected with: Exploit.IECrashJS2.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[6].htm
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[6].htm
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[7].htm
      Infected with: Exploit.IECrashJS2.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[7].htm
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[7].htm
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[8].htm
      Infected with: Exploit.IECrashJS2.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[8].htm
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[8].htm
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\wow[1].htm
      Infected with: Exploit.Html.MhtRedir.Gen

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\wow[1].htm
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\wow[1].htm
      Deleted

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\x2[1].htm
      Infected with: JS.Dword.dropper

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\x2[1].htm
      Disinfection failed

      C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\x2[1].htm
      Deleted

      C:\ms32.sys
      Infected with: Trojan.Downloader.Small.NF

      C:\ms32.sys
      Disinfection failed

      C:\ms32.sys
      Deleted

      C:\Program Files\Adv\install.exe
      Infected with: Trojan.Lopad.K

      C:\Program Files\Adv\install.exe
      Disinfection failed

      C:\Program Files\Adv\install.exe
      Deleted
      0
  2. chr3 Messages postés 31 Statut Membre
     
    et voici mon nouvel hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 15:12:29, on 24/03/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\qttask.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\lclock.exe
    C:\Program Files\Skype\Phone\Skype.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Documents and Settings\lefief\Mes documents\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.numericable.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.numericable.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par NUMERICABLE
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7A1B7D1E-77C7-C16A-B76C-70C87701EC30} - C:\DOCUME~1\lefief\APPLIC~1\Dataadmin\Grey Bleh.exe (file missing)
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [2 atom find enc] C:\Documents and Settings\All Users\Application Data\basehelp2atom\Junk For.exe
    O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\system32\hgqhp.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LClock] lclock.exe
    O4 - HKCU\..\Run: [Insidecdrom] C:\DOCUME~1\lefief\APPLIC~1\Dash Mpeg Fast\softheartmp3.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Fr\Felix2.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http:\\www.numericable.fr
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
    O17 - HKLM\System\CCS\Services\Tcpip\..\{86CF9709-BEB4-49F9-8031-E67169271794}: NameServer = 85.255.115.38,85.255.112.152
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D8489838-9A59-4621-9A37-0568657364DC}: NameServer = 85.255.115.38,85.255.112.152
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    0
  3. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Bonjour chr3,

    Effectue bien mes prescriptions dans l'ordre, c'est important.

    1/ Je te répète, installe obligatoirement un firewall si tu n'en as pas (cf. message < 1 >).

    2/ Ensuite, il faut absolument régler la question de MSN.

    Désinstalle impérativement MessengerPlus! 3 car c'est une fontaine de spyware !

    Aussi, quand tu as installé MSN, as-tu pris le soin de cocher ceci : http://theroot.chez-alice.fr/imgs/tuto/msgplus.jpg ?

    Si tu as accepté les sponsors, il faudra songer la réinstallation de MSN sans accepter les sponsors

    3/ Lance HijackThis, puis -> Do a system scan only et
    coche ces lignes qui t'envoie directement en Ukraine, à Kharkiv très probablement lol :

    O17 - HKLMSystemCCSServicesTcpip..{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
    O17 - HKLMSystemCCSServicesTcpip..{86CF9709-BEB4-49F9-8031-E67169271794}: NameServer = 85.255.115.38,85.255.112.152
    O17 - HKLMSystemCCSServicesTcpip..{D8489838-9A59-4621-9A37-0568657364DC}: NameServer = 85.255.115.38,85.255.112.152
    O17 - HKLMSystemCS1ServicesTcpip..{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
    O17 - HKLMSystemCS2ServicesTcpip..{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152

    4/ Télécharge, mets à jour et scanne ton PC avec Ad-Aware et SpyBot Search & Destroy :

    Ad-Aware :
    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html
    SpyBot Search & Destroy :
    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

    5/ Télécharge et nettoie ton PC avec ces deux logiciels :

    CCLEANER https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    Utilisation : Dans l'onglet "Nettoyeur" cliquez sur "Analyse". Une fois l'analyse terminée, cliquez sur "Lancer le Nettoyage".
    Ensuite, dans l'onglet "Erreurs" cliquez sur "Chercher des erreurs" puis, avant de cliquer sur "Réparer les erreurs sélectionnées" effectuez une sauvegarde de votre registre (comme proposé).

    CleanUp40
    http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
    Démo d’utilisation :
    http://pageperso.aol.fr/balltrap34/democleanup.htm

    6/ Scanne ton PC avec cet antivirus en ligne : https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm
    Copie/colle le rapport sur le forum.

    7/ Reposte enfin un nouveau log HijackThis.

    Courage :)

    ++
    0
    1. chr3 Messages postés 31 Statut Membre
       
      il ne veux pas me faire l'analyse avec pandasoftware comment pourrais-je faire stp
      0
      1. Kristopher Messages postés 3752 Statut Contributeur 106 > chr3 Messages postés 31 Statut Membre
         
        T'en es déjà à l'analyse antivirus ?

        Pour le scan avec Panda c'est vraiment dommage, car il est excellent...

        Quel est le message d'erreur ?

        Tu peux le remplacer avec celui-là :
        http://www.secuser.com/antivirus/index.htm
        Coche la case "Auto Clean" et clique sur "Poste de travail".

        Une fois le scan en ligne terminé et les infections nettoyées, colle le nouveau log HT.

        bye bye
        0
  4. chr3 Messages postés 31 Statut Membre
     
    voici l'hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 21:25:06, on 24/03/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\qttask.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\lclock.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\lefief\Mes documents\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.numericable.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par NUMERICABLE
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7A1B7D1E-77C7-C16A-B76C-70C87701EC30} - (no file)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [2 atom find enc] C:\Documents and Settings\All Users\Application Data\basehelp2atom\Junk For.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LClock] lclock.exe
    O4 - HKCU\..\Run: [Insidecdrom] C:\DOCUME~1\lefief\APPLIC~1\Dash Mpeg Fast\softheartmp3.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Fr\Felix2.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http:\\www.numericable.fr
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7B5ACCCA-C787-40A8-9301-94F0A158FE5B}: NameServer = 85.255.115.38,85.255.112.152
    O17 - HKLM\System\CCS\Services\Tcpip\..\{86CF9709-BEB4-49F9-8031-E67169271794}: NameServer = 85.255.115.38,85.255.112.152
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D8489838-9A59-4621-9A37-0568657364DC}: NameServer = 85.255.115.38,85.255.112.152
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Re,

    Décidément, tu fais fi de mes conseils.

    Relis le message < 5 > et fais ce qui est demandé.

    ++
    0
  7. chr3 Messages postés 31 Statut Membre
     
    pour zone alarm avant je l'avait mais il m'avait bloqué internet du coup j'avait du formater et je n'ai pas envie de reformer aurait-tu un autre firewall a me proposé stp
    0
  8. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Il suffit de chercher sur google.

    Sunbelt Kerio Personal Firewall est pas mal :

    https://www.01net.com/telecharger/windows/Securite/firewall/fiches/22418.html

    a+
    0
    1. chr3 Messages postés 31 Statut Membre
       
      voici mon hijackthis :

      Logfile of HijackThis v1.99.1
      Scan saved at 22:11:55, on 24/03/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\ewido anti-malware\ewidoctrl.exe
      C:\Program Files\ewido anti-malware\ewidoguard.exe
      C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
      C:\Program Files\Spyware Doctor\sdhelp.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
      C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
      C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      C:\WINDOWS\system32\qttask.exe
      C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\lclock.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Skype\Phone\Skype.exe
      c:\progra~1\intern~1\iexplore.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\ScreenMates\Felix II\Fr\Felix2.exe
      C:\Program Files\Spyware Doctor\swdoctor.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\Documents and Settings\lefief\Mes documents\hijackthis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.numericable.fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par NUMERICABLE
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: (no name) - {7A1B7D1E-77C7-C16A-B76C-70C87701EC30} - (no file)
      O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
      O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [2 atom find enc] C:\Documents and Settings\All Users\Application Data\basehelp2atom\Junk For.exe
      O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [LClock] lclock.exe
      O4 - HKCU\..\Run: [Insidecdrom] C:\DOCUME~1\lefief\APPLIC~1\Dash Mpeg Fast\softheartmp3.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Fr\Felix2.exe
      O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http:\\www.numericable.fr
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
      O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
      O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
      O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
      O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
      O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
      0