Adan-78, Adan-94 & Small-EK Résolu/Fermé

Question

Je suis toute les 5 minutes attaqué par les Adware Adan-78 et Adan-94 et par le trojan Small-EK, je ne peut plus utiliser le raccourci internet du menu demarrer (je le lance a partir d'un favori), j'ai l'UC toujours a 100 %, j'ai deja fait un scan avec Spybot, C-Cleaner et Avast, Ad-aware plante en plein milieu de scan.
je vous passe le rapport de Hijack :

Logfile of HijackThis v1.99.1
Scan saved at 19:35:12, on 30/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\µtorrent\utorrent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\TRIBAL~1.NET\tribalweb.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://karaho.activebb.net/index.forum
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [bghok.exe] C:\WINDOWS\system32\bghok.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [µTorrent] "F:\µtorrent\utorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - Startup: TribalWeb.net.lnk = ?
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{01241AB5-83CB-4EF3-A13B-D183B664D39C}: NameServer = 85.255.113.149,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8089D79-0D84-40DB-98AB-ED6E91CBF20A}: NameServer = 85.255.113.149,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA90D662-AF75-45B4-A80B-D41C516332EC}: NameServer = 85.255.113.149,85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.149 85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\..\{01241AB5-83CB-4EF3-A13B-D183B664D39C}: NameServer = 85.255.113.149,85.255.112.218
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.149 85.255.112.218
O17 - HKLM\System\CS2\Services\Tcpip\..\{01241AB5-83CB-4EF3-A13B-D183B664D39C}: NameServer = 85.255.113.149,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.149 85.255.112.218
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

green day · Answer

Salut

* Télécharge FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

* Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis! dans ta prochaine réponse.

@+

green day · Answer

Salutbelle infection ! installe un parfeu !Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :O1 - Hosts: localhost 127.0.0.1 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [nlvsf.exe] C:\WINDOWS\system32
lvsf.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Startup: TribalWeb.net.lnk = ? O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O17 - HKLM\System\CCS\Services\Tcpip\..\{01241AB5-83CB-4EF3-A13B-D183B664D39C}: NameServer = 85.255.113.149,85.255.112.218O17 - HKLM\System\CCS\Services\Tcpip\..\{C8089D79-0D84-40DB-98AB-ED6E91CBF20A}: NameServer = 85.255.113.149,85.255.112.218O17 - HKLM\System\CCS\Services\Tcpip\..\{D630FBAA-962D-4F49-BCCA-A7F88A5B6C69}: NameServer = 85.255.113.149,85.255.112.218O17 - HKLM\System\CCS\Services\Tcpip\..\{FA90D662-AF75-45B4-A80B-D41C516332EC}: NameServer = 85.255.113.149,85.255.112.218O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.149 85.255.112.218O17 - HKLM\System\CS1\Services\Tcpip\..\{01241AB5-83CB-4EF3-A13B-D183B664D39C}: NameServer = 85.255.113.149,85.255.112.218O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.149 85.255.112.218O17 - HKLM\System\CS2\Services\Tcpip\..\{01241AB5-83CB-4EF3-A13B-D183B664D39C}: NameServer = 85.255.113.149,85.255.112.218O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.149 85.255.112.218 ensuite :*Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .*Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elleest cochée) puis clique sur "lancer le nettoyage" https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.phpet enfin :1/ Télécharger et scanner son PC avec Ewido Security Suite : https://www.01net.com/telecharger/Copier/coller le rapport entier sur le forum.Regarder la démo d'utilisation :http://perso.wanadoo.fr/entraide-hijackthis/Ewido/(Merci à mOe pour cette réalisation)2/ Scanner son PC avec cet antivirus en ligne (sous Internet Explorer) :https://www.bitdefender.com/toolbox/Cliquer sur "I Agree" et scanner tout le PC.Penser à accepter l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).Copier/coller le rapport entier sur le forum.bon courage, @+***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***

YeZ · Answer

Alors j'ai fait le fix de HijackThis.
C-Cleaner a planté pour le scan du registre, mais pas pour le netoyage.
Sur Ewido, j'ai fait tout les scan sauf le scan complet ou il m'affiché au bout de 4-5 minutes :

something bad happened in the application. Errer diagniostic file saved to "C:\Program Files\ewido anti-spyware 4.0\ewido.err

J'ai ouvert ewido.err avec le bloc-note :

//==<ewido anti-spyware 4.0>===================================
Exception code: C0000005 ACCESS_VIOLATION
Fault address: 2D334544 <pages range base not found>
Exception Date: 07/01/2006 12:18:51
File Version of C:\Program Files\ewido anti-spyware 4.0\ewido.exe: 4.0.0.172

MiniDump Information Saved to C:\Program Files\ewido anti-spyware 4.0\ewido.dmp

Registers:
EAX:00000000
EBX:03F70000
ECX:7C92056D
EDX:00000000
ESI:7C80E00D
EDI:00000066
CS:EIP:001B:2D334544
SS:ESP:0023:05F38260 EBP:342D3538
DS:0023 ES:0023 FS:003B GS:0000
Flags:00010246

Intel specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Logical addr Module
2D334544 342D3538 <frame 342D3538 not readable>

ImageHelp specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Symbol/Logical address
2D334544 05F3825C 4442422D 35394433 32353843 762D7D30 <pages range base not found>
33423339 342D3538 00000000 00000000 00000000 00000000 <pages range base not found>

Loaded Modules:
Base Size Module
00400000 609000 4.00.0000.0172 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
7C910000 0B7000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
7C800000 104000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
76BA0000 00B000 5.01.2600.2180 C:\WINDOWS\system32\PSAPI.DLL
10000000 0E3000 4.00.0000.0172 C:\Program Files\ewido anti-spyware 4.0\engine.dll
77F40000 076000 6.00.2900.2753 C:\WINDOWS\system32\SHLWAPI.dll
77DA0000 0AC000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
77E50000 091000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
77EF0000 046000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
77D10000 090000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll
77BE0000 058000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
719F0000 017000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
719E0000 008000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
76AE0000 02F000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
7C9D0000 823000 6.00.2900.2763 C:\WINDOWS\system32\SHELL32.dll
76310000 005000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
76340000 04A000 6.00.2900.2180 C:\WINDOWS\system32\comdlg32.dll
77390000 103000 6.00.2900.2649 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\COMCTL32.dll
774A0000 13D000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll
71A10000 00A000 5.01.2600.2180 C:\WINDOWS\system32\WSOCK32.dll
76D10000 019000 5.01.2600.2180 C:\WINDOWS\system32\iphlpapi.dll
77BD0000 008000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
77AA0000 0A7000 6.00.2900.2753 C:\WINDOWS\system32\WININET.dll
779E0000 096000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
77A80000 012000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
770E0000 08C000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
5B090000 038000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
02CF0000 068000 1.00.0000.20563 C:\Program Files\Xfire\xfire_toucan_20563.dll
7C340000 056000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.DLL
77B50000 022000 5.01.2600.2180 C:\WINDOWS\system32\appHelp.dll
76F80000 07F000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
77000000 0D4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
765B0000 056000 5.01.2600.2180 C:\WINDOWS\System32\cscui.dll
76590000 01D000 5.01.2600.2180 C:\WINDOWS\System32\CSCDLL.dll
778E0000 0F8000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
76920000 008000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll
76930000 026000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
76AC0000 011000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
6FEE0000 054000 5.01.2600.2180 C:\WINDOWS\system32\NETAPI32.dll
76960000 0B5000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
71990000 040000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
62E40000 059000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
719D0000 008000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
76ED0000 027000 5.01.2600.2180 C:\WINDOWS\system32\DNSAPI.dll
76F60000 008000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
76F10000 02D000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
76F70000 006000 5.01.2600.2180 C:\WINDOWS\system32\rasadhlp.dll
5D3F0000 0A1000 5.01.2600.2180 C:\WINDOWS\system32\DBGHELP.DLL

//==<ewido anti-spyware 4.0>===================================
Exception code: C0000005 ACCESS_VIOLATION
Fault address: 2D334544 <pages range base not found>
Exception Date: 07/01/2006 12:28:58
File Version of C:\Program Files\ewido anti-spyware 4.0\ewido.exe: 4.0.0.172

MiniDump Information Saved to C:\Program Files\ewido anti-spyware 4.0\ewido.dmp

Registers:
EAX:00000000
EBX:02F30000
ECX:7C92056D
EDX:00000000
ESI:7C80E00D
EDI:00000066
CS:EIP:001B:2D334544
SS:ESP:0023:050A8260 EBP:342D3538
DS:0023 ES:0023 FS:003B GS:0000
Flags:00010246

Intel specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Logical addr Module
2D334544 342D3538 <frame 342D3538 not readable>

ImageHelp specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Symbol/Logical address
2D334544 050A825C 4442422D 35394433 32353843 762D7D30 <pages range base not found>
33423339 342D3538 00000000 00000000 00000000 00000000 <pages range base not found>

Loaded Modules:
Base Size Module
00400000 609000 4.00.0000.0172 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
7C910000 0B7000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
7C800000 104000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
76BA0000 00B000 5.01.2600.2180 C:\WINDOWS\system32\PSAPI.DLL
10000000 0E3000 4.00.0000.0172 C:\Program Files\ewido anti-spyware 4.0\engine.dll
77F40000 076000 6.00.2900.2753 C:\WINDOWS\system32\SHLWAPI.dll
77DA0000 0AC000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
77E50000 091000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
77EF0000 046000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
77D10000 090000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll
77BE0000 058000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
719F0000 017000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
719E0000 008000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
76AE0000 02F000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
7C9D0000 823000 6.00.2900.2763 C:\WINDOWS\system32\SHELL32.dll
76310000 005000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
76340000 04A000 6.00.2900.2180 C:\WINDOWS\system32\comdlg32.dll
77390000 103000 6.00.2900.2649 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\COMCTL32.dll
774A0000 13D000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll
71A10000 00A000 5.01.2600.2180 C:\WINDOWS\system32\WSOCK32.dll
76D10000 019000 5.01.2600.2180 C:\WINDOWS\system32\iphlpapi.dll
77BD0000 008000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
77AA0000 0A7000 6.00.2900.2753 C:\WINDOWS\system32\WININET.dll
779E0000 096000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
77A80000 012000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
770E0000 08C000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
5B090000 038000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
02E10000 068000 1.00.0000.20563 C:\Program Files\Xfire\xfire_toucan_20563.dll
7C340000 056000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.DLL
77B50000 022000 5.01.2600.2180 C:\WINDOWS\system32\appHelp.dll
76F80000 07F000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
77000000 0D4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
765B0000 056000 5.01.2600.2180 C:\WINDOWS\System32\cscui.dll
76590000 01D000 5.01.2600.2180 C:\WINDOWS\System32\CSCDLL.dll
778E0000 0F8000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
76920000 008000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll
76930000 026000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
76AC0000 011000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
6FEE0000 054000 5.01.2600.2180 C:\WINDOWS\system32\NETAPI32.dll
76960000 0B5000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
71990000 040000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
62E40000 059000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
719D0000 008000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
76ED0000 027000 5.01.2600.2180 C:\WINDOWS\system32\DNSAPI.dll
76F60000 008000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
76F10000 02D000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
76F70000 006000 5.01.2600.2180 C:\WINDOWS\system32\rasadhlp.dll
5D3F0000 0A1000 5.01.2600.2180 C:\WINDOWS\system32\DBGHELP.DLL

ensuite j'ai refait un scan avec HijackThis je te copie le log :

Logfile of HijackThis v1.99.1
Scan saved at 13:31:04, on 01/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\µtorrent\utorrent.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\TRIBAL~1.NET\tribalweb.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avtwv.exe] C:\WINDOWS\system32\avtwv.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [µTorrent] "F:\µtorrent\utorrent.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

voila j'ai supprimé qlques virus avec ewido mais les attaques continu et l'UC monte a 100 % que pendant les attaques ce que je trouve assez normal.
Ah oui j'ai essayé le scan en ligne : ca plante et ca me ferme Iexplorer.exe

green day · Answer

re

ok,

# Télécharge ceci: (merci a S!RI pour ce petit programme).

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.

@+

YeZ · Answer

Voila le rapport :

SmitFraudFix v2.65

Rapport fait à 20:21:40,56, 01/07/2006
Executé à partir de C:\Documents and Settings\Admin\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Admin\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

green day · Answer

Salut

# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
# Relance le programme Smitfraud :
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

ensuite :

télécharge ceci : ( si ce n'est pas déjà fait ! )

1) Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html

2) Le patch en Français pour Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html

tuto : (merci à Moe) http://perso.wanadoo.fr/entraide-hijackthis/AdAware/AdAware.htm

3) Spybot (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html

tuto : (merci à Ballatrap )
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

4) A-squared (nécessite un enregistrement gratuit en ligne pour obtenir la clé d'activation) :
https://www.emsisoft.com/fr/

5) Ewido (gratuit) :
https://www.avg.com/en-ww/free-antivirus-download

tuto : (merci à Moe) http://perso.wanadoo.fr/entraide-hijackthis/Ewido/

6) CleanUp40 (qui élimine les fichiers temporaires + cookies : gratuit )
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe

tuto : (merci à Balltrap) http://pageperso.aol.fr/balltrap34/democleanup.htm

et enfin remets un nouveau hijackthis stp

bon courage; @+

YeZ · Answer

j'ai Ad-Aware, C-Cleaner en noyage de registre, Clean-Up et Ewido en scan complet qui plante.
le rapport de SmitFraudFix :

SmitFraudFix v2.65

Rapport fait à 11:32:11,96, 02/07/2006
Executé à partir de C:\Documents and Settings\Admin\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Le rapport de HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 16:09:13, on 02/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
F:\µtorrent\utorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRIBAL~1.NET\tribalweb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [ikgir.exe] C:\WINDOWS\system32\ikgir.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [µTorrent] "F:\µtorrent\utorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{01241AB5-83CB-4EF3-A13B-D183B664D39C}: NameServer = 85.255.113.149,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8089D79-0D84-40DB-98AB-ED6E91CBF20A}: NameServer = 85.255.113.149,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{D630FBAA-962D-4F49-BCCA-A7F88A5B6C69}: NameServer = 85.255.113.149,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA90D662-AF75-45B4-A80B-D41C516332EC}: NameServer = 85.255.113.149,85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.149 85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\..\{01241AB5-83CB-4EF3-A13B-D183B664D39C}: NameServer = 85.255.113.149,85.255.112.218
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.149 85.255.112.218
O17 - HKLM\System\CS2\Services\Tcpip\..\{01241AB5-83CB-4EF3-A13B-D183B664D39C}: NameServer = 85.255.113.149,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.149 85.255.112.218
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

green day · Answer

Salut

oula ! une ré-invasion !

# Désactiver la Restauration du système :

* Cliquez sur le bouton Démarrer.
* Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
* Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs

ensuite refais la manip du poste 1, passe cleanup et ewido en mode sans echec, et enfin remets un hijackthis stp

++

YeZ · Answer

Bon ca a l'air de marcher : les antyspyware et reparateur de registre fonctionne correctement et je ne recoit plus d'attaques.voici un rapport de HijackThis, apres les mutilple scan, en mode sans-echec :Logfile of HijackThis v1.99.1Scan saved at 14:35:26, on 03/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\Documents and Settings\Admin\Bureau\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=sslR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=sslR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%sR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://patrick.kolla.de/spybotsd.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\RunOnce: [Config] %systemroot%\system32un.cmdO4 - HKCU\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"O4 - HKCU\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exeO4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin
pjpi150_06.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin
pjpi150_06.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/...O17 - HKLM\System\CCS\Services\Tcpip\..\{01241AB5-83CB-4EF3-A13B-D183B664D39C}: NameServer = 85.255.113.149,85.255.112.218O17 - HKLM\System\CCS\Services\Tcpip\..\{C8089D79-0D84-40DB-98AB-ED6E91CBF20A}: NameServer = 85.255.113.149,85.255.112.218O17 - HKLM\System\CCS\Services\Tcpip\..\{FA90D662-AF75-45B4-A80B-D41C516332EC}: NameServer = 85.255.113.149,85.255.112.218O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.149 85.255.112.218O17 - HKLM\System\CS1\Services\Tcpip\..\{01241AB5-83CB-4EF3-A13B-D183B664D39C}: NameServer = 85.255.113.149,85.255.112.218O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.149 85.255.112.218O17 - HKLM\System\CS2\Services\Tcpip\..\{01241AB5-83CB-4EF3-A13B-D183B664D39C}: NameServer = 85.255.113.149,85.255.112.218O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.149 85.255.112.218O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeEt là un autre rapport mais ceului-ci fait en mode normal :Logfile of HijackThis v1.99.1Scan saved at 14:41:40, on 03/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Anti-Blaxx\Anti-Blaxx.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\ewido anti-spyware 4.0\ewido.exeF:\µtorrent\utorrent.exeC:\Program Files\Hamachi\hamachi.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Xfire\Xfire.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\PROGRA~1\TRIBAL~1.NET	ribalweb.exeC:\Documents and Settings\Admin\Bureau\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStartO4 - HKCU\..\Run: [µTorrent] "F:\µtorrent\utorrent.exe"O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exeO4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/...O17 - HKLM\System\CCS\Services\Tcpip\..\{01241AB5-83CB-4EF3-A13B-D183B664D39C}: NameServer = 85.255.113.149,85.255.112.218O17 - HKLM\System\CCS\Services\Tcpip\..\{C8089D79-0D84-40DB-98AB-ED6E91CBF20A}: NameServer = 85.255.113.149,85.255.112.218O17 - HKLM\System\CCS\Services\Tcpip\..\{FA90D662-AF75-45B4-A80B-D41C516332EC}: NameServer = 85.255.113.149,85.255.112.218O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.149 85.255.112.218O17 - HKLM\System\CS1\Services\Tcpip\..\{01241AB5-83CB-4EF3-A13B-D183B664D39C}: NameServer = 85.255.113.149,85.255.112.218O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.149 85.255.112.218O17 - HKLM\System\CS2\Services\Tcpip\..\{01241AB5-83CB-4EF3-A13B-D183B664D39C}: NameServer = 85.255.113.149,85.255.112.218O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.149 85.255.112.218O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exePour le Pare-Feu, qu'est ce qu'il y a comme Pare-Feu performant ?

green day · Answer

Salut

tu peux reactivé la restau systeme

parfeu : zone alarme : simple d'utilisation et assez efficace

1) Zone alarme (gratuit, téléchargeable ici) :
https://www.zonealarm.com/

Tuto:http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/zonealarm-tutorial-sujet_169658_1.htm

Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

O17 - HKLM\System\CCS\Services\Tcpip\..\{01241AB5-83CB-4EF3-A13B-D183B664D39C}: NameServer = 85.255.113.149,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8089D79-0D84-40DB-98AB-ED6E91CBF20A}: NameServer = 85.255.113.149,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA90D662-AF75-45B4-A80B-D41C516332EC}: NameServer = 85.255.113.149,85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.149 85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\..\{01241AB5-83CB-4EF3-A13B-D183B664D39C}: NameServer = 85.255.113.149,85.255.112.218
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.149 85.255.112.218
O17 - HKLM\System\CS2\Services\Tcpip\..\{01241AB5-83CB-4EF3-A13B-D183B664D39C}: NameServer = 85.255.113.149,85.255.112.218

et enfin :

scan en ligne : colle rapport entier ( s’il y a quelque chose) :

http://www.bitdefender.fr/bd/site/search.php#

@+

***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***

Krik · Answer

Salut Green  Day !J'ai le même souci que yez !!Voila le rapport de fixwareout : Fixwareout ver 1.003Last edited 07/1/2006Post this report in the forums please  Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}920BB3E55D27-F529-A604-3177-39BEF900{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}AB16505770BD-1A19-4094-62BB-0BB972D5{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}134912D86482-5D99-5B64-3F81-8C7FD103{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}D8A4F4C881CA-2D49-A294-1128-6180E1C6{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}EE2B4CD89C69-4A9B-3984-E06C-0D099B3C{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}F64147F5B3DC-BC89-2B94-C7AB-B3123903{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}D67EBF56A15D-537B-A794-AC7D-31BC2B29{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}2B62D4AB4039-B00A-6174-5EF7-10BF6A92{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}83DBD85BBCBF-F68B-8F24-743A-DC302ADC{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}97A5DEB47ED3-E599-2EB4-1C09-F4D3853B{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}6D8E258982AC-4F8B-35A4-361A-AD0CF0FE{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}67020A655B3F-3B59-3394-D80F-BDF1FDE3{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}231A010E7E14-F5CB-AB04-9425-FA093035{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}0C48183A6229-8EA9-EDA4-01FD-70D07CA0{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}0250D0F2BBF4-B10B-2C54-B5F4-77978530{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}AD3AAAC74CBF-954A-3924-5BD9-A172ED05{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}90019D854A0E-986B-5014-2BA3-4E0C7144{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}34A628D7D769-F28A-5FA4-4D6E-EA9FD085{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}4CDDD296CB47-D93A-AF54-71E0-AD0651EF{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}A0741414AEA9-9D1B-7AA4-24A1-78FC5F65{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}AD8E8546C161-8358-B624-6A5A-1B19BDEB{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}BD79DC92E642-9278-CCB4-5EF6-7C4820E4{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}45327795CB35-14CA-90E4-8C5B-DF7D734B{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins\}3DCED66F7E96-BC48-44A4-0D20-040823EA{HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swenHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\enoHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llunHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\UrlsuofHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evifHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\UrlsepiwohHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgdHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS...Microsoft (R) Windows Script Host Version 5.6Random Runs removed from HKLM ... PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.Example ipsec6.exe is legitimate »»»»» Search by size and names... * csr.exe  C:\WINDOWS\System32\CSBHP.EXE »»»»» Misc files  »»»»» Checking for older varients covered by the Rem3 tool »»»»» Search five digit cs, dm and jb filesThis WILL/CAN also list Legit Files, Submit them at VirustotalC:\WINDOWS\SYSTEM32\CSBHP.EXE       51 219 2006-06-30       Other suspectsDirectory of C:\WINDOWS\system32{AE328040-02D0-4A44-84CB-69E7F66DECD3}.exe{B437D7FD-B5C8-4E09-AC41-53BC59772354}.exe{4E0284C7-6FE5-4BCC-8729-246E29CD97DB}.exe{BEDB91B1-A5A6-426B-8538-161C6458E8DA}.exe{56F5CF87-1A42-4AA7-B1D9-9AEA4141470A}.exe{FE1560DA-0E17-45FA-A39D-74BC692DDDC4}.exe{580DF9AE-E6D4-4AF5-A82F-967D7D826A43}.exe{4417C0E4-3AB2-4105-B689-E0A458D91009}.exe{50DE271A-9DB5-4293-A459-FBC47CAAA3DA}.exe{03587977-4F5B-45C2-B01B-4FBB2F0D0520}.exe{0AC70D07-DF10-4ADE-9AE8-9226A38184C0}.exe{530390AF-5249-40BA-BC5F-41E7E010A132}.exe{3EDF1FDB-F08D-4933-95B3-F3B556A02076}.exe{EF0FC0DA-A163-4A53-B8F4-CA289852E8D6}.exe{B3583D4F-90C1-4BE2-995E-3DE74BED5A79}.exe{CDA203CD-A347-42F8-B86F-FBCBB58DBD38}.exe{29A6FB01-7FE5-4716-A00B-9304BA4D26B2}.exe{92B2CB13-D7CA-497A-B735-D51A65FBE76D}.exe{3093213B-BA7C-49B2-98CB-CD3B5F74146F}.exe{C3B990D0-C60E-4893-B9A4-96C98DC4B2EE}.exe{6C1E0816-8211-492A-94D2-AC188C4F4A8D}.exe{ACF458EF-A9C7-4AB6-807F-D57CB9E4F10E}.exe{301DF7C8-18F3-46B5-99D5-28468D219431}.exe{5D279BB0-BB26-4904-91A1-DB07750561BA}.exe{009FEB93-7713-406A-925F-72D55E3BB029}.exe{AC2D4A11-FC70-4AE0-94E4-0D499AD27AF2}.exe{582370F8-1E3E-4D02-A69C-64E8D819B8FB}.exe{24671982-3454-49CE-A5B6-BFF5A043E522}.exe{5823CAB4-E697-4E82-A8AD-CD8BEC88788E}.exe{816A63A0-F046-4092-B3E7-6180ECB37AE6}.exe{6DD6F4C4-BF53-4BED-AE95-3821A790467E}.exe{E60B43E0-1B40-46F5-A509-92A518631E05}.exe{68B8DF53-C326-407F-9AF8-F9076AF9DA34}.exe{EA979702-B37E-46F3-B70B-7C0F4E39084F}.exe{931411AB-4559-49AA-A1A1-FB12889EDFB3}.exe{4813034E-7706-4050-ADF4-1AB194DDD1C5}.exe{93391648-AA2D-420B-AB21-4097D5AC4605}.exe{D82AF41B-4B62-48ED-BC5C-E5F5E46B8D0E}.exe{4C719F8B-1CAF-4DB6-B62E-7CAEFC6CBD58}.exe{ECEC6C27-F262-4717-9223-C836A80CF4DC}.exe{50F733CA-FEE0-470D-85EC-13B357F1C588}.exe{9FFAD029-7B50-4DAF-AF7C-A7E3B3E41A32}.exe{996F1F1A-833B-4B58-8968-F1383AD5B2F3}.exe{766D994A-7093-4998-B725-6A13602DBCF0}.exe{6AF09EC6-28EB-4739-A86B-C74C1B86CC13}.exe{6F691674-27CE-41F5-BF33-CBAE3C22DBC1}.exe{A68F6BC7-6FA6-43C1-BDCC-94E9A99D9269}.exe{7093D186-A091-454E-8676-F5D687934A00}.exe{03FD025F-8B7A-422C-8F85-98BB41D9F784}.exe{415880C7-8D4B-42B2-81FC-6AF62D206860}.exe{D4054F1B-0320-4416-9A51-8454B3D8F27F}.exe{54B95EE4-9024-4143-824A-47720AC98C9F}.exe{3B9B0664-8BEB-495C-BFF8-B687C5186B11}.exe{0F7DDFDE-69B6-40E3-BD63-F9847937BD83}.exe{8C9A58F6-6D73-4B72-9941-3C650890E6C2}.exe{94101D68-7C72-4AF1-87D4-2F324B36305A}.exe{5EE21CD2-9DE3-4F88-A463-03439C89C5AC}.exe{5CDDCD72-3DF1-44E5-89CE-8D03BD82BB08}.exe{E639BE72-59D9-47DE-B8CD-4E6BBF52AAA7}.exe{D432A430-D245-48B7-B099-F85E0D72CDB7}.exe{2B324DA8-9CAE-4BF8-9FCC-B21F9C25BA4B}.exe{DBA668E6-CCEF-4F24-8E0D-B3F1CA7902DE}.exe{52BB78F5-9F43-4246-8B66-4A5B3D776DD0}.exe{70247F61-26CE-46DE-9D55-5733FF062745}.exe{71E8DD49-1535-4636-9173-0C05C897CF51}.exe{441E2380-916B-4279-A368-D1FCD7F5470B}.exe{2BABE508-C378-4C26-8105-527ECD6012EB}.exe{46F9CD9B-9251-49A0-8B7B-3305BEF646B1}.exe{A6D3BB4F-91C4-4E09-BC15-3D468E2F231D}.exe{2976A9DD-F516-482F-8B27-4DFE802F87B3}.exe{0EAC0640-0169-47AF-BC47-929978D41417}.exe{3DC66F8B-75B4-4AD0-9553-78D30296B389}.exe{C3B622F8-65FD-4CB5-8C77-2AEEA30DEF70}.exe{C14E98C2-0ED3-42B8-AACC-37F41CCE583B}.exe{354EAF05-ED9E-4213-9868-936BBA3C6402}.exe{74A3905C-43A1-45D2-9212-EF26EDA9337B}.exe{2F3D1B45-0E29-4E9D-A626-B1273255557C}.exe{66D11742-F533-4DF4-8382-61A52DDC5192}.exe{F081AD62-2C4C-46A8-A952-3867D66FC934}.exe{9FC07192-5B6E-4365-BDCC-0617C8D1DA99}.exe{B9E54C4E-0B66-4A5F-B0B9-9BE0B2142D86}.exe{6C5D1DC9-A6FB-4BFA-ACA8-CF9B64758A81}.exe{3F1793C4-777E-4A62-976C-1BD23842D43E}.exe{52EE5461-B97D-4733-B795-A543FD04DB81}.exe{B52A0AC6-6E95-4752-8DD7-3E0C4CA9776F}.exe{55754925-28EB-4C81-B048-45452FF22D6A}.exe{E16688B6-7D3F-4D17-BD46-B0B00B717296}.exeet le rapport de HijackThis :Logfile of HijackThis v1.99.1Scan saved at 19:56:47, on 03/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32
vsvc32.exeC:\Program Files\Kerio\Personal Firewall\persfw.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Logitech\Video\CameraAssistant.exeC:\WINDOWS\system32\ElkCtrl.exeC:\PROGRA~1\PESTPA~1\PPControl.exeC:\PROGRA~1\PESTPA~1\PPMemCheck.exeC:\PROGRA~1\PESTPA~1\CookiePatrol.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeC:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exeC:\Program Files\Internet Explorer\iexplore.exeC:\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: (no name) - {783D8360-F687-DDF2-7A52-E9C7C0F1B0E6} - xxtoolbar.dll (file missing)O1 - Hosts: localhost 127.0.0.1O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorunO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exeO4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspectO4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automationO4 - HKLM\..\Run: [killall] dialer423.exeO4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exeO4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exeO4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exeO4 - HKLM\..\Run: [nikkn.exe] C:\WINDOWS\system32
ikkn.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [porka_] Shaitan1678.exeO4 - HKCU\..\Run: [slamm] SysSupport.exeO4 - HKCU\..\Run: [cnftips] backd.exeO4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63O17 - HKLM\System\CCS\Services\Tcpip\..\{46163A0F-F858-42DA-9EA9-191F6C9263DF}: NameServer = 85.255.115.34,85.255.112.63O17 - HKLM\System\CCS\Services\Tcpip\..\{E8ACB208-CC48-4CF6-8A4D-25AAF744457D}: NameServer = 85.255.115.34,85.255.112.63O17 - HKLM\System\CCS\Services\Tcpip\..\{EB2CC401-C025-4ADE-B852-0834BA7FC66E}: NameServer = 85.255.115.34,85.255.112.63O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63O17 - HKLM\System\CS3\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exePeut tu me venir en aide !!??Merci beaucoup !!

green day · Answer

Salut Krik ouvre ton propre poste stp, sinon on va s'emmeler les pinceaux ici :) ++

green day · Answer

pas grave ;-)

Adan-78, Adan-94 & Small-EK

13 réponses

Discussions similaires