Adan-78, Adan-94 & Small-EK

KRIK -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
[ Continuer la discussion ][ Répondre à green day ][ Autres messages de green day ]

< 12 > - Adan-78, Adan-94 & Small-EK
Ajouté par Krik (03/07/2006 à 20:03 GMT+2)
Salut Green Day !

J'ai le même souci que yez !!

Voila le rapport de fixwareout :

Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}920BB3E55D27-F529-A604-3177-39BEF900{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AB16505770BD-1A19-4094-62BB-0BB972D5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}134912D86482-5D99-5B64-3F81-8C7FD103{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D8A4F4C881CA-2D49-A294-1128-6180E1C6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EE2B4CD89C69-4A9B-3984-E06C-0D099B3C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F64147F5B3DC-BC89-2B94-C7AB-B3123903{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D67EBF56A15D-537B-A794-AC7D-31BC2B29{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2B62D4AB4039-B00A-6174-5EF7-10BF6A92{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}83DBD85BBCBF-F68B-8F24-743A-DC302ADC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}97A5DEB47ED3-E599-2EB4-1C09-F4D3853B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6D8E258982AC-4F8B-35A4-361A-AD0CF0FE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}67020A655B3F-3B59-3394-D80F-BDF1FDE3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}231A010E7E14-F5CB-AB04-9425-FA093035{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0C48183A6229-8EA9-EDA4-01FD-70D07CA0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0250D0F2BBF4-B10B-2C54-B5F4-77978530{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AD3AAAC74CBF-954A-3924-5BD9-A172ED05{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}90019D854A0E-986B-5014-2BA3-4E0C7144{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}34A628D7D769-F28A-5FA4-4D6E-EA9FD085{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4CDDD296CB47-D93A-AF54-71E0-AD0651EF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A0741414AEA9-9D1B-7AA4-24A1-78FC5F65{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AD8E8546C161-8358-B624-6A5A-1B19BDEB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BD79DC92E642-9278-CCB4-5EF6-7C4820E4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}45327795CB35-14CA-90E4-8C5B-DF7D734B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3DCED66F7E96-BC48-44A4-0D20-040823EA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...
* csr.exe C:\WINDOWS\System32\CSBHP.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSBHP.EXE 51 219 2006-06-30
Other suspects
Directory of C:\WINDOWS\system32
{AE328040-02D0-4A44-84CB-69E7F66DECD3}.exe
{B437D7FD-B5C8-4E09-AC41-53BC59772354}.exe
{4E0284C7-6FE5-4BCC-8729-246E29CD97DB}.exe
{BEDB91B1-A5A6-426B-8538-161C6458E8DA}.exe
{56F5CF87-1A42-4AA7-B1D9-9AEA4141470A}.exe
{FE1560DA-0E17-45FA-A39D-74BC692DDDC4}.exe
{580DF9AE-E6D4-4AF5-A82F-967D7D826A43}.exe
{4417C0E4-3AB2-4105-B689-E0A458D91009}.exe
{50DE271A-9DB5-4293-A459-FBC47CAAA3DA}.exe
{03587977-4F5B-45C2-B01B-4FBB2F0D0520}.exe
{0AC70D07-DF10-4ADE-9AE8-9226A38184C0}.exe
{530390AF-5249-40BA-BC5F-41E7E010A132}.exe
{3EDF1FDB-F08D-4933-95B3-F3B556A02076}.exe
{EF0FC0DA-A163-4A53-B8F4-CA289852E8D6}.exe
{B3583D4F-90C1-4BE2-995E-3DE74BED5A79}.exe
{CDA203CD-A347-42F8-B86F-FBCBB58DBD38}.exe
{29A6FB01-7FE5-4716-A00B-9304BA4D26B2}.exe
{92B2CB13-D7CA-497A-B735-D51A65FBE76D}.exe
{3093213B-BA7C-49B2-98CB-CD3B5F74146F}.exe
{C3B990D0-C60E-4893-B9A4-96C98DC4B2EE}.exe
{6C1E0816-8211-492A-94D2-AC188C4F4A8D}.exe
{ACF458EF-A9C7-4AB6-807F-D57CB9E4F10E}.exe
{301DF7C8-18F3-46B5-99D5-28468D219431}.exe
{5D279BB0-BB26-4904-91A1-DB07750561BA}.exe
{009FEB93-7713-406A-925F-72D55E3BB029}.exe
{AC2D4A11-FC70-4AE0-94E4-0D499AD27AF2}.exe
{582370F8-1E3E-4D02-A69C-64E8D819B8FB}.exe
{24671982-3454-49CE-A5B6-BFF5A043E522}.exe
{5823CAB4-E697-4E82-A8AD-CD8BEC88788E}.exe
{816A63A0-F046-4092-B3E7-6180ECB37AE6}.exe
{6DD6F4C4-BF53-4BED-AE95-3821A790467E}.exe
{E60B43E0-1B40-46F5-A509-92A518631E05}.exe
{68B8DF53-C326-407F-9AF8-F9076AF9DA34}.exe
{EA979702-B37E-46F3-B70B-7C0F4E39084F}.exe
{931411AB-4559-49AA-A1A1-FB12889EDFB3}.exe
{4813034E-7706-4050-ADF4-1AB194DDD1C5}.exe
{93391648-AA2D-420B-AB21-4097D5AC4605}.exe
{D82AF41B-4B62-48ED-BC5C-E5F5E46B8D0E}.exe
{4C719F8B-1CAF-4DB6-B62E-7CAEFC6CBD58}.exe
{ECEC6C27-F262-4717-9223-C836A80CF4DC}.exe
{50F733CA-FEE0-470D-85EC-13B357F1C588}.exe
{9FFAD029-7B50-4DAF-AF7C-A7E3B3E41A32}.exe
{996F1F1A-833B-4B58-8968-F1383AD5B2F3}.exe
{766D994A-7093-4998-B725-6A13602DBCF0}.exe
{6AF09EC6-28EB-4739-A86B-C74C1B86CC13}.exe
{6F691674-27CE-41F5-BF33-CBAE3C22DBC1}.exe
{A68F6BC7-6FA6-43C1-BDCC-94E9A99D9269}.exe
{7093D186-A091-454E-8676-F5D687934A00}.exe
{03FD025F-8B7A-422C-8F85-98BB41D9F784}.exe
{415880C7-8D4B-42B2-81FC-6AF62D206860}.exe
{D4054F1B-0320-4416-9A51-8454B3D8F27F}.exe
{54B95EE4-9024-4143-824A-47720AC98C9F}.exe
{3B9B0664-8BEB-495C-BFF8-B687C5186B11}.exe
{0F7DDFDE-69B6-40E3-BD63-F9847937BD83}.exe
{8C9A58F6-6D73-4B72-9941-3C650890E6C2}.exe
{94101D68-7C72-4AF1-87D4-2F324B36305A}.exe
{5EE21CD2-9DE3-4F88-A463-03439C89C5AC}.exe
{5CDDCD72-3DF1-44E5-89CE-8D03BD82BB08}.exe
{E639BE72-59D9-47DE-B8CD-4E6BBF52AAA7}.exe
{D432A430-D245-48B7-B099-F85E0D72CDB7}.exe
{2B324DA8-9CAE-4BF8-9FCC-B21F9C25BA4B}.exe
{DBA668E6-CCEF-4F24-8E0D-B3F1CA7902DE}.exe
{52BB78F5-9F43-4246-8B66-4A5B3D776DD0}.exe
{70247F61-26CE-46DE-9D55-5733FF062745}.exe
{71E8DD49-1535-4636-9173-0C05C897CF51}.exe
{441E2380-916B-4279-A368-D1FCD7F5470B}.exe
{2BABE508-C378-4C26-8105-527ECD6012EB}.exe
{46F9CD9B-9251-49A0-8B7B-3305BEF646B1}.exe
{A6D3BB4F-91C4-4E09-BC15-3D468E2F231D}.exe
{2976A9DD-F516-482F-8B27-4DFE802F87B3}.exe
{0EAC0640-0169-47AF-BC47-929978D41417}.exe
{3DC66F8B-75B4-4AD0-9553-78D30296B389}.exe
{C3B622F8-65FD-4CB5-8C77-2AEEA30DEF70}.exe
{C14E98C2-0ED3-42B8-AACC-37F41CCE583B}.exe
{354EAF05-ED9E-4213-9868-936BBA3C6402}.exe
{74A3905C-43A1-45D2-9212-EF26EDA9337B}.exe
{2F3D1B45-0E29-4E9D-A626-B1273255557C}.exe
{66D11742-F533-4DF4-8382-61A52DDC5192}.exe
{F081AD62-2C4C-46A8-A952-3867D66FC934}.exe
{9FC07192-5B6E-4365-BDCC-0617C8D1DA99}.exe
{B9E54C4E-0B66-4A5F-B0B9-9BE0B2142D86}.exe
{6C5D1DC9-A6FB-4BFA-ACA8-CF9B64758A81}.exe
{3F1793C4-777E-4A62-976C-1BD23842D43E}.exe
{52EE5461-B97D-4733-B795-A543FD04DB81}.exe
{B52A0AC6-6E95-4752-8DD7-3E0C4CA9776F}.exe
{55754925-28EB-4C81-B048-45452FF22D6A}.exe
{E16688B6-7D3F-4D17-BD46-B0B00B717296}.exe

et le rapport de HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 19:56:47, on 03/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {783D8360-F687-DDF2-7A52-E9C7C0F1B0E6} - xxtoolbar.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [killall] dialer423.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [nikkn.exe] C:\WINDOWS\system32\nikkn.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [porka_] Shaitan1678.exe
O4 - HKCU\..\Run: [slamm] SysSupport.exe
O4 - HKCU\..\Run: [cnftips] backd.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{46163A0F-F858-42DA-9EA9-191F6C9263DF}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8ACB208-CC48-4CF6-8A4D-25AAF744457D}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB2CC401-C025-4ADE-B852-0834BA7FC66E}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CS3\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

Peut tu me venir en aide !!??

Merci beaucoup !!

27 réponses

  • 1
  • 2
  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    merci !

    Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [killall] dialer423.exe
    O4 - HKLM\..\Run: [nikkn.exe] C:\WINDOWS\system32\nikkn.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [porka_] Shaitan1678.exe
    O4 - HKCU\..\Run: [slamm] SysSupport.exe
    O4 - HKCU\..\Run: [cnftips] backd.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?

    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
    O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\..\{46163A0F-F858-42DA-9EA9-191F6C9263DF}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E8ACB208-CC48-4CF6-8A4D-25AAF744457D}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EB2CC401-C025-4ADE-B852-0834BA7FC66E}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
    O17 - HKLM\System\CS3\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63

    *Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .

    *Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle
    est cochée) puis clique sur "lancer le nettoyage"

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    ensuite fais le 1/ et 2/ de ce lien stp :

    virus methode preliminaire de desinfection version fr

    bon courage, @+

    ***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
    0
    1. KRIK
       
      Salut

      Voici le scan de Ewido:

      ---------------------------------------------------------
      ewido anti-spyware - Scan Report
      ---------------------------------------------------------

      + Created at: 20:57:15 04/07/2006

      + Scan result:



      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP172\A0120552.exe -> Adware.Casino : No action taken.
      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP172\A0120553.exe -> Adware.Casino : No action taken.
      [1188] VM_00880000 -> Downloader.Agent.uj : No action taken.
      [332] VM_009D0000 -> Downloader.Agent.uj : No action taken.
      [660] VM_008B0000 -> Downloader.Agent.uj : No action taken.
      [684] VM_00910000 -> Downloader.Agent.uj : No action taken.
      [708] VM_00A60000 -> Downloader.Agent.uj : No action taken.
      [720] VM_008A0000 -> Downloader.Agent.uj : No action taken.
      [756] VM_00330000 -> Downloader.Agent.uj : No action taken.
      [804] VM_00D60000 -> Downloader.Agent.uj : No action taken.
      [828] VM_00B20000 -> Downloader.Agent.uj : No action taken.
      [860] VM_008D0000 -> Downloader.Agent.uj : No action taken.
      [300] VM_003B0000 -> Trojan.DNSChanger.ef : No action taken.
      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP172\A0120549.exe -> Trojan.Hoster : No action taken.
      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP172\A0120550.exe -> Trojan.Puper.bx : No action taken.
      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP172\A0120551.exe -> Trojan.Small.gq : No action taken.


      ::Report end

      Et de BitDefender :


      BitDefender Online Scanner



      Scan report generated at: Tue, Jul 04, 2006 - 22:13:16





      Scan path: A:\;C:\;D:\;E:\;G:\;H:\;







      Statistics

      Time
      01:12:39

      Files
      310883

      Folders
      4824

      Boot Sectors
      4

      Archives
      33127

      Packed Files
      21187




      Results

      Identified Viruses
      4

      Infected Files
      14

      Suspect Files
      0

      Warnings
      0

      Disinfected
      0

      Deleted Files
      14




      Engines Info

      Virus Definitions
      406161

      Engine build
      AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

      Scan plugins
      13

      Archive plugins
      39

      Unpack plugins
      5

      E-mail plugins
      6

      System plugins
      1




      Scan Settings

      First Action
      Disinfect

      Second Action
      Delete

      Heuristics
      Yes

      Enable Warnings
      Yes

      Scanned Extensions
      *;

      Exclude Extensions


      Scan Emails
      Yes

      Scan Archives
      Yes

      Scan Packed
      Yes

      Scan Files
      Yes

      Scan Boot
      Yes




      Scanned File
      Status

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP169\A0115779.exe
      Infected with: Trojan.Small.BM

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP169\A0115779.exe
      Disinfection failed

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP169\A0115779.exe
      Deleted

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP169\A0115814.exe
      Infected with: Trojan.Small.BM

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP169\A0115814.exe
      Disinfection failed

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP169\A0115814.exe
      Deleted

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP169\A0116814.exe
      Infected with: Trojan.Small.BM

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP169\A0116814.exe
      Disinfection failed

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP169\A0116814.exe
      Deleted

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP169\A0116825.exe
      Infected with: Trojan.Small.BM

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP169\A0116825.exe
      Disinfection failed

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP169\A0116825.exe
      Deleted

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP169\A0117825.exe
      Infected with: Trojan.Small.BM

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP169\A0117825.exe
      Disinfection failed

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP169\A0117825.exe
      Deleted

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP171\A0118362.exe
      Infected with: Trojan.Small.BM

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP171\A0118362.exe
      Disinfection failed

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP171\A0118362.exe
      Deleted

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP171\A0119325.exe
      Infected with: Trojan.Small.BM

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP171\A0119325.exe
      Disinfection failed

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP171\A0119325.exe
      Deleted

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP171\A0119336.exe
      Infected with: Trojan.Small.BM

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP171\A0119336.exe
      Disinfection failed

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP171\A0119336.exe
      Deleted

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP171\A0120337.exe
      Infected with: Trojan.Small.BM

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP171\A0120337.exe
      Disinfection failed

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP171\A0120337.exe
      Deleted

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP171\A0120349.exe
      Infected with: Trojan.Small.BM

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP171\A0120349.exe
      Disinfection failed

      C:\System Volume Information\_restore{47FBA0EF-3A28-40E5-84DD-6A98E251F041}\RP171\A0120349.exe
      Deleted

      C:\WINDOWS\system32\csbhp.exe
      Infected with: Trojan.Small.BM

      C:\WINDOWS\system32\csbhp.exe
      Disinfection failed

      C:\WINDOWS\system32\csbhp.exe
      Deleted

      C:\WINDOWS\system32\{2C455969-4FC4-4CE7-9CEC-0EE2628F96EB}.exe
      Infected with: Trojan.Agent.RI

      C:\WINDOWS\system32\{2C455969-4FC4-4CE7-9CEC-0EE2628F96EB}.exe
      Disinfection failed

      C:\WINDOWS\system32\{2C455969-4FC4-4CE7-9CEC-0EE2628F96EB}.exe
      Deleted

      C:\WINDOWS\system32\{2DE2D0F2-09A0-43F3-B396-4D4BE08A53E3}.exe
      Infected with: Trojan.Clicker.AA

      C:\WINDOWS\system32\{2DE2D0F2-09A0-43F3-B396-4D4BE08A53E3}.exe
      Disinfection failed

      C:\WINDOWS\system32\{2DE2D0F2-09A0-43F3-B396-4D4BE08A53E3}.exe
      Deleted

      C:\WINDOWS\Temp\_avast4_\unp77457611.tmp
      Infected with: Trojan.Fakealert

      C:\WINDOWS\Temp\_avast4_\unp77457611.tmp
      Disinfection failed

      C:\WINDOWS\Temp\_avast4_\unp77457611.tmp
      Deleted


      J'espère que je ne me suis pas gourré !!

      Merci pour ton support !!!!

      @+
      0
  2. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    non, tu n'es pas trompé, c'est juste qu'ilfaut refaire le scan de ewido, et à chaque fois qu'il te trouve un fichier infecté, il faut le supprimer !

    le regler sur " cleaned"

    ensuite remets un nouveau hijackthis stp

    ++
    0
    1. KRIK
       
      En fait je l'ai régler dans "settings" et j'ai mis "delete" !

      Et là un fois qu'il a trouvé des trucs à effacer, quand je lui dit
      "apply all actions" il me met "error while deleting" !!??
      0
  3. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    "apply all actions" il me met "error while deleting" !!??

    bizzar ...

    tu peux le mettre en français si tu veux ...

    remets un nouveau hijackthis stp

    ++
    0
    1. KRIK
       
      V'la le nouveau :

      Logfile of HijackThis v1.99.1
      Scan saved at 23:01:50, on 04/07/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
      C:\PROGRA~1\PESTPA~1\PPControl.exe
      C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
      C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
      C:\Program Files\Kerio\Personal Firewall\persfw.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\ewido anti-spyware 4.0\guard.exe
      C:\Program Files\ewido anti-spyware 4.0\ewido.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {783D8360-F687-DDF2-7A52-E9C7C0F1B0E6} - xxtoolbar.dll (file missing)
      O1 - Hosts: localhost 127.0.0.1
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
      O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
      O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
      O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [iixge.exe] C:\WINDOWS\system32\iixge.exe
      O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
      O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{46163A0F-F858-42DA-9EA9-191F6C9263DF}: NameServer = 85.255.115.34,85.255.112.63
      O17 - HKLM\System\CCS\Services\Tcpip\..\{E8ACB208-CC48-4CF6-8A4D-25AAF744457D}: NameServer = 85.255.115.34,85.255.112.63
      O17 - HKLM\System\CCS\Services\Tcpip\..\{EB2CC401-C025-4ADE-B852-0834BA7FC66E}: NameServer = 85.255.115.34,85.255.112.63
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
      O17 - HKLM\System\CS2\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
      O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
      0
  4. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    oula, il y a des lignes que je n'aime pas ...

    #Désactiver la Restauration du système

    * Cliquez sur le bouton Démarrer.
    * Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
    * Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs

    * relance FixWareout: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
    Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

    *Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis! dans ta prochaine réponse.

    ++

    ***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
    0
    1. KRIK
       
      Opération effectueé !!
      Vl'a les résultats :


      Fixwareout ver 1.003
      Last edited 07/1/2006
      Post this report in the forums please

      Reg Entries that were deleted
      ...

      Microsoft (R) Windows Script Host Version 5.6
      Random Runs removed from HKLM
      ...

      PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
      Example ipsec6.exe is legitimate

      »»»»» Search by size and names...
      * csr.exe C:\WINDOWS\System32\CSRUC.EXE

      »»»»» Misc files

      »»»»» Checking for older varients covered by the Rem3 tool

      »»»»»
      Search five digit cs, dm and jb files
      This WILL/CAN also list Legit Files, Submit them at Virustotal
      C:\WINDOWS\SYSTEM32\CSRUC.EXE 51 222 2006-07-03
      Other suspects
      Directory of C:\WINDOWS\system32
      {5F7AB4F2-6149-4283-A5E7-8C9C87010FF0}.exe
      {F95D74DB-6A76-4A45-9EF3-266B7864CE28}.exe
      {F227C695-2765-42A5-8EE1-2D71A0C9BD73}.exe
      {5AE663B4-8ADB-43FF-9281-4165AD2E27B0}.exe
      {9AB51BED-248E-4110-B10C-ED9AB49142F3}.exe
      {16AD7512-58B7-4F40-8B45-1F8E4AC43906}.exe
      {7A5DEDDD-C605-4541-BD37-6E9935D353A8}.exe
      {38329888-DCEE-4C28-8193-FAD1001711EC}.exe
      {1517780F-AC63-47E5-BBBD-592EFEBE22DA}.exe
      {ED832D0C-4CE9-4AFD-955A-78C4E1417276}.exe
      {7D9A4CBA-B1BB-4432-871C-F6BD79C6E42A}.exe
      {0DE06D73-549D-4B1D-A8FC-002EF90174EE}.exe
      {C1EB866B-65A1-4039-A52F-5C41C19E2F24}.exe
      {2CDE3550-56F7-436E-89A0-D21BEADFAE05}.exe
      {FC98D49E-9335-4BA7-BE15-267E24210D1A}.exe
      {FD0DDBDC-AE92-4BB3-8288-D16E825485AB}.exe
      {4C957B71-8F31-4C67-BAFC-EB5E76965743}.exe
      {39595F1D-9BDF-4894-A0F0-C7C8695C907F}.exe
      {C30B426B-CF44-447C-8044-61BC1C589F19}.exe
      {E7FE72FA-505B-43DD-8754-A7E9DA30F06F}.exe
      {AED3913C-12BA-4F2E-8918-2AC9349D9501}.exe
      {318C4EF6-2B1A-404C-8232-069E3D452559}.exe
      {56FFCC65-69BD-40BE-849E-E966C45831A3}.exe
      {DFB3BDC9-7FC5-4C11-8CF5-FA0B2846D701}.exe
      {EF5A65D4-A8B8-4686-B483-FC133ECB6F08}.exe
      {30F014BC-2588-4C6C-BB34-CEF4682484B1}.exe
      {7282B461-0A29-464B-AB77-050147F8FC66}.exe
      {26FD9D8B-3F0A-4A48-A061-687E18D3830E}.exe
      {078B7211-37A5-479C-8CC6-8FEEAFFCD8F2}.exe
      {82E810E2-95FE-4DFA-8F0C-C96E174E950D}.exe
      {9CFE383F-5D09-4472-A48B-38A108F0A3D9}.exe
      {61841F93-EA19-4B13-A965-11EA02CFDF3A}.exe
      {4F01FF6E-C523-4BD4-9C56-AA15EF5C534E}.exe
      {C59030AF-2A50-4D4E-B1DE-8E21DB8BA2B6}.exe
      {2BDA9517-4158-4F38-A754-A96E4A5F7884}.exe
      {FB21D001-576C-45F8-9F71-B0E5F6C198FC}.exe
      {A60C6919-2B93-42C0-87FC-ED6BC24090F3}.exe
      {6AD45F40-0D5A-4303-9201-1B88A9FBFCC4}.exe
      {799943D1-DE3E-4380-BF53-F7A69C4B8935}.exe
      {2FD2B644-FC0C-4AF9-8242-1416D2A2A128}.exe
      {79CF8122-78FA-4FCE-B436-4B15F68424B9}.exe
      {51B3BA71-3C55-4401-9F8B-96A5A578642D}.exe
      {7C2F4FA3-9959-4AB0-99E0-63E532644558}.exe
      {32CA4B4E-324F-429C-B25D-959F62D89823}.exe
      {D8AEB5D5-A6D1-4A05-A5A2-589631E00ED9}.exe
      {AF21DB9F-823A-45F6-9929-44E2A1775CE1}.exe
      {32C7D437-3021-44C2-9589-C3AA794D4FCE}.exe
      {A27290FB-C420-447B-BA9B-4E8BCE9C763E}.exe
      {6786BB1A-9EB0-4AE4-B8CA-479F4C201D73}.exe
      {2A86A389-10F7-4AE2-A43F-53A201D1FAE0}.exe
      {D6A5FB02-AF3A-4804-AC17-EBB2382F8D00}.exe
      {6ED11890-B6A6-4343-8D76-C8508416B30E}.exe
      {9D9564A7-3C22-43ED-864F-A2AB5CB9427A}.exe
      {3391049E-3625-4A05-B880-98890D41A668}.exe
      {CDDF4837-5BE7-4310-9B06-6A02302D7FE2}.exe
      {E8F592E7-57CA-4DD4-B494-9C3EC45952E7}.exe
      {61E2E809-B1B5-4B95-A2D0-D9A04108AB68}.exe
      {806E3BB5-687D-432E-82CF-51EB3BF1F702}.exe
      {820E9658-6263-4583-925A-06FCC849C5C4}.exe
      {B9BD672E-5DE0-4704-AABF-68C2E5AFB8AA}.exe
      {24F3ACF0-7451-42EF-82E6-DCDDF66AA03E}.exe
      {7F66AE93-CA56-4E88-95DC-58B309A7D9D7}.exe
      {90190E07-2EC1-427D-A89F-1CE6A3484EBF}.exe
      {7CC0EE4D-90D6-42FF-852B-0B66A154A3C5}.exe
      {92DE15E1-5765-4D62-A27B-5D39BA81765B}.exe
      {586FB5F8-491E-4C9C-8D52-D42AFA4A8B31}.exe
      {E39283B5-3C70-4B55-A002-37B138B942DA}.exe
      {8053D2D6-A9D6-4A85-A0EE-DFC90B4AA1FE}.exe
      {80601FC9-3A1B-4160-A50C-295EF4E35C10}.exe
      {A48F5071-ED08-4033-9963-6F34CE5709F3}.exe
      {12383227-2A4C-4D4E-99F4-0163B90B51E6}.exe
      {AE328040-02D0-4A44-84CB-69E7F66DECD3}.exe
      {B437D7FD-B5C8-4E09-AC41-53BC59772354}.exe
      {4E0284C7-6FE5-4BCC-8729-246E29CD97DB}.exe
      {BEDB91B1-A5A6-426B-8538-161C6458E8DA}.exe
      {56F5CF87-1A42-4AA7-B1D9-9AEA4141470A}.exe
      {FE1560DA-0E17-45FA-A39D-74BC692DDDC4}.exe
      {580DF9AE-E6D4-4AF5-A82F-967D7D826A43}.exe
      {4417C0E4-3AB2-4105-B689-E0A458D91009}.exe
      {50DE271A-9DB5-4293-A459-FBC47CAAA3DA}.exe
      {03587977-4F5B-45C2-B01B-4FBB2F0D0520}.exe
      {0AC70D07-DF10-4ADE-9AE8-9226A38184C0}.exe
      {530390AF-5249-40BA-BC5F-41E7E010A132}.exe
      {3EDF1FDB-F08D-4933-95B3-F3B556A02076}.exe
      {EF0FC0DA-A163-4A53-B8F4-CA289852E8D6}.exe
      {B3583D4F-90C1-4BE2-995E-3DE74BED5A79}.exe
      {CDA203CD-A347-42F8-B86F-FBCBB58DBD38}.exe
      {29A6FB01-7FE5-4716-A00B-9304BA4D26B2}.exe
      {92B2CB13-D7CA-497A-B735-D51A65FBE76D}.exe
      {3093213B-BA7C-49B2-98CB-CD3B5F74146F}.exe
      {C3B990D0-C60E-4893-B9A4-96C98DC4B2EE}.exe
      {6C1E0816-8211-492A-94D2-AC188C4F4A8D}.exe
      {ACF458EF-A9C7-4AB6-807F-D57CB9E4F10E}.exe
      {301DF7C8-18F3-46B5-99D5-28468D219431}.exe
      {5D279BB0-BB26-4904-91A1-DB07750561BA}.exe
      {009FEB93-7713-406A-925F-72D55E3BB029}.exe
      {AC2D4A11-FC70-4AE0-94E4-0D499AD27AF2}.exe
      {582370F8-1E3E-4D02-A69C-64E8D819B8FB}.exe
      {24671982-3454-49CE-A5B6-BFF5A043E522}.exe
      {5823CAB4-E697-4E82-A8AD-CD8BEC88788E}.exe
      {816A63A0-F046-4092-B3E7-6180ECB37AE6}.exe
      {6DD6F4C4-BF53-4BED-AE95-3821A790467E}.exe
      {E60B43E0-1B40-46F5-A509-92A518631E05}.exe
      {68B8DF53-C326-407F-9AF8-F9076AF9DA34}.exe
      {EA979702-B37E-46F3-B70B-7C0F4E39084F}.exe
      {931411AB-4559-49AA-A1A1-FB12889EDFB3}.exe
      {4813034E-7706-4050-ADF4-1AB194DDD1C5}.exe
      {93391648-AA2D-420B-AB21-4097D5AC4605}.exe
      {D82AF41B-4B62-48ED-BC5C-E5F5E46B8D0E}.exe
      {4C719F8B-1CAF-4DB6-B62E-7CAEFC6CBD58}.exe
      {ECEC6C27-F262-4717-9223-C836A80CF4DC}.exe
      {50F733CA-FEE0-470D-85EC-13B357F1C588}.exe
      {9FFAD029-7B50-4DAF-AF7C-A7E3B3E41A32}.exe
      {996F1F1A-833B-4B58-8968-F1383AD5B2F3}.exe
      {766D994A-7093-4998-B725-6A13602DBCF0}.exe
      {6AF09EC6-28EB-4739-A86B-C74C1B86CC13}.exe
      {6F691674-27CE-41F5-BF33-CBAE3C22DBC1}.exe
      {A68F6BC7-6FA6-43C1-BDCC-94E9A99D9269}.exe
      {7093D186-A091-454E-8676-F5D687934A00}.exe
      {03FD025F-8B7A-422C-8F85-98BB41D9F784}.exe
      {415880C7-8D4B-42B2-81FC-6AF62D206860}.exe
      {D4054F1B-0320-4416-9A51-8454B3D8F27F}.exe
      {54B95EE4-9024-4143-824A-47720AC98C9F}.exe
      {3B9B0664-8BEB-495C-BFF8-B687C5186B11}.exe
      {0F7DDFDE-69B6-40E3-BD63-F9847937BD83}.exe
      {8C9A58F6-6D73-4B72-9941-3C650890E6C2}.exe
      {94101D68-7C72-4AF1-87D4-2F324B36305A}.exe
      {5EE21CD2-9DE3-4F88-A463-03439C89C5AC}.exe
      {5CDDCD72-3DF1-44E5-89CE-8D03BD82BB08}.exe
      {E639BE72-59D9-47DE-B8CD-4E6BBF52AAA7}.exe
      {D432A430-D245-48B7-B099-F85E0D72CDB7}.exe
      {2B324DA8-9CAE-4BF8-9FCC-B21F9C25BA4B}.exe
      {DBA668E6-CCEF-4F24-8E0D-B3F1CA7902DE}.exe
      {52BB78F5-9F43-4246-8B66-4A5B3D776DD0}.exe
      {70247F61-26CE-46DE-9D55-5733FF062745}.exe
      {71E8DD49-1535-4636-9173-0C05C897CF51}.exe
      {441E2380-916B-4279-A368-D1FCD7F5470B}.exe
      {2BABE508-C378-4C26-8105-527ECD6012EB}.exe
      {46F9CD9B-9251-49A0-8B7B-3305BEF646B1}.exe
      {A6D3BB4F-91C4-4E09-BC15-3D468E2F231D}.exe
      {2976A9DD-F516-482F-8B27-4DFE802F87B3}.exe
      {0EAC0640-0169-47AF-BC47-929978D41417}.exe
      {3DC66F8B-75B4-4AD0-9553-78D30296B389}.exe
      {C3B622F8-65FD-4CB5-8C77-2AEEA30DEF70}.exe
      {354EAF05-ED9E-4213-9868-936BBA3C6402}.exe
      {74A3905C-43A1-45D2-9212-EF26EDA9337B}.exe
      {66D11742-F533-4DF4-8382-61A52DDC5192}.exe
      {F081AD62-2C4C-46A8-A952-3867D66FC934}.exe
      {9FC07192-5B6E-4365-BDCC-0617C8D1DA99}.exe
      {B9E54C4E-0B66-4A5F-B0B9-9BE0B2142D86}.exe
      {6C5D1DC9-A6FB-4BFA-ACA8-CF9B64758A81}.exe
      {52EE5461-B97D-4733-B795-A543FD04DB81}.exe
      {B52A0AC6-6E95-4752-8DD7-3E0C4CA9776F}.exe
      {E16688B6-7D3F-4D17-BD46-B0B00B717296}.exe



      Voilà le log Hijackthis:


      Logfile of HijackThis v1.99.1
      Scan saved at 23:20:41, on 04/07/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\ewido anti-spyware 4.0\guard.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Kerio\Personal Firewall\persfw.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
      C:\PROGRA~1\PESTPA~1\PPControl.exe
      C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
      C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\ewido anti-spyware 4.0\ewido.exe
      C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {783D8360-F687-DDF2-7A52-E9C7C0F1B0E6} - xxtoolbar.dll (file missing)
      O1 - Hosts: localhost 127.0.0.1
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
      O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
      O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
      O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
      O4 - HKLM\..\Run: [vohka.exe] C:\WINDOWS\system32\vohka.exe
      O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
      O17 - HKLM\System\CCS\Services\Tcpip\..\{46163A0F-F858-42DA-9EA9-191F6C9263DF}: NameServer = 85.255.115.34,85.255.112.63
      O17 - HKLM\System\CCS\Services\Tcpip\..\{E8ACB208-CC48-4CF6-8A4D-25AAF744457D}: NameServer = 85.255.115.34,85.255.112.63
      O17 - HKLM\System\CCS\Services\Tcpip\..\{EB2CC401-C025-4ADE-B852-0834BA7FC66E}: NameServer = 85.255.115.34,85.255.112.63
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
      O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
      O17 - HKLM\System\CS3\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe



      Merci
      @+
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    ok, pti teste :

    Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

    O17 - HKLM\System\CCS\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\..\{46163A0F-F858-42DA-9EA9-191F6C9263DF}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E8ACB208-CC48-4CF6-8A4D-25AAF744457D}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EB2CC401-C025-4ADE-B852-0834BA7FC66E}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
    O17 - HKLM\System\CS3\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63

    ensuite remets un nouveau hijackthis

    ++
    0
    1. KRIK Messages postés 12 Statut Membre
       
      Voilà pour ton test !!

      Logfile of HijackThis v1.99.1
      Scan saved at 18:39:09, on 05/07/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\ewido anti-spyware 4.0\guard.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Kerio\Personal Firewall\persfw.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
      C:\PROGRA~1\PESTPA~1\PPControl.exe
      C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
      C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
      C:\Program Files\ewido anti-spyware 4.0\ewido.exe
      C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {783D8360-F687-DDF2-7A52-E9C7C0F1B0E6} - xxtoolbar.dll (file missing)
      O1 - Hosts: localhost 127.0.0.1
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
      O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
      O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
      O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
      O4 - HKLM\..\Run: [rmjpe.exe] C:\WINDOWS\system32\rmjpe.exe
      O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

      Merci
      0
  7. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    c'est beaucoup mieux :)

    Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

    O4 - HKLM\..\Run: [rmjpe.exe] C:\WINDOWS\system32\rmjpe.exe
    R3 - URLSearchHook: (no name) - {783D8360-F687-DDF2-7A52-E9C7C0F1B0E6} - xxtoolbar.dll (file missing)
    O1 - Hosts: localhost 127.0.0.1

    ensuite passe ewido et poste le rapport stp

    precise tes soucis s'il en reste

    ++

    ***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
    0
    1. KRIK Messages postés 12 Statut Membre
       
      Salut,

      J'ai refait le HijackThis et je suis entrain de scanner avec Ewido !
      J'avais juste fait avant un scan de la mémoire et il m'a trouvé 2 trucs:
      -Downloader.Agent.uj avec un risque "High"
      -Trojan.DNSChanger.ef " " " "

      J'ai ensuite essayer de les supprimer et il me dit qu'il y a eu une erreur quand il a essaye de les supprimer ( meme message que l'autre jour)!!

      Donc je sais pas trop...
      Je t'envoi le rapport quand il est terminé !

      Merci
      0
  8. KRIK Messages postés 12 Statut Membre
     
    Voici le rapport !

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 19:30:28 06/07/2006

    + Scan result:

    C:\WINDOWS\system32\csruc.exe -> Downloader.Agent.uj : Cleaned.
    [2568] VM_00280000 -> Downloader.Agent.uj : Error during cleaning.
    [2808] VM_00280000 -> Downloader.Agent.uj : Error during cleaning.
    [2820] VM_00420000 -> Downloader.Agent.uj : Error during cleaning.
    [2836] VM_003E0000 -> Downloader.Agent.uj : Error during cleaning.
    [2884] VM_00880000 -> Downloader.Agent.uj : Error during cleaning.
    [2948] VM_00330000 -> Downloader.Agent.uj : Error during cleaning.
    [2980] VM_009E0000 -> Downloader.Agent.uj : Error during cleaning.
    [3264] VM_00260000 -> Downloader.Agent.uj : Error during cleaning.
    [804] VM_00D60000 -> Downloader.Agent.uj : Error during cleaning.
    [828] VM_00A00000 -> Downloader.Agent.uj : Error during cleaning.
    C:\Documents and Settings\Krik\Cookies\krik@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Krik\Cookies\krik@estat[1].txt -> TrackingCookie.Estat : Cleaned.
    C:\Documents and Settings\Krik\Cookies\krik@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
    C:\Documents and Settings\Krik\Cookies\krik@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
    [3508] VM_003E0000 -> Trojan.DNSChanger.ef : Error during cleaning.
    C:\WINDOWS\system32\{12383227-2A4C-4D4E-99F4-0163B90B51E6}.exe -> Trojan.Hoster : Cleaned.

    ::Report end

    J'ai supprimer les trucs qu'il a trouvé sauf les deux cité dans mon message d'avant car il n'a pas réussi à les virer !!
    0
  9. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    hello greenette

    cocher et fixer aussi ceci
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    quant à celle-ci :
    O4 - HKLM\..\Run: [rmjpe.exe]
    C:\WINDOWS\system32\rmjpe.exe
    faire contr^ler par
    http://www.virustotal.com/en/indexf.html
    et par
    https://virusscan.jotti.org/

    coller rapports ici
    0
  10. KRIK Messages postés 12 Statut Membre
     
    Salut,

    comment je fais pour faire vérifier ça?? :

    O4 - HKLM\..\Run: [rmjpe.exe]
    C:\WINDOWS\system32\rmjpe.exe

    Merci
    0
  11. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    re
    bis repetita du post 14

    C:\WINDOWS\system32\rmjpe.exe

    fais contrôler par :
    1/
    http://www.virustotal.com/en/indexf.html

    et par
    2/
    https://virusscan.jotti.org/

    évidemment si tu n entres pas sur les sites, tu ne peux pas lire les explications.....................
    0
  12. KRIK Messages postés 12 Statut Membre
     
    Mon souci c'est que je ne trouve pas ce fichier et lorsque je refait un scan avec Hijackthis ,cette ligne n'aparaît plus !!?

    J'ai refait un scan :

    Logfile of HijackThis v1.99.1
    Scan saved at 20:00:17, on 06/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Kerio\Personal Firewall\persfw.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [nxepk.exe] C:\WINDOWS\system32\nxepk.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\..\{46163A0F-F858-42DA-9EA9-191F6C9263DF}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E8ACB208-CC48-4CF6-8A4D-25AAF744457D}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EB2CC401-C025-4ADE-B852-0834BA7FC66E}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
    O17 - HKLM\System\CS3\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
    0
  13. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    si, elle est encore là, et les 017 aussi :-(

    est ce que ton parfeu est actif ???

    # Télécharge ceci: (merci a S!RI pour ce petit programme).

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
    voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
    il va générer un rapport : copie/colle le sur le poste stp.

    ++
    0
  14. KRIK Messages postés 12 Statut Membre
     
    SmitFraudFix v2.68b

    Rapport fait à 20:27:50,21, 06/07/2006
    Executé à partir de C:\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Krik\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Krik\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  15. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    ok, on va essaye autrement :

    Aller dans Démarrer > Panneau de configuration > Connexions > clic droit sur la connexion > Propriétés > onglet Gestion de réseau
    Mettre en surbrillance Protocole Internet (tcp/ip) puis cliquer sur le bouton Propriétés.
    Dans les options (serveur DNS préféré et serveur DNS auxiliaire) on trouvera une de ces adresses présentes dans le rapport hijackthis en ligne 017 =>(85.255.115.34 85.255.112.63)

    Pour les éliminer, cocher : "Obtenir les adresses des serveurs DNS automatiquement" puis cliquer 2 fois sur"Ok" et redémarrer le PC.

    ensuite remets un nouveau hijackthis stp

    ++

    ***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
    0
  16. KRIK Messages postés 12 Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 21:02:27, on 06/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Kerio\Personal Firewall\persfw.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [hujec.exe] C:\WINDOWS\system32\hujec.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\..\{46163A0F-F858-42DA-9EA9-191F6C9263DF}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EB2CC401-C025-4ADE-B852-0834BA7FC66E}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
    O17 - HKLM\System\CS3\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
    0
  17. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    # Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).

    fixe ces lignes

    O17 - HKLM\System\CCS\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\..\{46163A0F-F858-42DA-9EA9-191F6C9263DF}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EB2CC401-C025-4ADE-B852-0834BA7FC66E}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
    O17 - HKLM\System\CS3\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63

    et ensuite passe ewido et poste le rapport stp

    ++
    ***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
    0
  18. KRIK Messages postés 12 Statut Membre
     
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 20:20:25 07/07/2006

    + Scan result:

    [1844] VM_009D0000 -> Downloader.Agent.uj : No action taken.
    [644] VM_00D60000 -> Downloader.Agent.uj : No action taken.
    [668] VM_00BF0000 -> Downloader.Agent.uj : No action taken.
    C:\Documents and Settings\Krik\Cookies\krik@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
    C:\Documents and Settings\Krik\Cookies\krik@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Krik\Cookies\krik@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
    C:\Documents and Settings\Krik\Cookies\krik@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\Krik\Cookies\krik@estat[1].txt -> TrackingCookie.Estat : No action taken.
    C:\Documents and Settings\Krik\Cookies\krik@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.

    ::Report end
    0
  19. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    bsr
    no taken = pas d action entreprise
    règle ton ewido sur delete ou remove
    et recommence

    a moins que tu ne veuilles tt te peler à la main
    =======
    ah! pour ces 3 là :

    1844] VM_009D0000 -> Downloader.Agent.uj : No action taken.
    [644] VM_00D60000 -> Downloader.Agent.uj : No action taken.
    [668] VM_00BF0000 -> Downloader.Agent.uj : No action taken.

    procéde comme suit :

    * Erreur de nettoyage dans ewido

    Si vous rencontrez ce genre de probleme avec ewido:

    [2660] VM_00890000 -> Downloader.Agent.uj : Erreur durant le nettoyage
    [2728] VM_00BA0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
    [2984] VM_009A0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
    [3048] VM_00950000 -> Downloader.Agent.uj : Erreur durant le nettoyage

    Télécharger ceci :
    http://downloads.subratam.org/Fixwareout.exe
    Installer le et suivre la procédure,
    puis refaire un scan avec ewido en mode sans échec ; et de nouveau en mode normal.

    0
  20. KRIK Messages postés 12 Statut Membre
     
    Scan Ewido mode sans echec :

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 21:22:17 07/07/2006

    + Scan result:

    C:\Documents and Settings\Krik\Cookies\krik@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
    C:\Documents and Settings\Krik\Cookies\krik@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Krik\Cookies\krik@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Krik\Cookies\krik@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Krik\Cookies\krik@estat[1].txt -> TrackingCookie.Estat : Cleaned.
    C:\Documents and Settings\Krik\Cookies\krik@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
    C:\Documents and Settings\Krik\Cookies\krik@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\Krik\Cookies\krik@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\WINDOWS\system32\{09018660-6F5D-41E0-954F-5B35457FB6AD}.exe -> Trojan.Hoster : Cleaned.
    C:\WINDOWS\system32\{96EC06E5-F5D3-4B73-88CB-1B173A73B54B}.exe -> Trojan.Puper.bx : Cleaned.
    C:\WINDOWS\system32\{4C7A74D6-44FA-451B-90A4-06FF53070B25}.exe -> Trojan.Small.gq : Cleaned.

    ::Report end

    Scan Ewido mode normal:

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 21:42:53 07/07/2006

    + Scan result:

    [3044] VM_003E0000 -> Trojan.DNSChanger.ef : Error during cleaning.
    [684] VM_013C0000 -> Trojan.DNSChanger.ef : Error during cleaning.

    ::Report end

    Je suis tjrs ennuyer par ces deux là qu'Avast trouve :

    Win32:Trojan-gen. {Other}
    Win32:Small-TG [Trj]

    Merci
    0
  21. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    bsr
    as-tu fait ceci ?

    Si vous rencontrez ce genre de probleme avec ewido:

    [2660] VM_00890000 -> Downloader.Agent.uj : Erreur durant le nettoyage
    [2728] VM_00BA0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
    [2984] VM_009A0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
    [3048] VM_00950000 -> Downloader.Agent.uj : Erreur durant le nettoyage

    Télécharger ceci :
    http://downloads.subratam.org/Fixwareout.exe
    Installer le et suivre la procédure,
    0
  • 1
  • 2