Problème a mon demarrage pc
hart07
Messages postés
173
Statut
Membre
-
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
lors du démarrage de mon pc quand j'arrive sur le bureau ( windows xp) l'ordi se bloque et impossible d'effectuer une tache.
obliger de relancer et a plusiquers fois.
je vous donne l'analyse hijackthis de mon pc
merci de me dire ce qu'il faut supprimer car je pense que c'est un trojan ou virus.
de plus lors de certaine recherche sur le net je tombe sur des moteurs de recherches bizarre ou des pages non demandé.
merci a vous
Logfile of HijackThis v1.99.1
Scan saved at 21:50:22, on 18/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\system32\pdplusnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Recuperation de c avant\dc++\antivirus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {44AD4A67-38E0-A5E4-34F7-5F4F034C312D} - runload32.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 205.238.40.50 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.57 c3310.z1301.winmx.com c3520.z1301.winmx.com
O1 - Hosts: 205.238.40.58 c3310.z1302.winmx.com c3520.z1302.winmx.com
O1 - Hosts: 205.238.40.59 c3310.z1303.winmx.com c3520.z1303.winmx.com
O1 - Hosts: 205.238.40.60 c3310.z1304.winmx.com c3520.z1304.winmx.com
O1 - Hosts: 205.238.40.61 c3310.z1305.winmx.com c3520.z1305.winmx.com
O1 - Hosts: 205.238.40.62 c3310.z1306.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com test3203.winmx.com test3207.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com test3202.winmx.com test3206.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com test3201.winmx.com test3205.winmx.com
O1 - Hosts: 82.43.224.20 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com test3204.winmx.com test3208.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.195.155.6 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.195.155.7 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 212.227.104.169 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [RunpdplusManager] pdplusnt.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [bhoserv] SpyElim.exe
O4 - HKCU\..\Run: [sound64] keybdll.exe
O4 - HKCU\..\Run: [vxdman] FLKPT.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44154383-5515-44E8-8C4E-37D1CB8F9656}: NameServer = 85.255.113.204,85.255.112.232
O17 - HKLM\System\CCS\Services\Tcpip\..\{612C5166-DD31-4295-9078-29824E2EAD4B}: NameServer = 85.255.113.204,85.255.112.232
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACEBF974-565F-4A08-8E7D-D0C2416AC7A6}: NameServer = 85.255.113.204 85.255.112.232
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.232
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.232
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.232
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: libmp3 - C:\WINDOWS\Config\libmp3.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
obliger de relancer et a plusiquers fois.
je vous donne l'analyse hijackthis de mon pc
merci de me dire ce qu'il faut supprimer car je pense que c'est un trojan ou virus.
de plus lors de certaine recherche sur le net je tombe sur des moteurs de recherches bizarre ou des pages non demandé.
merci a vous
Logfile of HijackThis v1.99.1
Scan saved at 21:50:22, on 18/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\system32\pdplusnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Recuperation de c avant\dc++\antivirus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {44AD4A67-38E0-A5E4-34F7-5F4F034C312D} - runload32.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 205.238.40.50 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.57 c3310.z1301.winmx.com c3520.z1301.winmx.com
O1 - Hosts: 205.238.40.58 c3310.z1302.winmx.com c3520.z1302.winmx.com
O1 - Hosts: 205.238.40.59 c3310.z1303.winmx.com c3520.z1303.winmx.com
O1 - Hosts: 205.238.40.60 c3310.z1304.winmx.com c3520.z1304.winmx.com
O1 - Hosts: 205.238.40.61 c3310.z1305.winmx.com c3520.z1305.winmx.com
O1 - Hosts: 205.238.40.62 c3310.z1306.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com test3203.winmx.com test3207.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com test3202.winmx.com test3206.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com test3201.winmx.com test3205.winmx.com
O1 - Hosts: 82.43.224.20 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com test3204.winmx.com test3208.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.195.155.6 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.195.155.7 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 212.227.104.169 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [RunpdplusManager] pdplusnt.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [bhoserv] SpyElim.exe
O4 - HKCU\..\Run: [sound64] keybdll.exe
O4 - HKCU\..\Run: [vxdman] FLKPT.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44154383-5515-44E8-8C4E-37D1CB8F9656}: NameServer = 85.255.113.204,85.255.112.232
O17 - HKLM\System\CCS\Services\Tcpip\..\{612C5166-DD31-4295-9078-29824E2EAD4B}: NameServer = 85.255.113.204,85.255.112.232
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACEBF974-565F-4A08-8E7D-D0C2416AC7A6}: NameServer = 85.255.113.204 85.255.112.232
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.232
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.232
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.232
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: libmp3 - C:\WINDOWS\Config\libmp3.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
A voir également:
- Problème a mon demarrage pc
- Forcer demarrage pc - Guide
- Pc lent au démarrage - Guide
- Reinitialiser pc au demarrage - Guide
- Problème démarrage windows 10 - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
3 réponses
Salut
un antivirus, un parfeu ???
tu es super infecté !!!
Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :
R3 - URLSearchHook: (no name) - {44AD4A67-38E0-A5E4-34F7-5F4F034C312D} - runload32.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
( toutes les 01 )
O1 - Hosts: 205.238.40.50 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.57 c3310.z1301.winmx.com c3520.z1301.winmx.com
O1 - Hosts: 205.238.40.58 c3310.z1302.winmx.com c3520.z1302.winmx.com
O1 - Hosts: 205.238.40.59 c3310.z1303.winmx.com c3520.z1303.winmx.com
O1 - Hosts: 205.238.40.60 c3310.z1304.winmx.com c3520.z1304.winmx.com
O1 - Hosts: 205.238.40.61 c3310.z1305.winmx.com c3520.z1305.winmx.com
O1 - Hosts: 205.238.40.62 c3310.z1306.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com test3203.winmx.com test3207.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com test3202.winmx.com test3206.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com test3201.winmx.com test3205.winmx.com
O1 - Hosts: 82.43.224.20 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com test3204.winmx.com test3208.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.195.155.6 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.195.155.7 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 212.227.104.169 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
ensuite :
Télécharge FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
* Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.
*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis! dans ta prochaine réponse.
et enfin installe un antivirus et un parfeu !
kerio
avast
++
**La volonté trouve, la liberté choisit. Trouver et choisir, c'est penser ( V.Hugo) **
un antivirus, un parfeu ???
tu es super infecté !!!
Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :
R3 - URLSearchHook: (no name) - {44AD4A67-38E0-A5E4-34F7-5F4F034C312D} - runload32.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
( toutes les 01 )
O1 - Hosts: 205.238.40.50 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.57 c3310.z1301.winmx.com c3520.z1301.winmx.com
O1 - Hosts: 205.238.40.58 c3310.z1302.winmx.com c3520.z1302.winmx.com
O1 - Hosts: 205.238.40.59 c3310.z1303.winmx.com c3520.z1303.winmx.com
O1 - Hosts: 205.238.40.60 c3310.z1304.winmx.com c3520.z1304.winmx.com
O1 - Hosts: 205.238.40.61 c3310.z1305.winmx.com c3520.z1305.winmx.com
O1 - Hosts: 205.238.40.62 c3310.z1306.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com test3203.winmx.com test3207.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com test3202.winmx.com test3206.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com test3201.winmx.com test3205.winmx.com
O1 - Hosts: 82.43.224.20 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com test3204.winmx.com test3208.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.195.155.6 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.195.155.7 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 212.227.104.169 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
ensuite :
Télécharge FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
* Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.
*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis! dans ta prochaine réponse.
et enfin installe un antivirus et un parfeu !
kerio
avast
++
**La volonté trouve, la liberté choisit. Trouver et choisir, c'est penser ( V.Hugo) **
merci a toi , voici le rapport du fix et un nouveau hijackthis :
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\nvtmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\cspmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2DE77D79A7CF-17EB-DB44-8C7A-391E55C8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}36A473ADA3EF-9028-54D4-653E-2CF78765{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\nfqmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1trap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\2trap
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmqfn.exe"=-
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSZOX.EXE 51 744 2006-10-17
C:\WINDOWS\SYSTEM32\DMEDG.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMFTA.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMHLZ.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMJWL.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMKAD.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMNXF.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMPNN.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMQDH.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMQFN.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMQWG.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMSAM.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMSFH.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMSLD.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMUZR.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMVHI.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMVSR.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMWFS.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMYCM.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMYCU.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMZWF.EXE 60 970 2004-08-20
Other suspects.
Directory of C:\WINDOWS\system32
{5AB892FB-34DA-4F23-A821-3BD99073E58D}.exe
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.
et maintenant le nouveau hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 00:55:00, on 19/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\system32\pdplusnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Recuperation de c avant\dc++\antivirus\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [RunpdplusManager] pdplusnt.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [bhoserv] SpyElim.exe
O4 - HKCU\..\Run: [sound64] keybdll.exe
O4 - HKCU\..\Run: [vxdman] FLKPT.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44154383-5515-44E8-8C4E-37D1CB8F9656}: NameServer = 85.255.113.204,85.255.112.232
O17 - HKLM\System\CCS\Services\Tcpip\..\{612C5166-DD31-4295-9078-29824E2EAD4B}: NameServer = 85.255.113.204,85.255.112.232
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACEBF974-565F-4A08-8E7D-D0C2416AC7A6}: NameServer = 85.255.113.204 85.255.112.232
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.232
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.232
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.232
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: libmp3 - C:\WINDOWS\Config\libmp3.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\nvtmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\cspmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2DE77D79A7CF-17EB-DB44-8C7A-391E55C8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}36A473ADA3EF-9028-54D4-653E-2CF78765{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\nfqmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1trap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\2trap
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmqfn.exe"=-
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSZOX.EXE 51 744 2006-10-17
C:\WINDOWS\SYSTEM32\DMEDG.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMFTA.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMHLZ.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMJWL.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMKAD.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMNXF.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMPNN.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMQDH.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMQFN.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMQWG.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMSAM.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMSFH.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMSLD.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMUZR.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMVHI.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMVSR.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMWFS.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMYCM.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMYCU.EXE 60 970 2004-08-20
C:\WINDOWS\SYSTEM32\DMZWF.EXE 60 970 2004-08-20
Other suspects.
Directory of C:\WINDOWS\system32
{5AB892FB-34DA-4F23-A821-3BD99073E58D}.exe
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.
et maintenant le nouveau hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 00:55:00, on 19/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\system32\pdplusnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Recuperation de c avant\dc++\antivirus\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [RunpdplusManager] pdplusnt.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [bhoserv] SpyElim.exe
O4 - HKCU\..\Run: [sound64] keybdll.exe
O4 - HKCU\..\Run: [vxdman] FLKPT.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44154383-5515-44E8-8C4E-37D1CB8F9656}: NameServer = 85.255.113.204,85.255.112.232
O17 - HKLM\System\CCS\Services\Tcpip\..\{612C5166-DD31-4295-9078-29824E2EAD4B}: NameServer = 85.255.113.204,85.255.112.232
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACEBF974-565F-4A08-8E7D-D0C2416AC7A6}: NameServer = 85.255.113.204 85.255.112.232
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.232
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.232
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.232
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: libmp3 - C:\WINDOWS\Config\libmp3.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Salut
oups! j'avais pas fais atention, tu as un antivirus !
mais il faut installer un parfeu ! ( cf kerio )
# Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RunpdplusManager] pdplusnt.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [bhoserv] SpyElim.exe
O4 - HKCU\..\Run: [sound64] keybdll.exe
O4 - HKCU\..\Run: [vxdman] FLKPT.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O17 - HKLM\System\CCS\Services\Tcpip\..\{44154383-5515-44E8-8C4E-37D1CB8F9656}: NameServer = 85.255.113.204,85.255.112.232
O17 - HKLM\System\CCS\Services\Tcpip\..\{612C5166-DD31-4295-9078-29824E2EAD4B}: NameServer = 85.255.113.204,85.255.112.232
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACEBF974-565F-4A08-8E7D-D0C2416AC7A6}: NameServer = 85.255.113.204 85.255.112.232
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.232
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.232
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.232
O20 - Winlogon Notify: libmp3 - C:\WINDOWS\Config\libmp3.dll (file missing)
ensuiet télécharge ceci et execute les :
# CleanUp40 (qui élimine les fichiers temporaires + cookies : gratuit )
pageperso.aol.fr/Balltrap34/CleanUp40.exe
tuto : (merci à Balltrap) pageperso.aol.fr/balltrap34/democleanup.htm
# Ccleaner : Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .
*Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle
est cochée) puis clique sur "lancer le nettoyage"
ccleaner
tuto: www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
et enfin !
fais le 1/ et 2/ de ce lien stp :
virus methode preliminaire de desinfection version fr
precise tes soucis s'il en reste
++
**La volonté trouve, la liberté choisit. Trouver et choisir, c'est penser ( V.Hugo) **
oups! j'avais pas fais atention, tu as un antivirus !
mais il faut installer un parfeu ! ( cf kerio )
# Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RunpdplusManager] pdplusnt.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [bhoserv] SpyElim.exe
O4 - HKCU\..\Run: [sound64] keybdll.exe
O4 - HKCU\..\Run: [vxdman] FLKPT.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O17 - HKLM\System\CCS\Services\Tcpip\..\{44154383-5515-44E8-8C4E-37D1CB8F9656}: NameServer = 85.255.113.204,85.255.112.232
O17 - HKLM\System\CCS\Services\Tcpip\..\{612C5166-DD31-4295-9078-29824E2EAD4B}: NameServer = 85.255.113.204,85.255.112.232
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACEBF974-565F-4A08-8E7D-D0C2416AC7A6}: NameServer = 85.255.113.204 85.255.112.232
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.232
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.232
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.232
O20 - Winlogon Notify: libmp3 - C:\WINDOWS\Config\libmp3.dll (file missing)
ensuiet télécharge ceci et execute les :
# CleanUp40 (qui élimine les fichiers temporaires + cookies : gratuit )
pageperso.aol.fr/Balltrap34/CleanUp40.exe
tuto : (merci à Balltrap) pageperso.aol.fr/balltrap34/democleanup.htm
# Ccleaner : Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .
*Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle
est cochée) puis clique sur "lancer le nettoyage"
ccleaner
tuto: www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
et enfin !
fais le 1/ et 2/ de ce lien stp :
virus methode preliminaire de desinfection version fr
precise tes soucis s'il en reste
++
**La volonté trouve, la liberté choisit. Trouver et choisir, c'est penser ( V.Hugo) **
