Virus google
scope83
Messages postés
3
Statut
Membre
-
scope83 Messages postés 3 Statut Membre -
scope83 Messages postés 3 Statut Membre -
Bonjour a tous, je me suis pris le fameux virus de google qui renvoie les recherches sur des lien etrangers.
Comme j'ai vu que pas mal de personne avait eu ce probleme je vous envoie mon scan log de hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 12:18:34, on 23/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\windows\system32\winclean.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
C:\WINDOWS\system32\sistray.exe
C:\Nouveau dossier\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [winclean] c:\windows\system32\winclean.exe
O4 - HKLM\..\Run: [Microsoft WWW] C:\WINDOWS\inet20091\free.exe
O4 - Global Startup: SANTIS USB and PC Card Utility.lnk = C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?35000699000e4d8eaf693b331a2f855a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?35000699000e4d8eaf693b331a2f855a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0187AD81-422C-4A2A-A0CB-024FA41F7FF4}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AA62744-CBCC-44BE-A901-B899CD3D6213}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE3CBA53-CDEB-4C17-9AED-7DDBF4FDAE62}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{D695DE30-CD4A-48C6-AF0B-11E6B77E56E9}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\..\{0187AD81-422C-4A2A-A0CB-024FA41F7FF4}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O17 - HKLM\System\CS2\Services\Tcpip\..\{0187AD81-422C-4A2A-A0CB-024FA41F7FF4}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: dbf43reg - C:\Documents and Settings\All Users\Documents\Settings\dbf43.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
je n'arrive pas a m'en sortir seul alors si qq'un peut m'aider ce serait sympa
merci d'avance
Comme j'ai vu que pas mal de personne avait eu ce probleme je vous envoie mon scan log de hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 12:18:34, on 23/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\windows\system32\winclean.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
C:\WINDOWS\system32\sistray.exe
C:\Nouveau dossier\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [winclean] c:\windows\system32\winclean.exe
O4 - HKLM\..\Run: [Microsoft WWW] C:\WINDOWS\inet20091\free.exe
O4 - Global Startup: SANTIS USB and PC Card Utility.lnk = C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?35000699000e4d8eaf693b331a2f855a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?35000699000e4d8eaf693b331a2f855a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0187AD81-422C-4A2A-A0CB-024FA41F7FF4}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AA62744-CBCC-44BE-A901-B899CD3D6213}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE3CBA53-CDEB-4C17-9AED-7DDBF4FDAE62}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{D695DE30-CD4A-48C6-AF0B-11E6B77E56E9}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\..\{0187AD81-422C-4A2A-A0CB-024FA41F7FF4}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O17 - HKLM\System\CS2\Services\Tcpip\..\{0187AD81-422C-4A2A-A0CB-024FA41F7FF4}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: dbf43reg - C:\Documents and Settings\All Users\Documents\Settings\dbf43.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
je n'arrive pas a m'en sortir seul alors si qq'un peut m'aider ce serait sympa
merci d'avance
A voir également:
- Virus google
- Google maps satellite - Guide
- Google photo - Télécharger - Albums photo
- Dns google - Guide
- Créer un compte google - Guide
- Google drive - Accueil - Arnaque
3 réponses
Salut,, Télécharge FixWareout
http://downloads.subratam.org/Fixwareout.exe
* Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.
*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis! dans ta prochaine réponse.
http://downloads.subratam.org/Fixwareout.exe
* Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.
*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis! dans ta prochaine réponse.
voila j'ai fait ce que tu m'as demandé
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FD1E0313495D-4EF8-88F4-86F2-74ACE455{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\moumd
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmuom.exe"=-
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\XFIND.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\XFIND.COM
»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Other suspects.
Directory of C:\WINDOWS\system32
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.
Logfile of HijackThis v1.99.1
Scan saved at 18:37:20, on 23/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\windows\system32\winclean.exe
C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
C:\WINDOWS\system32\sistray.exe
C:\Nouveau dossier\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [winclean] c:\windows\system32\winclean.exe
O4 - HKLM\..\Run: [Microsoft WWW] C:\WINDOWS\inet20091\free.exe
O4 - Global Startup: SANTIS USB and PC Card Utility.lnk = C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?35000699000e4d8eaf693b331a2f855a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?35000699000e4d8eaf693b331a2f855a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0187AD81-422C-4A2A-A0CB-024FA41F7FF4}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AA62744-CBCC-44BE-A901-B899CD3D6213}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE3CBA53-CDEB-4C17-9AED-7DDBF4FDAE62}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{D695DE30-CD4A-48C6-AF0B-11E6B77E56E9}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\..\{0187AD81-422C-4A2A-A0CB-024FA41F7FF4}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O17 - HKLM\System\CS2\Services\Tcpip\..\{0187AD81-422C-4A2A-A0CB-024FA41F7FF4}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: dbf43reg - C:\Documents and Settings\All Users\Documents\Settings\dbf43.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FD1E0313495D-4EF8-88F4-86F2-74ACE455{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\moumd
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmuom.exe"=-
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\XFIND.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\XFIND.COM
»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Other suspects.
Directory of C:\WINDOWS\system32
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.
Logfile of HijackThis v1.99.1
Scan saved at 18:37:20, on 23/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\windows\system32\winclean.exe
C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
C:\WINDOWS\system32\sistray.exe
C:\Nouveau dossier\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [winclean] c:\windows\system32\winclean.exe
O4 - HKLM\..\Run: [Microsoft WWW] C:\WINDOWS\inet20091\free.exe
O4 - Global Startup: SANTIS USB and PC Card Utility.lnk = C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?35000699000e4d8eaf693b331a2f855a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?35000699000e4d8eaf693b331a2f855a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0187AD81-422C-4A2A-A0CB-024FA41F7FF4}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AA62744-CBCC-44BE-A901-B899CD3D6213}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE3CBA53-CDEB-4C17-9AED-7DDBF4FDAE62}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{D695DE30-CD4A-48C6-AF0B-11E6B77E56E9}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\..\{0187AD81-422C-4A2A-A0CB-024FA41F7FF4}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O17 - HKLM\System\CS2\Services\Tcpip\..\{0187AD81-422C-4A2A-A0CB-024FA41F7FF4}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: dbf43reg - C:\Documents and Settings\All Users\Documents\Settings\dbf43.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
