[virus] driver cleaner intempestif
croisiere jaune
Messages postés
2
Statut
Membre
-
Regis59 Messages postés 21466 Statut Contributeur sécurité -
Regis59 Messages postés 21466 Statut Contributeur sécurité -
Bonjour,
Je me joins a la longue liste des victimes des pop-up Driver Cleaner qui s'ouvrent de maniere intempestives.
J'ai fait un scan avec HijackThis,
J'ai fait un scan avec VundoFix
(a noter les dates et heures correspondent au time zone de Vancouver, Canada)
Logfile of HijackThis v1.99.1
Scan saved at 7:53:29 AM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Cacheman\Cacheman.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
c:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\PROGRA~1\SONYER~1\Mobile\SYNCIN~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\my Download\NEW\antivirus\hijackthis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [manchuria] C:\WINDOWS\system32\manchuria.exe
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] c:\program files\softwin\bitdefender8\bdnagent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0080B5DC-0B70-41BE-A842-0793BB5A2B32}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D5B0BA9-AED4-4251-AB51-AC3ED0679AC0}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EB5A9EE-2836-423E-9B41-61829C47F5B9}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{5946EC3A-B95E-4A2B-A28D-E48EE6DED623}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{74FDA565-6AD1-4330-BA95-60B86FA20D5A}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4734038-FEC2-4E7F-A142-220EE5F5FF73}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2A901BF-B363-4FCA-B1A9-162C1F0B08B3}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.24 85.255.112.235
O17 - HKLM\System\CS1\Services\Tcpip\..\{0080B5DC-0B70-41BE-A842-0793BB5A2B32}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.24 85.255.112.235
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - (no file)
O20 - Winlogon Notify: NavLogon - c:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Rapport Vundo
undoFix V6.3.5
Checking Java version...
Sun Java not detected
Scan started at 9:04:36 AM 2/7/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.3.5
Checking Java version...
Sun Java not detected
Scan started at 11:20:26 AM 2/8/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.3.5
Checking Java version...
Sun Java not detected
Scan started at 8:02:22 AM 2/9/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.3.5
Checking Java version...
Sun Java not detected
Scan started at 8:12:07 AM 2/9/2007
Listing files found while scanning....
No infected files were found.
Merci de m'aider, cette fois je ne m'en sortirai pas tout seul....
Je me joins a la longue liste des victimes des pop-up Driver Cleaner qui s'ouvrent de maniere intempestives.
J'ai fait un scan avec HijackThis,
J'ai fait un scan avec VundoFix
(a noter les dates et heures correspondent au time zone de Vancouver, Canada)
Logfile of HijackThis v1.99.1
Scan saved at 7:53:29 AM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Cacheman\Cacheman.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
c:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\PROGRA~1\SONYER~1\Mobile\SYNCIN~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\my Download\NEW\antivirus\hijackthis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [manchuria] C:\WINDOWS\system32\manchuria.exe
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] c:\program files\softwin\bitdefender8\bdnagent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0080B5DC-0B70-41BE-A842-0793BB5A2B32}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D5B0BA9-AED4-4251-AB51-AC3ED0679AC0}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EB5A9EE-2836-423E-9B41-61829C47F5B9}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{5946EC3A-B95E-4A2B-A28D-E48EE6DED623}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{74FDA565-6AD1-4330-BA95-60B86FA20D5A}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4734038-FEC2-4E7F-A142-220EE5F5FF73}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2A901BF-B363-4FCA-B1A9-162C1F0B08B3}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.24 85.255.112.235
O17 - HKLM\System\CS1\Services\Tcpip\..\{0080B5DC-0B70-41BE-A842-0793BB5A2B32}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.24 85.255.112.235
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - (no file)
O20 - Winlogon Notify: NavLogon - c:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Rapport Vundo
undoFix V6.3.5
Checking Java version...
Sun Java not detected
Scan started at 9:04:36 AM 2/7/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.3.5
Checking Java version...
Sun Java not detected
Scan started at 11:20:26 AM 2/8/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.3.5
Checking Java version...
Sun Java not detected
Scan started at 8:02:22 AM 2/9/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.3.5
Checking Java version...
Sun Java not detected
Scan started at 8:12:07 AM 2/9/2007
Listing files found while scanning....
No infected files were found.
Merci de m'aider, cette fois je ne m'en sortirai pas tout seul....
A voir également:
- [virus] driver cleaner intempestif
- Hd cleaner - Télécharger - Optimisation
- Windows memory cleaner - Télécharger - Optimisation
- Adw cleaner - Télécharger - Antivirus & Antimalwares
- Cleaner pc gratuit - Télécharger - Nettoyage
- Duplicate cleaner free - Télécharger - Divers Utilitaires
1 réponse
Salut Le Canada,
Télécharge le FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.
Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes:
O17 - HKLM\System\CCS\Services\Tcpip\..\{0080B5DC-0B70-41BE-A842-0793BB5A2B32}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D5B0BA9-AED4-4251-AB51-AC3ED0679AC0}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EB5A9EE-2836-423E-9B41-61829C47F5B9}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{5946EC3A-B95E-4A2B-A28D-E48EE6DED623}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{74FDA565-6AD1-4330-BA95-60B86FA20D5A}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4734038-FEC2-4E7F-A142-220EE5F5FF73}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2A901BF-B363-4FCA-B1A9-162C1F0B08B3}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.24 85.255.112.235
O17 - HKLM\System\CS1\Services\Tcpip\..\{0080B5DC-0B70-41BE-A842-0793BB5A2B32}: NameServer = 85.255.114.24,85.255.112.235
Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.
A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.
Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis.
A+
Télécharge le FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.
Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes:
O17 - HKLM\System\CCS\Services\Tcpip\..\{0080B5DC-0B70-41BE-A842-0793BB5A2B32}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D5B0BA9-AED4-4251-AB51-AC3ED0679AC0}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EB5A9EE-2836-423E-9B41-61829C47F5B9}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{5946EC3A-B95E-4A2B-A28D-E48EE6DED623}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{74FDA565-6AD1-4330-BA95-60B86FA20D5A}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4734038-FEC2-4E7F-A142-220EE5F5FF73}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2A901BF-B363-4FCA-B1A9-162C1F0B08B3}: NameServer = 85.255.114.24,85.255.112.235
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.24 85.255.112.235
O17 - HKLM\System\CS1\Services\Tcpip\..\{0080B5DC-0B70-41BE-A842-0793BB5A2B32}: NameServer = 85.255.114.24,85.255.112.235
Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.
A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.
Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis.
A+
