Infesté par des spywares/trojans/adwares

papypapy29 Messages postés 105 Statut Membre -  
 -Shadow- -
Bonjour,

comme l'indique le titre de mon post, je suis totalement infesté...

Par quel bout prendre le problème ?

Merci d'avance pour votre iade.

Guillaume
Configuration: Windows XP
Internet Explorer 6.0

11 réponses

  1. -Shadow-
     
    Un antivirus résoudrait peut-être le problème. Tu n'y a pas pensé?
    0
  2. papypapy29 Messages postés 105 Statut Membre
     
    Voici le log de HiJackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:22:59, on 10/03/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\M-Audio Uno\UnoInst.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\System32\pctspk.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\runsql.exe
    C:\WINDOWS\svzip.exe
    C:\WINDOWS\sv.exe
    C:\WINDOWS\System32\actskin4z.exe
    C:\WINDOWS\svhoster.exe
    C:\WINDOWS\svx.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\svw.exe
    C:\WINDOWS\svc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    C:\Program Files\Citrix\ICA Client\pnagent.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\lxcecoms.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    O1 - Hosts: 124.217.251.159 google.dk
    O1 - Hosts: 124.217.251.159 google.se
    O1 - Hosts: 124.217.251.159 google.co.nz
    O1 - Hosts: 124.217.251.159 google.cn
    O1 - Hosts: 124.217.251.159 google.com.pr
    O1 - Hosts: 124.217.251.159 google.com.ca
    O1 - Hosts: 124.217.251.159 google.com.ch
    O1 - Hosts: 124.217.251.159 google.fi
    O1 - Hosts: 124.217.251.159 google.co.in
    O1 - Hosts: 124.217.251.159 google.co.uk
    O1 - Hosts: 124.217.251.159 google.lv
    O1 - Hosts: 124.217.251.159 google.co.hu
    O1 - Hosts: 124.217.251.159 google.lk
    O1 - Hosts: 124.217.251.159 google.com.au
    O1 - Hosts: 124.217.251.159 google.ru
    O1 - Hosts: 124.217.251.159 google.nl
    O1 - Hosts: 124.217.251.159 google.be
    O1 - Hosts: 124.217.251.159 google.de
    O1 - Hosts: 124.217.251.159 gogle.de
    O1 - Hosts: 124.217.251.159 googel.de
    O1 - Hosts: 124.217.251.159 google.ro
    O1 - Hosts: 124.217.251.159 google.kz
    O1 - Hosts: 124.217.251.159 google.by
    O1 - Hosts: 124.217.251.159 google.no
    O1 - Hosts: 124.217.251.159 google.pl
    O1 - Hosts: 124.217.251.159 google.com.pl
    O1 - Hosts: 124.217.251.159 google.es
    O1 - Hosts: 124.217.251.159 google.pt
    O1 - Hosts: 124.217.251.159 google.com.br
    O1 - Hosts: 124.217.251.159 google.vc
    O1 - Hosts: 124.217.251.159 google.co.za
    O1 - Hosts: 124.217.251.159 google.tm
    O1 - Hosts: 124.217.251.159 google.com.my
    O1 - Hosts: 124.217.251.159 google.bg
    O1 - Hosts: 124.217.251.159 google.co.jp
    O1 - Hosts: 124.217.251.159 google.ie
    O1 - Hosts: 124.217.251.159 google.co.ck
    O1 - Hosts: 124.217.251.159 google.com.mx
    O1 - Hosts: 124.217.251.159 google.com.om
    O1 - Hosts: 124.217.251.159 google.fr
    O1 - Hosts: 124.217.251.159 google.mu
    O1 - Hosts: 124.217.251.159 google.com.ph
    O1 - Hosts: 124.217.251.159 google.com.jm
    O1 - Hosts: 124.217.251.159 google.com
    O1 - Hosts: 124.217.251.159 google.us
    O1 - Hosts: 124.217.251.159 google.ro
    O1 - Hosts: 124.217.251.159 www.google.dk
    O1 - Hosts: 124.217.251.159 www.google.se
    O1 - Hosts: 124.217.251.159 www.google.co.nz
    O1 - Hosts: 124.217.251.159 www.google.cn
    O1 - Hosts: 124.217.251.159 www.google.com.pr
    O1 - Hosts: 124.217.251.159 www.google.com.ca
    O1 - Hosts: 124.217.251.159 www.google.com.ch
    O1 - Hosts: 124.217.251.159 www.google.fi
    O1 - Hosts: 124.217.251.159 www.google.co.in
    O1 - Hosts: 124.217.251.159 www.google.co.uk
    O1 - Hosts: 124.217.251.159 www.google.lv
    O1 - Hosts: 124.217.251.159 www.google.co.hu
    O1 - Hosts: 124.217.251.159 www.google.lk
    O1 - Hosts: 124.217.251.159 www.google.com.au
    O1 - Hosts: 124.217.251.159 www.google.ru
    O1 - Hosts: 124.217.251.159 www.google.nl
    O1 - Hosts: 124.217.251.159 www.google.be
    O1 - Hosts: 124.217.251.159 www.google.de
    O1 - Hosts: 124.217.251.159 www.gogle.de
    O1 - Hosts: 124.217.251.159 www.googel.de
    O1 - Hosts: 124.217.251.159 www.google.ro
    O1 - Hosts: 124.217.251.159 www.google.kz
    O1 - Hosts: 124.217.251.159 www.google.by
    O1 - Hosts: 124.217.251.159 www.google.no
    O1 - Hosts: 124.217.251.159 www.google.pl
    O1 - Hosts: 124.217.251.159 www.google.com.pl
    O1 - Hosts: 124.217.251.159 www.google.es
    O1 - Hosts: 124.217.251.159 www.google.pt
    O1 - Hosts: 124.217.251.159 www.google.com.br
    O1 - Hosts: 124.217.251.159 www.google.vc
    O1 - Hosts: 124.217.251.159 www.google.co.za
    O1 - Hosts: 124.217.251.159 www.google.tm
    O1 - Hosts: 124.217.251.159 www.google.com.my
    O1 - Hosts: 124.217.251.159 www.google.bg
    O1 - Hosts: 124.217.251.159 www.google.co.jp
    O1 - Hosts: 124.217.251.159 www.google.ie
    O1 - Hosts: 124.217.251.159 www.google.co.ck
    O1 - Hosts: 124.217.251.159 www.google.com.mx
    O1 - Hosts: 124.217.251.159 www.google.com.om
    O1 - Hosts: 124.217.251.159 www.google.fr
    O1 - Hosts: 124.217.251.159 www.google.mu
    O1 - Hosts: 124.217.251.159 www.google.com.ph
    O1 - Hosts: 124.217.251.159 www.google.com.jm
    O1 - Hosts: 124.217.251.159 www.google.com
    O1 - Hosts: 124.217.251.159 www.google.us
    O1 - Hosts: 124.217.251.159 www.google.ro
    O1 - Hosts: 124.217.251.159 www.video.google.com
    O1 - Hosts: 124.217.251.159 www.maps.google.com
    O1 - Hosts: 124.217.251.159 www.groups.google.com
    O1 - Hosts: 124.217.251.159 www.news.google.com
    O1 - Hosts: 124.217.251.159 www.images.google.com
    O1 - Hosts: 124.217.251.159 www.earth.google.com
    O1 - Hosts: 124.217.251.159 www.code.google.com
    O1 - Hosts: 124.217.251.159 www.directory.google.com
    O1 - Hosts: 124.217.251.159 www.labs.google.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [zi7oq41p8d] C:\WINDOWS\system32\zi7oq41p8d.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [runsql] C:\WINDOWS\runsql.exe
    O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe
    O4 - HKLM\..\Run: [netsv32] C:\WINDOWS\sv.exe
    O4 - HKLM\..\Run: [net64] C:\WINDOWS\svhoster.exe
    O4 - HKLM\..\Run: [IEUpdate] C:\WINDOWS\System32\actskin4z.exe
    O4 - HKLM\..\Run: [netx] C:\WINDOWS\svx.exe
    O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe
    O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\System32\1054l.exe
    O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe
    O4 - HKLM\..\RunServices: [IEUpdate] C:\WINDOWS\System32\actskin4z.exe
    O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\System32\1054l.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [IEUpdate] C:\WINDOWS\System32\actskin4z.exe
    O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\System32\1054l.exe
    O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\System32\actskin4z.exe
    O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\System32\1054l.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1004\..\RunServices: [IEUpdate] C:\WINDOWS\System32\actskin4z.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://newdesk.eur.sgcib.com/ICAWEB/en/ica32/wficat.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcecoms.exe
    O23 - Service: M-Audio Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
    0
  3. -Shadow-
     
    Redémarre en mode sans échec et supprime tout ça, ils sont dans C:\WINDOWS ou C:\WINDOWS\System32:
    runsql.exe
    svzip.exe
    sv.exe
    svhoster.exe
    svx.exe
    svw.exe
    svc.exe
    1054l.exe
    actskin4z.exe
    

    Puis coche toutes les cases avec ça, puis cliques sur FIX CHECKED:
    O4 - HKLM\..\Run: [runsql] C:\WINDOWS\runsql.exe
    O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe
    O4 - HKLM\..\Run: [netsv32] C:\WINDOWS\sv.exe
    O4 - HKLM\..\Run: [net64] C:\WINDOWS\svhoster.exe
    O4 - HKLM\..\Run: [IEUpdate] C:\WINDOWS\System32\actskin4z.exe
    O4 - HKLM\..\Run: [netx] C:\WINDOWS\svx.exe
    O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe 
    O4 - HKLM\..\Run: [IEUpdate] C:\WINDOWS\System32\actskin4z.exe
    O4 - HKLM\..\Run: [netx] C:\WINDOWS\svx.exe
    O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe
    O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\System32\1054l.exe
    O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe
    O4 - HKLM\..\RunServices: [IEUpdate] C:\WINDOWS\System32\actskin4z.exe
    O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\System32\1054l.exe 
    

    Ensuite, comme c'est une suppression à la main, fais un lavage avec Spybot et CCleaner pour balayer les autres spywares :

    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    @+
    0
  4. papypapy29 Messages postés 105 Statut Membre
     
    C'est la galère, j'arrive à me connecter à peu près 2mn avant que ça décroche ...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:58:54, on 13/03/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\mgmrwmrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    F3 - REG:win.ini: run=C:\WINDOWS\mmhren1.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
    O1 - Hosts: 124.217.251.159 google.dk
    O1 - Hosts: 124.217.251.159 google.se
    O1 - Hosts: 124.217.251.159 google.co.nz
    O1 - Hosts: 124.217.251.159 google.cn
    O1 - Hosts: 124.217.251.159 google.com.pr
    O1 - Hosts: 124.217.251.159 google.com.ca
    O1 - Hosts: 124.217.251.159 google.com.ch
    O1 - Hosts: 124.217.251.159 google.fi
    O1 - Hosts: 124.217.251.159 google.co.in
    O1 - Hosts: 124.217.251.159 google.co.uk
    O1 - Hosts: 124.217.251.159 google.lv
    O1 - Hosts: 124.217.251.159 google.co.hu
    O1 - Hosts: 124.217.251.159 google.lk
    O1 - Hosts: 124.217.251.159 google.com.au
    O1 - Hosts: 124.217.251.159 google.ru
    O1 - Hosts: 124.217.251.159 google.nl
    O1 - Hosts: 124.217.251.159 google.be
    O1 - Hosts: 124.217.251.159 google.de
    O1 - Hosts: 124.217.251.159 gogle.de
    O1 - Hosts: 124.217.251.159 googel.de
    O1 - Hosts: 124.217.251.159 google.ro
    O1 - Hosts: 124.217.251.159 google.kz
    O1 - Hosts: 124.217.251.159 google.by
    O1 - Hosts: 124.217.251.159 google.no
    O1 - Hosts: 124.217.251.159 google.pl
    O1 - Hosts: 124.217.251.159 google.com.pl
    O1 - Hosts: 124.217.251.159 google.es
    O1 - Hosts: 124.217.251.159 google.pt
    O1 - Hosts: 124.217.251.159 google.com.br
    O1 - Hosts: 124.217.251.159 google.vc
    O1 - Hosts: 124.217.251.159 google.co.za
    O1 - Hosts: 124.217.251.159 google.tm
    O1 - Hosts: 124.217.251.159 google.com.my
    O1 - Hosts: 124.217.251.159 google.bg
    O1 - Hosts: 124.217.251.159 google.co.jp
    O1 - Hosts: 124.217.251.159 google.ie
    O1 - Hosts: 124.217.251.159 google.co.ck
    O1 - Hosts: 124.217.251.159 google.com.mx
    O1 - Hosts: 124.217.251.159 google.com.om
    O1 - Hosts: 124.217.251.159 google.fr
    O1 - Hosts: 124.217.251.159 google.mu
    O1 - Hosts: 124.217.251.159 google.com.ph
    O1 - Hosts: 124.217.251.159 google.com.jm
    O1 - Hosts: 124.217.251.159 google.com
    O1 - Hosts: 124.217.251.159 google.us
    O1 - Hosts: 124.217.251.159 google.ro
    O1 - Hosts: 124.217.251.159 www.google.dk
    O1 - Hosts: 124.217.251.159 www.google.se
    O1 - Hosts: 124.217.251.159 www.google.co.nz
    O1 - Hosts: 124.217.251.159 www.google.cn
    O1 - Hosts: 124.217.251.159 www.google.com.pr
    O1 - Hosts: 124.217.251.159 www.google.com.ca
    O1 - Hosts: 124.217.251.159 www.google.com.ch
    O1 - Hosts: 124.217.251.159 www.google.fi
    O1 - Hosts: 124.217.251.159 www.google.co.in
    O1 - Hosts: 124.217.251.159 www.google.co.uk
    O1 - Hosts: 124.217.251.159 www.google.lv
    O1 - Hosts: 124.217.251.159 www.google.co.hu
    O1 - Hosts: 124.217.251.159 www.google.lk
    O1 - Hosts: 124.217.251.159 www.google.com.au
    O1 - Hosts: 124.217.251.159 www.google.ru
    O1 - Hosts: 124.217.251.159 www.google.nl
    O1 - Hosts: 124.217.251.159 www.google.be
    O1 - Hosts: 124.217.251.159 www.google.de
    O1 - Hosts: 124.217.251.159 www.gogle.de
    O1 - Hosts: 124.217.251.159 www.googel.de
    O1 - Hosts: 124.217.251.159 www.google.ro
    O1 - Hosts: 124.217.251.159 www.google.kz
    O1 - Hosts: 124.217.251.159 www.google.by
    O1 - Hosts: 124.217.251.159 www.google.no
    O1 - Hosts: 124.217.251.159 www.google.pl
    O1 - Hosts: 124.217.251.159 www.google.com.pl
    O1 - Hosts: 124.217.251.159 www.google.es
    O1 - Hosts: 124.217.251.159 www.google.pt
    O1 - Hosts: 124.217.251.159 www.google.com.br
    O1 - Hosts: 124.217.251.159 www.google.vc
    O1 - Hosts: 124.217.251.159 www.google.co.za
    O1 - Hosts: 124.217.251.159 www.google.tm
    O1 - Hosts: 124.217.251.159 www.google.com.my
    O1 - Hosts: 124.217.251.159 www.google.bg
    O1 - Hosts: 124.217.251.159 www.google.co.jp
    O1 - Hosts: 124.217.251.159 www.google.ie
    O1 - Hosts: 124.217.251.159 www.google.co.ck
    O1 - Hosts: 124.217.251.159 www.google.com.mx
    O1 - Hosts: 124.217.251.159 www.google.com.om
    O1 - Hosts: 124.217.251.159 www.google.fr
    O1 - Hosts: 124.217.251.159 www.google.mu
    O1 - Hosts: 124.217.251.159 www.google.com.ph
    O1 - Hosts: 124.217.251.159 www.google.com.jm
    O1 - Hosts: 124.217.251.159 www.google.com
    O1 - Hosts: 124.217.251.159 www.google.us
    O1 - Hosts: 124.217.251.159 www.google.ro
    O1 - Hosts: 124.217.251.159 www.video.google.com
    O1 - Hosts: 124.217.251.159 www.maps.google.com
    O1 - Hosts: 124.217.251.159 www.groups.google.com
    O1 - Hosts: 124.217.251.159 www.news.google.com
    O1 - Hosts: 124.217.251.159 www.images.google.com
    O1 - Hosts: 124.217.251.159 www.earth.google.com
    O1 - Hosts: 124.217.251.159 www.code.google.com
    O1 - Hosts: 124.217.251.159 www.directory.google.com
    O1 - Hosts: 124.217.251.159 www.labs.google.com
    O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
    O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
    O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [zi7oq41p8d] C:\WINDOWS\system32\zi7oq41p8d.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [braviax] C:\WINDOWS\System32\braviax.exe
    O4 - HKLM\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
    O4 - HKLM\..\Run: [WinReanimator] "C:\Program Files\WinReanimator\WinReanimator.exe" /hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [braviax] C:\WINDOWS\System32\braviax.exe
    O4 - HKCU\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
    O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\System32\1054l.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1004\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI (User '?')
    O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1004\..\RunServices: [UpdateWin] C:\WINDOWS\System32\1054l.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://newdesk.eur.sgcib.com/ICAWEB/en/ica32/wficat.cab
    O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcecoms.exe
    O23 - Service: M-Audio Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. -Shadow-
     
    Tu as mis le temps.
    Fixe tout ça:
    O4 - HKCU\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
    O4 - HKCU\..\Run: [braviax] C:\WINDOWS\System32\braviax.exe
    O4 - HKLM\..\Run: [zi7oq41p8d] C:\WINDOWS\system32\zi7oq41p8d.exe
    

    A+
    0
    1. papypapy29 Messages postés 105 Statut Membre
       
      Merci Shadow,

      j'ai fixé les programmes que tu m'as indiqués.

      Voici le nouveau log de HiJackThis

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:26:13, on 16/03/2008
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
      Boot mode: Safe mode with network support

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\mgmrwmrv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\internet explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
      O1 - Hosts: 124.217.251.159 google.dk
      O1 - Hosts: 124.217.251.159 google.se
      O1 - Hosts: 124.217.251.159 google.co.nz
      O1 - Hosts: 124.217.251.159 google.cn
      O1 - Hosts: 124.217.251.159 google.com.pr
      O1 - Hosts: 124.217.251.159 google.com.ca
      O1 - Hosts: 124.217.251.159 google.com.ch
      O1 - Hosts: 124.217.251.159 google.fi
      O1 - Hosts: 124.217.251.159 google.co.in
      O1 - Hosts: 124.217.251.159 google.co.uk
      O1 - Hosts: 124.217.251.159 google.lv
      O1 - Hosts: 124.217.251.159 google.co.hu
      O1 - Hosts: 124.217.251.159 google.lk
      O1 - Hosts: 124.217.251.159 google.com.au
      O1 - Hosts: 124.217.251.159 google.ru
      O1 - Hosts: 124.217.251.159 google.nl
      O1 - Hosts: 124.217.251.159 google.be
      O1 - Hosts: 124.217.251.159 google.de
      O1 - Hosts: 124.217.251.159 gogle.de
      O1 - Hosts: 124.217.251.159 googel.de
      O1 - Hosts: 124.217.251.159 google.ro
      O1 - Hosts: 124.217.251.159 google.kz
      O1 - Hosts: 124.217.251.159 google.by
      O1 - Hosts: 124.217.251.159 google.no
      O1 - Hosts: 124.217.251.159 google.pl
      O1 - Hosts: 124.217.251.159 google.com.pl
      O1 - Hosts: 124.217.251.159 google.es
      O1 - Hosts: 124.217.251.159 google.pt
      O1 - Hosts: 124.217.251.159 google.com.br
      O1 - Hosts: 124.217.251.159 google.vc
      O1 - Hosts: 124.217.251.159 google.co.za
      O1 - Hosts: 124.217.251.159 google.tm
      O1 - Hosts: 124.217.251.159 google.com.my
      O1 - Hosts: 124.217.251.159 google.bg
      O1 - Hosts: 124.217.251.159 google.co.jp
      O1 - Hosts: 124.217.251.159 google.ie
      O1 - Hosts: 124.217.251.159 google.co.ck
      O1 - Hosts: 124.217.251.159 google.com.mx
      O1 - Hosts: 124.217.251.159 google.com.om
      O1 - Hosts: 124.217.251.159 google.fr
      O1 - Hosts: 124.217.251.159 google.mu
      O1 - Hosts: 124.217.251.159 google.com.ph
      O1 - Hosts: 124.217.251.159 google.com.jm
      O1 - Hosts: 124.217.251.159 google.com
      O1 - Hosts: 124.217.251.159 google.us
      O1 - Hosts: 124.217.251.159 google.ro
      O1 - Hosts: 124.217.251.159 www.google.dk
      O1 - Hosts: 124.217.251.159 www.google.se
      O1 - Hosts: 124.217.251.159 www.google.co.nz
      O1 - Hosts: 124.217.251.159 www.google.cn
      O1 - Hosts: 124.217.251.159 www.google.com.pr
      O1 - Hosts: 124.217.251.159 www.google.com.ca
      O1 - Hosts: 124.217.251.159 www.google.com.ch
      O1 - Hosts: 124.217.251.159 www.google.fi
      O1 - Hosts: 124.217.251.159 www.google.co.in
      O1 - Hosts: 124.217.251.159 www.google.co.uk
      O1 - Hosts: 124.217.251.159 www.google.lv
      O1 - Hosts: 124.217.251.159 www.google.co.hu
      O1 - Hosts: 124.217.251.159 www.google.lk
      O1 - Hosts: 124.217.251.159 www.google.com.au
      O1 - Hosts: 124.217.251.159 www.google.ru
      O1 - Hosts: 124.217.251.159 www.google.nl
      O1 - Hosts: 124.217.251.159 www.google.be
      O1 - Hosts: 124.217.251.159 www.google.de
      O1 - Hosts: 124.217.251.159 www.gogle.de
      O1 - Hosts: 124.217.251.159 www.googel.de
      O1 - Hosts: 124.217.251.159 www.google.ro
      O1 - Hosts: 124.217.251.159 www.google.kz
      O1 - Hosts: 124.217.251.159 www.google.by
      O1 - Hosts: 124.217.251.159 www.google.no
      O1 - Hosts: 124.217.251.159 www.google.pl
      O1 - Hosts: 124.217.251.159 www.google.com.pl
      O1 - Hosts: 124.217.251.159 www.google.es
      O1 - Hosts: 124.217.251.159 www.google.pt
      O1 - Hosts: 124.217.251.159 www.google.com.br
      O1 - Hosts: 124.217.251.159 www.google.vc
      O1 - Hosts: 124.217.251.159 www.google.co.za
      O1 - Hosts: 124.217.251.159 www.google.tm
      O1 - Hosts: 124.217.251.159 www.google.com.my
      O1 - Hosts: 124.217.251.159 www.google.bg
      O1 - Hosts: 124.217.251.159 www.google.co.jp
      O1 - Hosts: 124.217.251.159 www.google.ie
      O1 - Hosts: 124.217.251.159 www.google.co.ck
      O1 - Hosts: 124.217.251.159 www.google.com.mx
      O1 - Hosts: 124.217.251.159 www.google.com.om
      O1 - Hosts: 124.217.251.159 www.google.fr
      O1 - Hosts: 124.217.251.159 www.google.mu
      O1 - Hosts: 124.217.251.159 www.google.com.ph
      O1 - Hosts: 124.217.251.159 www.google.com.jm
      O1 - Hosts: 124.217.251.159 www.google.com
      O1 - Hosts: 124.217.251.159 www.google.us
      O1 - Hosts: 124.217.251.159 www.google.ro
      O1 - Hosts: 124.217.251.159 www.video.google.com
      O1 - Hosts: 124.217.251.159 www.maps.google.com
      O1 - Hosts: 124.217.251.159 www.groups.google.com
      O1 - Hosts: 124.217.251.159 www.news.google.com
      O1 - Hosts: 124.217.251.159 www.images.google.com
      O1 - Hosts: 124.217.251.159 www.earth.google.com
      O1 - Hosts: 124.217.251.159 www.code.google.com
      O1 - Hosts: 124.217.251.159 www.directory.google.com
      O1 - Hosts: 124.217.251.159 www.labs.google.com
      O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
      O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
      O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
      O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
      O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
      O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
      O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
      O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
      O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
      O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
      O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
      O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
      O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
      O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
      O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
      O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
      O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
      O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [WinReanimator] "C:\Program Files\WinReanimator\WinReanimator.exe" /hide
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [zi7oq41p8d] C:\WINDOWS\system32\zi7oq41p8d.exe
      O4 - HKCU\..\Run: [IEUpdate] C:\WINDOWS\System32\actskin4z.exe
      O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\System32\1054l.exe
      O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\System32\actskin4z.exe
      O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\System32\1054l.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
      O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
      O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1003\..\Run: [zi7oq41p8d] C:\WINDOWS\system32\zi7oq41p8d.exe (User '?')
      O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1003\..\Run: [IEUpdate] C:\WINDOWS\System32\actskin4z.exe (User '?')
      O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1003\..\Run: [UpdateWin] C:\WINDOWS\System32\1054l.exe (User '?')
      O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1003\..\RunServices: [IEUpdate] C:\WINDOWS\System32\actskin4z.exe (User '?')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
      O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://newdesk.eur.sgcib.com/ICAWEB/en/ica32/wficat.cab
      O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
      O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcecoms.exe
      O23 - Service: M-Audio Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
      0
  7. -Shadow-
     
    Bonsoir fixe tout ça:
    O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
    O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
    O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe 
    O4 - HKCU\..\Run: [zi7oq41p8d] C:\WINDOWS\system32\zi7oq41p8d.exe
    O4 - HKCU\..\Run: [IEUpdate] C:\WINDOWS\System32\actskin4z.exe 
    O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\System32\1054l.exe
    O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\System32\actskin4z.exe
    O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\System32\1054l.exe 
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1003\..\Run: [zi7oq41p8d] C:\WINDOWS\system32\zi7oq41p8d.exe (User '?')
    O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1003\..\Run: [IEUpdate] C:\WINDOWS\System32\actskin4z.exe (User '?')
    O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1003\..\Run: [UpdateWin] C:\WINDOWS\System32\1054l.exe (User '?')
    O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1003\..\RunServices: [IEUpdate] C:\WINDOWS\System32\actskin4z.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') 
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm 
    

    Ce sont des trucs inutiles ou des traces de spywares. (Sans danger mais leur suppression optimise le système)

    A+
    0
    1. papypapy29 Messages postés 105 Statut Membre
       
      DE retour de vacances ...

      Ce qui est curieux, c'est que tout ce que j'enlève via Spybot (108 solutions, etc...) revient systématiquement....

      Sinon, aprés avoir fixé ce que tu m'as indiqué, voici le dernier log de HJT

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:06, on 2008-03-22
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
      Boot mode: Safe mode with network support

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\mgmrwmrv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
      O1 - Hosts: 124.217.251.159 google.dk
      O1 - Hosts: 124.217.251.159 google.se
      O1 - Hosts: 124.217.251.159 google.co.nz
      O1 - Hosts: 124.217.251.159 google.cn
      O1 - Hosts: 124.217.251.159 google.com.pr
      O1 - Hosts: 124.217.251.159 google.com.ca
      O1 - Hosts: 124.217.251.159 google.com.ch
      O1 - Hosts: 124.217.251.159 google.fi
      O1 - Hosts: 124.217.251.159 google.co.in
      O1 - Hosts: 124.217.251.159 google.co.uk
      O1 - Hosts: 124.217.251.159 google.lv
      O1 - Hosts: 124.217.251.159 google.co.hu
      O1 - Hosts: 124.217.251.159 google.lk
      O1 - Hosts: 124.217.251.159 google.com.au
      O1 - Hosts: 124.217.251.159 google.ru
      O1 - Hosts: 124.217.251.159 google.nl
      O1 - Hosts: 124.217.251.159 google.be
      O1 - Hosts: 124.217.251.159 google.de
      O1 - Hosts: 124.217.251.159 gogle.de
      O1 - Hosts: 124.217.251.159 googel.de
      O1 - Hosts: 124.217.251.159 google.ro
      O1 - Hosts: 124.217.251.159 google.kz
      O1 - Hosts: 124.217.251.159 google.by
      O1 - Hosts: 124.217.251.159 google.no
      O1 - Hosts: 124.217.251.159 google.pl
      O1 - Hosts: 124.217.251.159 google.com.pl
      O1 - Hosts: 124.217.251.159 google.es
      O1 - Hosts: 124.217.251.159 google.pt
      O1 - Hosts: 124.217.251.159 google.com.br
      O1 - Hosts: 124.217.251.159 google.vc
      O1 - Hosts: 124.217.251.159 google.co.za
      O1 - Hosts: 124.217.251.159 google.tm
      O1 - Hosts: 124.217.251.159 google.com.my
      O1 - Hosts: 124.217.251.159 google.bg
      O1 - Hosts: 124.217.251.159 google.co.jp
      O1 - Hosts: 124.217.251.159 google.ie
      O1 - Hosts: 124.217.251.159 google.co.ck
      O1 - Hosts: 124.217.251.159 google.com.mx
      O1 - Hosts: 124.217.251.159 google.com.om
      O1 - Hosts: 124.217.251.159 google.fr
      O1 - Hosts: 124.217.251.159 google.mu
      O1 - Hosts: 124.217.251.159 google.com.ph
      O1 - Hosts: 124.217.251.159 google.com.jm
      O1 - Hosts: 124.217.251.159 google.com
      O1 - Hosts: 124.217.251.159 google.us
      O1 - Hosts: 124.217.251.159 google.ro
      O1 - Hosts: 124.217.251.159 www.google.dk
      O1 - Hosts: 124.217.251.159 www.google.se
      O1 - Hosts: 124.217.251.159 www.google.co.nz
      O1 - Hosts: 124.217.251.159 www.google.cn
      O1 - Hosts: 124.217.251.159 www.google.com.pr
      O1 - Hosts: 124.217.251.159 www.google.com.ca
      O1 - Hosts: 124.217.251.159 www.google.com.ch
      O1 - Hosts: 124.217.251.159 www.google.fi
      O1 - Hosts: 124.217.251.159 www.google.co.in
      O1 - Hosts: 124.217.251.159 www.google.co.uk
      O1 - Hosts: 124.217.251.159 www.google.lv
      O1 - Hosts: 124.217.251.159 www.google.co.hu
      O1 - Hosts: 124.217.251.159 www.google.lk
      O1 - Hosts: 124.217.251.159 www.google.com.au
      O1 - Hosts: 124.217.251.159 www.google.ru
      O1 - Hosts: 124.217.251.159 www.google.nl
      O1 - Hosts: 124.217.251.159 www.google.be
      O1 - Hosts: 124.217.251.159 www.google.de
      O1 - Hosts: 124.217.251.159 www.gogle.de
      O1 - Hosts: 124.217.251.159 www.googel.de
      O1 - Hosts: 124.217.251.159 www.google.ro
      O1 - Hosts: 124.217.251.159 www.google.kz
      O1 - Hosts: 124.217.251.159 www.google.by
      O1 - Hosts: 124.217.251.159 www.google.no
      O1 - Hosts: 124.217.251.159 www.google.pl
      O1 - Hosts: 124.217.251.159 www.google.com.pl
      O1 - Hosts: 124.217.251.159 www.google.es
      O1 - Hosts: 124.217.251.159 www.google.pt
      O1 - Hosts: 124.217.251.159 www.google.com.br
      O1 - Hosts: 124.217.251.159 www.google.vc
      O1 - Hosts: 124.217.251.159 www.google.co.za
      O1 - Hosts: 124.217.251.159 www.google.tm
      O1 - Hosts: 124.217.251.159 www.google.com.my
      O1 - Hosts: 124.217.251.159 www.google.bg
      O1 - Hosts: 124.217.251.159 www.google.co.jp
      O1 - Hosts: 124.217.251.159 www.google.ie
      O1 - Hosts: 124.217.251.159 www.google.co.ck
      O1 - Hosts: 124.217.251.159 www.google.com.mx
      O1 - Hosts: 124.217.251.159 www.google.com.om
      O1 - Hosts: 124.217.251.159 www.google.fr
      O1 - Hosts: 124.217.251.159 www.google.mu
      O1 - Hosts: 124.217.251.159 www.google.com.ph
      O1 - Hosts: 124.217.251.159 www.google.com.jm
      O1 - Hosts: 124.217.251.159 www.google.com
      O1 - Hosts: 124.217.251.159 www.google.us
      O1 - Hosts: 124.217.251.159 www.google.ro
      O1 - Hosts: 124.217.251.159 www.video.google.com
      O1 - Hosts: 124.217.251.159 www.maps.google.com
      O1 - Hosts: 124.217.251.159 www.groups.google.com
      O1 - Hosts: 124.217.251.159 www.news.google.com
      O1 - Hosts: 124.217.251.159 www.images.google.com
      O1 - Hosts: 124.217.251.159 www.earth.google.com
      O1 - Hosts: 124.217.251.159 www.code.google.com
      O1 - Hosts: 124.217.251.159 www.directory.google.com
      O1 - Hosts: 124.217.251.159 www.labs.google.com
      O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
      O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
      O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
      O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
      O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
      O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
      O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
      O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
      O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
      O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
      O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
      O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
      O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
      O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
      O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
      O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [WinReanimator] "C:\Program Files\WinReanimator\WinReanimator.exe" /hide
      O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
      O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://newdesk.eur.sgcib.com/ICAWEB/en/ica32/wficat.cab
      O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
      O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcecoms.exe
      O23 - Service: M-Audio Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
      0
  8. -Shadow-
     
    Bonjour

    *arrête le processus: mgmrwmrv.exe

    *supprime le fichier: C:\WINDOWS\system32\mgmrwmrv.exe
    (supprime-le maintenant! il est très dangereux!)

    fixe tout les éléments:
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
    O1 - Hosts: 124.217.251.159 google.dk
    O1 - Hosts: 124.217.251.159 google.se
    O1 - Hosts: 124.217.251.159 google.co.nz
    O1 - Hosts: 124.217.251.159 google.cn
    O1 - Hosts: 124.217.251.159 google.com.pr
    O1 - Hosts: 124.217.251.159 google.com.ca
    O1 - Hosts: 124.217.251.159 google.com.ch
    O1 - Hosts: 124.217.251.159 google.fi
    O1 - Hosts: 124.217.251.159 google.co.in
    O1 - Hosts: 124.217.251.159 google.co.uk
    O1 - Hosts: 124.217.251.159 google.lv
    O1 - Hosts: 124.217.251.159 google.co.hu
    O1 - Hosts: 124.217.251.159 google.lk
    O1 - Hosts: 124.217.251.159 google.com.au
    O1 - Hosts: 124.217.251.159 google.ru
    O1 - Hosts: 124.217.251.159 google.nl
    O1 - Hosts: 124.217.251.159 google.be
    O1 - Hosts: 124.217.251.159 google.de
    O1 - Hosts: 124.217.251.159 gogle.de
    O1 - Hosts: 124.217.251.159 googel.de
    O1 - Hosts: 124.217.251.159 google.ro
    O1 - Hosts: 124.217.251.159 google.kz
    O1 - Hosts: 124.217.251.159 google.by
    O1 - Hosts: 124.217.251.159 google.no
    O1 - Hosts: 124.217.251.159 google.pl
    O1 - Hosts: 124.217.251.159 google.com.pl
    O1 - Hosts: 124.217.251.159 google.es
    O1 - Hosts: 124.217.251.159 google.pt
    O1 - Hosts: 124.217.251.159 google.com.br
    O1 - Hosts: 124.217.251.159 google.vc
    O1 - Hosts: 124.217.251.159 google.co.za
    O1 - Hosts: 124.217.251.159 google.tm
    O1 - Hosts: 124.217.251.159 google.com.my
    O1 - Hosts: 124.217.251.159 google.bg
    O1 - Hosts: 124.217.251.159 google.co.jp
    O1 - Hosts: 124.217.251.159 google.ie
    O1 - Hosts: 124.217.251.159 google.co.ck
    O1 - Hosts: 124.217.251.159 google.com.mx
    O1 - Hosts: 124.217.251.159 google.com.om
    O1 - Hosts: 124.217.251.159 google.mu
    O1 - Hosts: 124.217.251.159 google.com.ph
    O1 - Hosts: 124.217.251.159 google.com.jm
    O1 - Hosts: 124.217.251.159 google.com
    O1 - Hosts: 124.217.251.159 google.us
    O1 - Hosts: 124.217.251.159 google.ro
    O1 - Hosts: 124.217.251.159 www.google.dk
    O1 - Hosts: 124.217.251.159 www.google.se
    O1 - Hosts: 124.217.251.159 www.google.co.nz
    O1 - Hosts: 124.217.251.159 www.google.cn
    O1 - Hosts: 124.217.251.159 www.google.com.pr
    O1 - Hosts: 124.217.251.159 www.google.com.ca
    O1 - Hosts: 124.217.251.159 www.google.com.ch
    O1 - Hosts: 124.217.251.159 www.google.fi
    O1 - Hosts: 124.217.251.159 www.google.co.in
    O1 - Hosts: 124.217.251.159 www.google.co.uk
    O1 - Hosts: 124.217.251.159 www.google.lv
    O1 - Hosts: 124.217.251.159 www.google.co.hu
    O1 - Hosts: 124.217.251.159 www.google.lk
    O1 - Hosts: 124.217.251.159 www.google.com.au
    O1 - Hosts: 124.217.251.159 www.google.ru
    O1 - Hosts: 124.217.251.159 www.google.nl
    O1 - Hosts: 124.217.251.159 www.google.be
    O1 - Hosts: 124.217.251.159 www.google.de
    O1 - Hosts: 124.217.251.159 www.gogle.de
    O1 - Hosts: 124.217.251.159 www.googel.de
    O1 - Hosts: 124.217.251.159 www.google.ro
    O1 - Hosts: 124.217.251.159 www.google.kz
    O1 - Hosts: 124.217.251.159 www.google.by
    O1 - Hosts: 124.217.251.159 www.google.no
    O1 - Hosts: 124.217.251.159 www.google.pl
    O1 - Hosts: 124.217.251.159 www.google.com.pl
    O1 - Hosts: 124.217.251.159 www.google.es
    O1 - Hosts: 124.217.251.159 www.google.pt
    O1 - Hosts: 124.217.251.159 www.google.com.br
    O1 - Hosts: 124.217.251.159 www.google.vc
    O1 - Hosts: 124.217.251.159 www.google.co.za
    O1 - Hosts: 124.217.251.159 www.google.tm
    O1 - Hosts: 124.217.251.159 www.google.com.my
    O1 - Hosts: 124.217.251.159 www.google.bg
    O1 - Hosts: 124.217.251.159 www.google.co.jp
    O1 - Hosts: 124.217.251.159 www.google.ie
    O1 - Hosts: 124.217.251.159 www.google.co.ck
    O1 - Hosts: 124.217.251.159 www.google.com.mx
    O1 - Hosts: 124.217.251.159 www.google.com.om
    O1 - Hosts: 124.217.251.159 www.google.fr
    O1 - Hosts: 124.217.251.159 www.google.mu
    O1 - Hosts: 124.217.251.159 www.google.com.ph
    O1 - Hosts: 124.217.251.159 www.google.com.jm
    O1 - Hosts: 124.217.251.159 www.google.com
    O1 - Hosts: 124.217.251.159 www.google.us
    O1 - Hosts: 124.217.251.159 www.google.ro
    O1 - Hosts: 124.217.251.159 www.video.google.com
    O1 - Hosts: 124.217.251.159 www.maps.google.com
    O1 - Hosts: 124.217.251.159 www.groups.google.com
    O1 - Hosts: 124.217.251.159 www.news.google.com
    O1 - Hosts: 124.217.251.159 www.images.google.com
    O1 - Hosts: 124.217.251.159 www.earth.google.com
    O1 - Hosts: 124.217.251.159 www.code.google.com
    O1 - Hosts: 124.217.251.159 www.directory.google.com
    O1 - Hosts: 124.217.251.159 www.labs.google.com
    O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
    O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
    O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    

    Et après redémarre.
    Ce virus, en fait, il établis des milliards de connexions. Ce qui fais beaucoup monter ta facture
    Internet et ralentir ta connexion, voire te déconnecte.
    0
    1. papypapy29 Messages postés 105 Statut Membre
       
      Merci pour ta réponse.

      En revanche, comme je ne peux plus démarrer qu'en mode sans échec, je n'ai pas accés au task manager.
      Sais-tu coment je peux arrêter le processus ? Par la barre de commande par exemple ?

      MErci d'avance,
      0
      1. -Shadow- > papypapy29 Messages postés 105 Statut Membre
         
        Si tu es en mode sans échec pas besoin d'arrêter le processus, il ne s'est pas démarré... Ok...

        Si jamais tu veux l'arrêter, au cas où, par ligne de commande, dans exécuter tape "cmd" et tape
        "taskkill /IM nom.exe /F". nom.exe est en fait le processus à arrêter.

        Bon tu peux effacer sans en être empêché.
        0
      2. papypapy29 Messages postés 105 Statut Membre > -Shadow-
         
        LE ciel se dégage ...

        Pour mon info, le virus "trés dangereux" peut faire quels genres de dégats ?

        Voici le nouveau log de HiJackThis

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 19:53, on 2008-03-22
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
        Boot mode: Safe mode with network support

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
        O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
        O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
        O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [WinReanimator] "C:\Program Files\WinReanimator\WinReanimator.exe" /hide
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
        O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1003\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
        O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
        O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://newdesk.eur.sgcib.com/ICAWEB/en/ica32/wficat.cab
        O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
        O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcecoms.exe
        O23 - Service: M-Audio Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
        0
  9. -Shadow-
     
    Ce qu'il fait:

    *Désactive le système de protection de fichiers Windows
    *Droppe, c'est-à-dire qu'il largue d'autres virus sur ta machine (des fichiers de n'importe quelle nature)
    *Créé des DLLs (Librairies de liaison dynamique)
    *Se fixe dans le fichier swap (ce fichier sert à restaurer les programmes ouverts, donc le virus est ouvert avec)
    *Des popups (fenêtres internet explorer)

    Par contre il n'efface pas de fichiers. Il n'endommage rien non plus. Ce qu'il fait c'est qu'il t'espionne.

    Bon, démarre en mode sans échec et supprime ces dossiers:
    C:\Program Files\WinReanimator
    C:\Program Files\NETGEAR\
    

    Ensuite relance hijackthis et coche tout ces éléments:
    O4 - HKLM\..\Run: [WinReanimator] "C:\Program Files\WinReanimator\WinReanimator.exe" /hide
    O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    

    Pour ces éléments, ils ne sont pas dangereux mais leur suppression pourrait contribuer à l'optimisation du système.
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://newdesk.eur.sgcib.com/ICAWEB/en/ica32/wficat.cab
    

    Redémarre en mode normal et refais un scan avec Spybot.
    A+
    0
    1. papypapy29 Messages postés 105 Statut Membre
       
      Hello,

      il y a deux programmes qui me sont indispensables :

      - NetGear : c'est mon Wifi
      - Citrix ICA Client : c'est mon accès à distance au boulot

      Faut-il que je les supprime malgré tout et que les réinstalle par la suite ou puise-je les garder sans inconvénient pour la désinfection ?

      Merci d'avance,

      Guillaume
      0
      1. -Shadow- > papypapy29 Messages postés 105 Statut Membre
         
        Désolé je me suis trompé Netgear est sain.
        Citrix aussi tu peux le garder.
        0
      2. Papypapy29 > -Shadow-
         
        Hello,

        après nettoyage par Spybot (plus rien au 2ème scan), voici le nouveau logfile de HiJackThis.

        J'ai l'impression qu'on voit le bout.




        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 16:51, on 2008-03-24
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\M-Audio Uno\UnoInst.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
        C:\Program Files\Lexmark 4300 Series\lxcemon.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\WINDOWS\mmhren1.exe
        C:\WINDOWS\System32\lxcecoms.exe
        C:\Program Files\MSN Messenger\msnmsgr.exe
        C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
        C:\Program Files\Citrix\ICA Client\pnagent.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
        F3 - REG:win.ini: run=C:\WINDOWS\mmhren1.exe
        O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
        O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
        O4 - HKCU\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
        O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1003\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
        O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1003\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe (User '?')
        O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
        O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
        O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcecoms.exe
        O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
        O23 - Service: M-Audio Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
        0
  10. -Shadow-
     
    Resalut, oui, comme tu dis, on arrive au bout! ;)

    Il ne te reste qu'à fixer ça:
    F3 - REG:win.ini: run=C:\WINDOWS\mmhren1.exe
    
    O4 - HKLM\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
    
    O4 - HKCU\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
    
    O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1003\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe (User '?')
    

    Ensuite efface ce fichier:
    C:\WINDOWS\mmhren1.exe
    

    Ensuite, refais un scan avec spybot. Poste reposte un rapport hijackthis après avoir redémarré ton ordinateur.

    A+
    0
  11. papypapy29 Messages postés 105 Statut Membre
     
    Hello,

    voici le nouveau log.

    Malheureusement, je n'arrive pas à travailler en mode normal. Il me dit que j'ai un problème avec svchost.exe

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:26:43, on 30/03/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-21-1482476501-746137067-854245398-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcecoms.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: M-Audio Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
    0
  12. -Shadow-
     
    Bonsoir, pourrais-tu renommer ce fichier:

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    en

    C:\Program Files\Trend Micro\HijackThis\H.EXE

    Pour ensuite reposter un rapport, stp?
    Je te demande de le renommer car certains virus malicieux se cachent à HijackThis.
    Renommer ce fichier rend HijackThis inrepérable, donc on trouvera plus de choses.

    Matthias
    0