Virus ou trojan que faire pour les suprimer Fermé

Question

Bonjour, j'ai recement tenté de faire une restauration du système car mcafee mon antivirus ne voulait plus se mettre a jour (ainsi que vista m'affichait : mise a jour echec ) la restauration de mon systéme  ne pouvant étre achever (impossile de restaurer votre ordinateur) j'ai télécharger spybot et a squeared spybot m'a indiquer que j'avait un trojan seulement quand j'essay de le suprimer on me dit qu'il est en cour d'utilisation ... de plus des fenétre intempestive s'ouvre constament et je suis redirigé sur des site ou je ne veu pas aller quand j'ai des resultat dans google et quand  je clik dessu  je suis redirigé sur des site comme :Perfspot , Mamma shearch , jump ect ...des fenetre pop-up "advertisment windows" saffiche toute les 30 secondes bref chaos total j'ai tenté d'installer navilog hélas impossible de l'installer ...je ne sait plus quoi faire je vous demande de m'aider merci d'avance...

Cordialement Missman00 <3

Utilisateur anonyme · Accepted Answer

Hi,

Tu es victime d'un détournement de DNS.

Ensuite les lignes que tu as supprimer ne servent a rien de les fixer pour cela il faut utiliser un fix.

Alut.

pimprenelle27 · Answer

Bonjour,


Pour faire avancer, fait déjà ceci :

fait un rapport avec hijackthis, fais un double-clic sur HJTInstall.exe afin de lancer l'installation ,clique sur Install ensuite sur I Accept, ensuite Clique sur Do a scan system and save log file.Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu et poste le ici pour que l'on puisse l'analyser,voici le tuto hijackthis,  

puis télécharge malwarebyte-s-anti-malware, fait un scan complet puis à la fin afficher rapport, supprimer et  faire un copier coller du contenu et le poster ici, voici le tuto malwarebyte-s-anti-malware

missman00 · Answer

voila le rapport hijacthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:53, on 16/11/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [AskTBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: NameServer = 85.255.112.112;85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: NameServer = 85.255.112.112;85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: NameServer = 85.255.112.112;85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: NameServer = 85.255.112.112;85.255.112.69
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AddFiltr - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdmyc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

pimprenelle27 · Answer

Il y a déjà des choses à supprimer : 


O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)


O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe



O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe


O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdmyc.exe

relance hijackthis puis sélectionne c'est ligne et ensuite clique sur fix cheked

pimprenelle27 · Answer

ça à voir ?

Effacer si l’IP ou le domaine '85.255.112.112;85.255.112.69' ne vous est pas connu. 


O17 - HKLM\System\CCS\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: NameServer = 85.255.112.112;85.255.112.69
	
 
	O17 - HKLM\System\CCS\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: NameServer = 85.255.112.112;85.255.112.69
	 
	O17 - HKLM\System\CCS\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: NameServer = 85.255.112.112;85.255.112.69
	
	O17 - HKLM\System\CCS\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: NameServer = 85.255.112.112;85.255.112.69

missman00 · Answer

merci pimprenelle27  pour ton aide :D doije attendre que malwarebyte's ai fini son scan ou je suprimme directement les élément que tu ma demander d'éliminer ?

missman00 · Answer

pour docteur house ... désoler je suis debutante ...quest-ce qu'un fix ?

Utilisateur anonyme · Answer

bonsoir et pardon de l'intrusion,   les lignes 017 

sous cette  ip correspondent a une infection wareoute 

télécharges smitfraudfix :

En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php

tu doubles cliques sur smitfraudfix.cmd et tu choisi l option 5
cela vas générer un rapport.

Copie/colle le rapport sur le forum stp.



bonne continuations a vous

Utilisateur anonyme · Answer

Hi,

on fait comment alors pour le détournement de dns, on ne peut pas bloquer afin que le détournement ne revienne plus.

Tu pose qu'une question alors qu'il en aurait deux à poser.

pour les lignes de eorezo et bounty=>AD-REMOVER.(si tu veut te passe les canneds speechs.)

Pour le détournements de DNS:=>tu utilise Smithfraudix=>option 5.(avant on utiliser WAREOUT).

Pour smithfraudix,tu fait d'abord et toujours l'option 1=>même si la c'est évident,qu'elle en est victime.


plop*plop*plop*
Alut.

Utilisateur anonyme · Answer

Hi,

De rien à ton service et aide si tu as un problème si je sais et peut t'aider...

Alut.

missman00 · Answer

Je fais sa tt de suite et je vous tien au courant merci de prendre un peu de votre temps pour m'aider ^^

missman00 · Answer

Eum j'ai un souci a chaque manipulation que je fais avec smitfraudfix  dans l'encadré on me met acces refuser ...

Utilisateur anonyme · Answer

Hi,

Alors sous vista tu clic droit et tu l'exécute en mode "en tant qu'administrateur".

Alut.

missman00 · Answer

un message s'affiche :Your computer may be victim of a DNS Hijack:85.255.x.x conexion réseau Intel(R) PRO/1000 PL
Do you want to set your network to dynamic -DHCP-server ? et j'ai le choix entre oui ou non ...que faire

Cordialement missman00

Utilisateur anonyme · Answer

Hi,

Exécute le en mode sans échec.

    *  Clique sur Démarrer
    * Clique sur Arrêter
    * Sélectionne Redémarrer
    * Clique sur OK
    * Appuie sur la touche F8 dès qu'un écran de texte apparaît puis disparaît
    * Utilise les touches de direction pour sélectionner le mode sans échec voulu, puis appuie sur ENTRÉE

Alut.

missman00 · Answer

ok drhouse je fais sa dessuite merci

missman00 · Answer

Drhouse si j'ai tout bien compris j'execute smitfraudfix en mode sans echec ... mais quand je met l'option 5 il me dot que c'est en mode normal uniqument ...:s

missman00 · Answer

Autant pour moi j'avait mal lu bn j'ai fait l'option 1 et je poste le raport 
Voici le rapport :
 SmitFraudFix v2.375

Scan done at 18:39:45,81, 16/11/2008
Run from C:\Users\hp\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:esycled\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\hp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\hp\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\hp\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\Users\hp\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\sexvid FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\hp\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,"


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Connexion réseau Intel(R) PRO/1000 PL
DNS Server Search Order: 85.255.112.112;85.255.112.69

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

voila j'espere que vous pourrez m'aider

Utilisateur anonyme · Answer

Hi,

Relance smithfraudix en mode sans échec et fait l'option2.

Ensuite tu le relance et fait l'option 5.

Alut.

pimprenelle27 · Answer

il fallait faire l'option 5.

missman00 · Answer

L'option 5 je la relance en mode normal ou sans echec ?

Merci de ton aide Drhouse

Utilisateur anonyme · Answer

Hi,

il fallait faire l'option 5 car on sait déjà que tu est infecté. 

Regarde un peu mieux le rapport.

Alut.

Utilisateur anonyme · Answer

Hi,

L'option 5 je la relance en mode normal ou sans echec ? 

En mode normal.

Alut.

missman00 · Answer

apré avoir fait l'option 5 on m'affiche ce raport :

SmitFraudFix v2.375

Scan done at 18:45:10,80, 16/11/2008
Run from C:\Users\hp\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost
::1             localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Users\hp\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\sexvid Deleted
C:\resycled\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Connexion réseau Intel(R) PRO/1000 PL
DNS Server Search Order: 85.255.112.112;85.255.112.69

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

missman00 · Answer

que doije faire ?

cordialement MiissmAn00

Utilisateur anonyme · Answer

Hi,

n'écoute que moi car la on s'y perd.

Refait l'option 2 en mode sans échec.

Alut.

missman00 · Answer

SmitFraudFix v2.375

Scan done at 19:28:04,52, 16/11/2008
Run from C:\Users\hp\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost
::1             localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Connexion réseau Intel(R) PRO/1000 PL
DNS Server Search Order: 85.255.112.112;85.255.112.69

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

missman00 · Answer

Voila le raport aprés l'option2 Drhouse

missman00 · Answer

Que doije faire maintenant ?

Utilisateur anonyme · Answer

Hi,

refait un hijackthis.

Alut.

missman00 · Answer

Voila le rapport hijacthis : Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:23, on 16/11/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\cmd.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: NameServer = 85.255.112.112;85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: NameServer = 85.255.112.112;85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: NameServer = 85.255.112.112;85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: NameServer = 85.255.112.112;85.255.112.69
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AddFiltr - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdmyc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Utilisateur anonyme · Answer

Hi,

Relance hijack et clique sur "Do a system scan only"
Ensuite recherche ces lignes et coches les cases

O17 - HKLM\System\CCS\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: NameServer = 85.255.112.112;85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: NameServer = 85.255.112.112;85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: NameServer = 85.255.112.112;85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: NameServer = 85.255.112.112;85.255.112.69 



Ensuite clique sur "Fix checked"

Et relance smithfraudix option 5

Alut.

missman00 · Answer

Voila le raport de l'option 5 

SmitFraudFix v2.375

Scan done at 19:28:04,52, 16/11/2008
Run from C:\Users\hp\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost
::1             localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Connexion réseau Intel(R) PRO/1000 PL
DNS Server Search Order: 85.255.112.112;85.255.112.69

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: DhcpNameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: NameServer=85.255.112.112;85.255.112.69
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Utilisateur anonyme · Answer

Hi,

tu a bien cocher les lignes 017?

Alut.

missman00 · Answer

Oui ... Pourquoi ?

Utilisateur anonyme · Answer

Hi,

refait un hijackthis.

Alut.

missman00 · Answer

Voila : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:01, on 16/11/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\cmd.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: NameServer = 85.255.112.112;85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: NameServer = 85.255.112.112;85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: NameServer = 85.255.112.112;85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{E53EC082-73F4-4BB7-93DE-E230B6E06B01}: NameServer = 85.255.112.112;85.255.112.69
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AddFiltr - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdmyc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

missman00 · Answer

Dans le raport ke je pose il y a quatre 017 seulement dans hijacthis on en voi que 3
Est-ce normal ?

missman00 · Answer

Dans le raport ke je pose il y a quatre 017 seulement dans hijacthis on en voi que 3
Est-ce normal ?

Utilisateur anonyme · Answer

Hi,

Les lignes sont toujours presente.Recommence la manip en mode sans échec les deux=>fixer et supprimer les lignes avec hijackthis et aussi l'option 5 de smithfraudix.

Ensuite passe ce log.

Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :


/!\ Déconnectes toi et fermes toutes applications en cours

&#9679; Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
&#9679; Double clique sur l'icône Ad-removersituée sur ton bureau
&#9679; Au menu principal choisi l'option "A"
&#9679; Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Alut.

missman00 · Answer

Il me mait accés refuser et quand je le met en executer en tant qu'administrateur il me met Tools manquan
...:s

Utilisateur anonyme · Answer

Hi,

sur vista ......grrrr.....

Essai le en mode sans échec.

Alut.

missman00 · Answer

Okok

missman00 · Answer

Voilla :
   
F --------- Logfile of AD-Remover 1.0.3.3 by C_XX ---------    

START at: 21:16:13 | 16/11/2008 
ON: Microsoft Windows [version 6.0.6000] ( Windows Vista ) 
Internet Explorer: 7.0.6000.16757
OPTION: Scan
EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
USER: hp | PC: PC-DE-HP
BOOT MODE: MSE
/!\ UAC is enable 
DRIVE(S): C:\ D:\ E:\ F:\  
~> Systemdrive: C:\
 
--------- [ PROCESSES ] ---------

\SystemRoot\System32\smss.exe [264]   
C:\Windows\system32\csrss.exe [388]   
C:\Windows\system32\csrss.exe [424]   
C:\Windows\system32\wininit.exe [432]   
C:\Windows\system32\winlogon.exe [476]   
C:\Windows\system32\services.exe [504]   
C:\Windows\system32\lsass.exe [520]   
C:\Windows\system32\lsm.exe [528]   
C:\Windows\system32\svchost.exe [668]   
C:\Windows\system32\svchost.exe [720]   
C:\Windows\System32\svchost.exe [848]   
C:\Windows\system32\svchost.exe [872]   
C:\Windows\system32\svchost.exe [924]   
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [936]   
C:\Windows\Explorer.EXE [1132]   
C:\Windows\system32\DllHost.exe [1336]   

---------------------------- [~> 16]


+---------------------------------------------------------------------------+
+-------------------------------  SERVICES FOUND
+---------------------------------------------------------------------------+ 

Found ! - "Boonty Games"  

+---------------------------------------------------------------------------+
+-------------------------------  REGISTRY ELEMENTS FOUND
+---------------------------------------------------------------------------+ 

"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo" 
"HKEY_LOCAL_MACHINE\Software\Boonty" 
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}" 
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}" 
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Boonty Games" 
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games" 
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Boonty Games" 
"HKEY_CURRENT_USER\SOFTWARE\EoRezo" 
"HKEY_CURRENT_USER\SOFTWARE\Boonty" 
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}" 
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho" 
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1" 
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}" 
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}" 

+---------------------------------------------------------------------------+
+-------------------------------  FILES\FOLDERS FOUND 
+---------------------------------------------------------------------------+ 

[16/11/2008 19:21|--a------] C:\Windows\PFRO.log 
[07/07/2008 23:54|d--------] C:\Program Files\BoontyGames 
[27/05/2008 16:14|d--------] C:\Program Files\EoRezo 
[28/10/2008 21:24|d--------] C:\Program Files\Common Files\BOONTY Shared 
[27/05/2008 16:14|d--------] C:\Users\hp\AppData\Roaming\EoRezo 
[28/10/2008 21:24|d--------] C:\ProgramData\BOONTY 
[04/11/2008 13:36|d--------] C:\ProgramData\Microsoft\Windows\STARTM~1\Programs\BoontyGames 
 
 
+---------- Scanning prefs.js ... ( # Mozilla User Preferences ) 
 
...\vdtbvpm3.default\prefs.js : 
 
~~~~ Mozilla FireFox version 2.0.0.14 ~~~~ 
  
Start Page :  "https://www.google.com/?gws_rd=ssl"   
 
+----------+ 
 
 
+---------------------------------------------------------------------------+ 
 

+---------- Added scan ...

+-----[HKLM\...\Run]
 
SunJavaUpdateSched    REG_SZ    "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" 
QPService    REG_SZ    "C:\Program Files\HP\QuickPlay\QPService.exe" 
QuickTime Task    REG_SZ    "C:\Program Files\QuickTime\QTTask.exe" -atboottime 
WireLessMouse    REG_SZ    C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe MouseDrv.exe 
WireLessKeyboard    REG_SZ    C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe PS2USBKbdDrv.exe 
LogitechVideoRepair    REG_SZ    C:\Program Files\Logitech\Video\ISStart.exe  
LogitechVideoTray    REG_SZ    C:\Program Files\Logitech\Video\LogiTray.exe 
NBKeyScan    REG_SZ    "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" 
mcagent_exe    REG_SZ    "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey 
Adobe Reader Speed Launcher    REG_SZ    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 

+-----[HKCU\...\Run]

Sidebar    REG_SZ    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun 
MsnMsgr    REG_SZ    "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background 
ISUSPM Startup    REG_SZ    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup 
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}    REG_SZ    "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 
WMPNSCFG    REG_SZ    C:\Program Files\Windows Media Player\WMPNSCFG.exe 
SpybotSD TeaTimer    REG_SZ    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 

+-----[HKLM\...\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home 

+-----[HKCU\...\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome 

+---------------------------------------------------------------------------+
+-------------------------------  [ EOF - 101 lines ]
+---------------------------------------------------------------------------+

[ END at: 21:16:29 | 16/11/2008 ] - [ Time elapsed: 15.6 seconds ]

Utilisateur anonyme · Answer

Hi,

! Déconnectes toi et fermes toutes applications en cours !

* Relances "Ad-remover" : au menu principal choisi l'option "B" .

--> le programme va travailler ...

* Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\

Alut.

missman00 · Answer

Adremover:
F --------- Logfile of AD-Remover 1.0.3.3 by C_XX ---------    

START at: 21:21:48 | 16/11/2008 
ON: Microsoft Windows [version 6.0.6000] ( Windows Vista )
Internet Explorer: 7.0.6000.16757
OPTION: Clean
EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
USER: hp | PC: PC-DE-HP
BOOT MODE: MSE
/!\ UAC is enable 
DRIVE(S): C:\ D:\ E:\  
~> Systemdrive: C:\
 
--------- [ PROCESSES ] ---------

\SystemRoot\System32\smss.exe [264]   
C:\Windows\system32\csrss.exe [388]   
C:\Windows\system32\csrss.exe [424]   
C:\Windows\system32\wininit.exe [432]   
C:\Windows\system32\winlogon.exe [476]   
C:\Windows\system32\services.exe [504]   
C:\Windows\system32\lsass.exe [520]   
C:\Windows\system32\lsm.exe [528]   
C:\Windows\system32\svchost.exe [668]   
C:\Windows\system32\svchost.exe [720]   
C:\Windows\System32\svchost.exe [848]   
C:\Windows\system32\svchost.exe [872]   
C:\Windows\system32\svchost.exe [924]   
C:\Windows\Explorer.EXE [1132]   
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [1568]   
c:\PROGRA~1\mcafee.com\agent\mcagent.exe [1680]   

---------------------------- [~> 16]


+---------------------------------------------------------------------------+
+-------------------------------  SERVICES DELETED
+---------------------------------------------------------------------------+ 

Deleted successfully ! - "Boonty Games"  

+---------------------------------------------------------------------------+
+-------------------------------  REGISTRY ELEMENTS DELETED 
+---------------------------------------------------------------------------+ 

/!\ -"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo" 
/!\ -"HKEY_LOCAL_MACHINE\Software\Boonty" 
/!\ -"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}" 
/!\ -"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}" 
/!\ -"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Boonty Games" 
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Boonty"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
/!\ -"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho" 
/!\ -"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1" 
/!\ -"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}" 
/!\ -"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}" 

+---------------------------------------------------------------------------+
+-------------------------------  FILES\FOLDERS DELETED 
+---------------------------------------------------------------------------+ 

[16/11/2008 19:21|--a------] C:\Windows\PFRO.log  
[07/07/2008 23:54|d--------] C:\Program Files\BoontyGames  
[27/05/2008 16:14|d--------] C:\Program Files\EoRezo  
[28/10/2008 21:24|d--------] C:\Program Files\Common Files\BOONTY Shared  
[27/05/2008 16:14|d--------] C:\Users\hp\AppData\Roaming\EoRezo  
[28/10/2008 21:24|d--------] C:\ProgramData\BOONTY  
[04/11/2008 13:36|d--------] C:\ProgramData\Microsoft\Windows\STARTM~1\Programs\BoontyGames  

(!) ---- Temp files deleted.

(!) ---- Recycle bin emptied in all drives.

 
 
+---------- Scanning prefs.js ... ( # Mozilla User Preferences ) 
 
...\vdtbvpm3.default\prefs.js : 
 
~~~~ Mozilla FireFox version 2.0.0.14 ~~~~ 
  
Start Page :  "https://www.google.com/?gws_rd=ssl"   
 
+----------+ 
 
 

+---------- Added scan ...

+-----[HKLM\...\Run]
 
SunJavaUpdateSched    REG_SZ    "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" 
QPService    REG_SZ    "C:\Program Files\HP\QuickPlay\QPService.exe" 
QuickTime Task    REG_SZ    "C:\Program Files\QuickTime\QTTask.exe" -atboottime 
WireLessMouse    REG_SZ    C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe MouseDrv.exe 
WireLessKeyboard    REG_SZ    C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe PS2USBKbdDrv.exe 
LogitechVideoRepair    REG_SZ    C:\Program Files\Logitech\Video\ISStart.exe  
LogitechVideoTray    REG_SZ    C:\Program Files\Logitech\Video\LogiTray.exe 
NBKeyScan    REG_SZ    "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" 
mcagent_exe    REG_SZ    "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey 
Adobe Reader Speed Launcher    REG_SZ    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 

+-----[HKCU\...\Run]

Sidebar    REG_SZ    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun 
MsnMsgr    REG_SZ    "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background 
ISUSPM Startup    REG_SZ    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup 
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}    REG_SZ    "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 
WMPNSCFG    REG_SZ    C:\Program Files\Windows Media Player\WMPNSCFG.exe 
SpybotSD TeaTimer    REG_SZ    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 

+-----[HKLM\...\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/ 

+-----[HKCU\...\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome 

+---------------------------------------------------------------------------+
+-------------------------------  [ EOF - 98 lines ]
+---------------------------------------------------------------------------+

[ END at: 21:25:47 | 16/11/2008 ] - [ Time elapsed: 3 minutes, 58 seconds ]

missman00 · Answer

Hijacthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:44, on 16/11/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Safe mode

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5382C383-85B6-42A0-95D1-77BBB68D3491}: NameServer = 85.255.112.112;85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{6370DFF6-0A8A-4627-B239-549D81ECF74C}: NameServer = 85.255.112.112;85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAD728C0-710A-42D9-9CD5-DC26AC2B3093}: NameServer = 85.255.112.112;85.255.112.69
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AddFiltr - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdmyc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Utilisateur anonyme · Answer

Hi,

vire spybot et tu désinstalle ton opérateur internet.

refait les étapes suivantes:

-option 2 de smuithfraudix 

-Fixer les lignes 017.


-option 5 de smithfraudix.

Ensuite tu remet l'opérateur internet et tu refait un nouvelle hijackthis.

Alut.

missman00 · Answer

je n'est pas doperateur internet sur mon ordi enfet g un ordinateur portable relier a un ordinateur fixe via un cable ethernet ...je n'est pas eu besouin d'installer un operateur internet ...:s

missman00 · Answer

Bon mais j'ai viré spybot et fais le reste de ce que tu m'a dit hors-mis l'operateur internet ...jatend d'avoir le resultat

missman00 · Answer

Je Doit aller me coucher je reviendrez demain Bsx bsx Drhouse merci de ton aide Les ligne 017 y sont tjs ...a demain Bisous XXXXX

missman00 · Answer

Bonjour Drhouse je suis revenue jespére que tu est conecté ...=)

ps:je sait que les gent ne sont pas a ma disposion mais c'est pour voir si il y a des gent qui sont sur se topic ^^

Utilisateur anonyme · Answer

Hi,

oui suis la maintenant.

Alut.

missman00 · Answer

Oui je n'arrive pas a suprimer ces ligne O17 quoi que je fasse elle reste la :s ...

Virus ou trojan que faire pour les suprimer

54 réponses

Discussions similaires