guymauve Posté(e) le 14 mai 2005 Posté(e) le 14 mai 2005 Bonjour, Cela fait 2 jours que je tente de réparer un pc infecté comme c'est pas permis. Au départ j'avais lancé ad-aware qui m'avais trouvé 1100 problèmes. Bref j'ai passé a-v + cccleaner + spysweeper + anti trojan, modifier le msconfig Je suis passé au sp2 aussi mais je n'arrive pas à faire les maj depuis le net. De plus j'ai un dossier isrvs que je n'arrive pas à virer. En 1 mot comme en 100 ... Au secours ... PS: je dois être dans les gagnants là non ??? Un grand merci d'avance. Logfile of HijackThis v1.99.1 Scan saved at 17:19:25, on 14/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender8\vsserv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Program Files\Softwin\BitDefender8\bdoesrv.exe C:\Program Files\Softwin\BitDefender8\bdnagent.exe C:\WINDOWS\System32\w?auboot.exe C:\Documents and Settings\Maurice\Application Data\satp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\msiexec.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3EDBA5DF-1969-6591-6BD3-678309C8F4E9} - C:\WINDOWS\System32\mqkpik.dll O2 - BHO: (no name) - {EB9C1461-09E0-94E6-F2FC-52E41E589E51} - (no file) O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\Softwin\BitDefender8\bdoesrv.exe O4 - HKLM\..\Run: [bDNewsAgent] C:\Program Files\Softwin\BitDefender8\bdnagent.exe O4 - HKCU\..\Run: [Zw0mRjN5T] touql32.exe O4 - HKCU\..\Run: [bpa] C:\WINDOWS\System32\w?auboot.exe O4 - HKCU\..\Run: [Aaes] C:\Documents and Settings\Maurice\Application Data\satp.exe O4 - HKCU\..\Run: [Lhe] C:\WINDOWS\System32\Lpr.exe O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Startup: WindowsUpdate57726[1].exe O4 - Startup: winupdate14709836[1].exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Microsoft AntiSpyware helper - {AD9AA0BF-7096-4507-8AA2-E792C27525B7} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AD9AA0BF-7096-4507-8AA2-E792C27525B7} - (no file) (HKCU) O15 - Trusted Zone: *.c4tdownload.com O15 - Trusted Zone: *.horse-active.net O15 - Trusted Zone: *.iframe.biz O15 - Trusted Zone: *.newiframe.biz O15 - Trusted Zone: *.overpro.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.sp2admin.biz O15 - Trusted Zone: *.sp2fucked.biz O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.horse-active.net (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted IP range: 64.62.171.156 O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Sha...t//DexiaIIA.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110910364512 O16 - DPF: {B467A3AF-E45B-4B1B-9983-C035D988FB0F} - http://advnt01.com/dialer/belgio_ver10.CAB O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{170A721C-5192-4799-B912-A1AC489340B2}: NameServer = 194.119.228.67 193.74.208.135 O17 - HKLM\System\CS1\Services\Tcpip\..\{170A721C-5192-4799-B912-A1AC489340B2}: NameServer = 194.119.228.67 193.74.208.135 O20 - Winlogon Notify: drct16 - drct16.dll (file missing) O20 - Winlogon Notify: iexplore - i\ird.dll (file missing) O21 - SSODL: NTDBGTOOL - {ED8D65C8-F7C4-4A1A-87EA-4B9602AB236F} - C:\WINDOWS\System32\rasaaddr.dll O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netnn32.exe (file missing) O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: Windows update Service (updater) - Unknown owner - C:\WINDOWS\System32\wisvcc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
tom_beckett Posté(e) le 14 mai 2005 Posté(e) le 14 mai 2005 Salut j'ai fais un scan par curiosité . Si tu pourrais me dire ce qu'il en est. Je te remercie beaucoup. J'ai mis le rapport en ligne sur le site . Apparement c'est good. Mais je préfère demander avis à un humain que un robot Merci beaucoup. Logfile of HijackThis v1.99.1 Scan saved at 18:50:35, on 14/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\SpeedFan\speedfan.exe D:\serveur\emule pawio\emule.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112028768968 O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Keyboard Service System Files (Keyboard Service) - Unknown owner - C:\WINDOWS\System32\keyboard.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Amnesiac Posté(e) le 15 mai 2005 Posté(e) le 15 mai 2005 Salut, avec un peu de retard, voici mon log aveles modifs que tu m'avais dit de faire Logfile of HijackThis v1.99.1 Scan saved at 16:18:09, on 15/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SOUNDMAN.EXE I:\gamez\valve\steam\steam.exe C:\Program Files\TheTurtle\TheTurtle.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Serv-U\ServUTray.exe C:\Program Files\Samurize\Client.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Serv-U\ServUDaemon.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\BitTorrent\btdownloadgui.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [Microsoft Support Service] svcmgt.exe O4 - HKLM\..\Run: [Microsoft Update Machine] winss.exe O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe O4 - HKLM\..\Run: [symantec Anti Virus] symantec32.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\RunServices: [Microsoft Support Service] svcmgt.exe O4 - HKLM\..\RunServices: [Microsoft Update Machine] winss.exe O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe O4 - HKLM\..\RunServices: [symantec Anti Virus] symantec32.exe O4 - HKCU\..\Run: [Microsoft Support Service] svcmgt.exe O4 - HKCU\..\Run: [Microsoft Update Machine] winss.exe O4 - HKCU\..\Run: [symantec Anti Virus] symantec32.exe O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe O4 - HKCU\..\Run: [steam] "i:\gamez\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [servUTrayIcon] C:\Program Files\Serv-U\ServUTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger le site web avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Télécharger sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger tout avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098620658624 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing) O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\Program Files\Serv-U\ServUDaemon.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Anti Virus (Symantec) - Unknown owner - C:\WINDOWS\system32\symantec32.exe" -netsvcs (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
snooky Posté(e) le 15 mai 2005 Auteur Posté(e) le 15 mai 2005 @ guymauve : Passe ccleaner. Ces processus doivent disparaitre de ton pc : ( termine ces processus s'ils sont actifs dans le gestionnaire de tâches ) C:\WINDOWS\System32\w?auboot.exe C:\Documents and Settings\Maurice\Application Data\satp.exe ... touql32.exe ...WindowsUpdate57726[1].exe ...winupdate14709836[1].exe Utilise la fonction "Delete a file on reboot " de Hijackthis . ( capture décran plus haut dans les posts ) Fixer objet sur ces lignes : O2 - BHO: (no name) - {3EDBA5DF-1969-6591-6BD3-678309C8F4E9} - C:\WINDOWS\System32\mqkpik.dll O2 - BHO: (no name) - {EB9C1461-09E0-94E6-F2FC-52E41E589E51} - (no file) O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [Zw0mRjN5T] touql32.exe O4 - HKCU\..\Run: [bpa] C:\WINDOWS\System32\w?auboot.exe O4 - HKCU\..\Run: [Aaes] C:\Documents and Settings\Maurice\Application Data\satp.exe O4 - Startup: WindowsUpdate57726[1].exe O4 - Startup: winupdate14709836[1].exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: Microsoft AntiSpyware helper - {AD9AA0BF-7096-4507-8AA2-E792C27525B7} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AD9AA0BF-7096-4507-8AA2-E792C27525B7} - (no file) (HKCU) O15 - Trusted Zone: *.c4tdownload.com O15 - Trusted Zone: *.horse-active.net O15 - Trusted Zone: *.iframe.biz O15 - Trusted Zone: *.newiframe.biz O15 - Trusted Zone: *.overpro.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.sp2admin.biz O15 - Trusted Zone: *.sp2fucked.biz O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.horse-active.net (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted IP range: 64.62.171.156 O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Sha...t//DexiaIIA.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110910364512 O16 - DPF: {B467A3AF-E45B-4B1B-9983-C035D988FB0F} - http://advnt01.com/dialer/belgio_ver10.CAB O20 - Winlogon Notify: drct16 - drct16.dll (file missing) O20 - Winlogon Notify: iexplore - i\ird.dll (file missing) O21 - SSODL: NTDBGTOOL - {ED8D65C8-F7C4-4A1A-87EA-4B9602AB236F} - C:\WINDOWS\System32\rasaaddr.dll O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netnn32.exe (file missing) O23 - Service: Windows update Service (updater) - Unknown owner - C:\WINDOWS\System32\wisvcc.exe Procède à ces manipulations en mode sans échec. Poste un nouveau rapport.
ZinZin Posté(e) le 15 mai 2005 Posté(e) le 15 mai 2005 Suite a ma grosse galère ici... je post mon rapport hijackthis en esperant être aidé Logfile of HijackThis v1.99.1Scan saved at 18:26 ZinZin, on 15/05/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\system32\spoolsv.exe F:\Program Files\Avast4\aswUpdSv.exe F:\Program Files\Avast4\ashServ.exe F:\WINDOWS\System32\svchost.exe F:\PROGRA~1\Avast4\ashDisp.exe F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe F:\Program Files\Razer\razertra.exe F:\WINDOWS\Mixer.exe F:\Program Files\MessengerPlus! 3\MsgPlus.exe F:\Program Files\Razer\razerofa.exe F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe F:\Program Files\Razer\razerhid.exe F:\Program Files\iTunes\iTunesHelper.exe F:\Program Files\Avast4\ashWebSv.exe F:\Program Files\Skype\Phone\Skype.exe F:\Program Files\iPod\bin\iPodService.exe F:\Program Files\MSN Messenger\msnmsgr.exe F:\Program Files\Opera\Opera.exe F:\Documents and Settings\Jimmy\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1036 F3 - REG:win.ini: run= O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [razertra] F:\Program Files\Razer\razertra.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110729895109 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...489/mcfscan.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Avast4\aswUpdSv.exe O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - F:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) @Snooky: si tu peu repondre dans mon post (ici) c'est cool :mad2:
snooky Posté(e) le 15 mai 2005 Auteur Posté(e) le 15 mai 2005 @ amnesiac : Passe "]Clean Up[/b] Scan , coche et fixe ces lignes avec Hijackthis : O4 - HKLM\..\Run: [Microsoft Support Service] svcmgt.exe O4 - HKLM\..\Run: [Microsoft Update Machine] winss.exe O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe O4 - HKLM\..\Run: [symantec Anti Virus] symantec32.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunServices: [Microsoft Support Service] svcmgt.exe O4 - HKLM\..\RunServices: [Microsoft Update Machine] winss.exe O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe O4 - HKLM\..\RunServices: [symantec Anti Virus] symantec32.exe O4 - HKCU\..\Run: [Microsoft Support Service] svcmgt.exe O4 - HKCU\..\Run: [Microsoft Update Machine] winss.exe O4 - HKCU\..\Run: [symantec Anti Virus] symantec32.exe O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Reboot. Passe en mode sans échec et désactive la restauration system. Scan en ligne ici : Les 5 processus en " gras " ne doivent plus apparaitrent sur ton pc. Utilise " Delete a file on reboot " si encore présent sur ton pc. ( capture d'écran plus haut dans les posts ) Trojanscan Poste un nouveau rapport pour vérification.
snooky Posté(e) le 15 mai 2005 Auteur Posté(e) le 15 mai 2005 DE zinzin : ( pas de " quote " stp... ) Logfile of HijackThis v1.99.1 Scan saved at 18:26 ZinZin, on 15/05/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\system32\spoolsv.exe F:\Program Files\Avast4\aswUpdSv.exe F:\Program Files\Avast4\ashServ.exe F:\WINDOWS\System32\svchost.exe F:\PROGRA~1\Avast4\ashDisp.exe F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe F:\Program Files\Razer\razertra.exe F:\WINDOWS\Mixer.exe F:\Program Files\MessengerPlus! 3\MsgPlus.exe F:\Program Files\Razer\razerofa.exe F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe F:\Program Files\Razer\razerhid.exe F:\Program Files\iTunes\iTunesHelper.exe F:\Program Files\Avast4\ashWebSv.exe F:\Program Files\Skype\Phone\Skype.exe F:\Program Files\iPod\bin\iPodService.exe F:\Program Files\MSN Messenger\msnmsgr.exe F:\Program Files\Opera\Opera.exe F:\Documents and Settings\Jimmy\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1036 F3 - REG:win.ini: run= O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [razertra] F:\Program Files\Razer\razertra.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110729895109 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...489/mcfscan.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Avast4\aswUpdSv.exe O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - F:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
snooky Posté(e) le 15 mai 2005 Auteur Posté(e) le 15 mai 2005 @ zinzin : Passe Clean Up Fixer objet sur ces lignes : F3 - REG:win.ini: run= O4 - HKLM\..\Run: [sunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - F:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) Reboot. Passe CWShredder Scan en ligne ici : Trojanscan Poste un nouveau rapport pour vérification.
ZinZin Posté(e) le 15 mai 2005 Posté(e) le 15 mai 2005 J'ai fait tout ce que tu m'a dit.... Pour le scan en ligne il a rien trouver.... un nouveau rapport: Logfile of HijackThis v1.99.1 Scan saved at 19:39 ZinZin, on 15/05/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\system32\spoolsv.exe F:\PROGRA~1\Avast4\ashDisp.exe F:\Program Files\Razer\razertra.exe F:\WINDOWS\Mixer.exe F:\Program Files\MessengerPlus! 3\MsgPlus.exe F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe F:\Program Files\iTunes\iTunesHelper.exe F:\Program Files\Razer\razerofa.exe F:\Program Files\Skype\Phone\Skype.exe F:\Program Files\Razer\razerhid.exe F:\Program Files\MSN Messenger\msnmsgr.exe F:\Program Files\Avast4\aswUpdSv.exe F:\Program Files\Avast4\ashServ.exe F:\WINDOWS\System32\svchost.exe F:\Program Files\iPod\bin\iPodService.exe F:\Program Files\Avast4\ashWebSv.exe F:\Program Files\Opera\Opera.exe F:\Documents and Settings\Jimmy\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1036 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [razertra] F:\Program Files\Razer\razertra.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110729895109 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...489/mcfscan.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Avast4\aswUpdSv.exe O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - F:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
snooky Posté(e) le 15 mai 2005 Auteur Posté(e) le 15 mai 2005 Désactive ce service un moment dans services.msc ( Outils d'administration du panneau deconfiguration ) Ton rapport est clean ...et Avast délire .
ZinZin Posté(e) le 15 mai 2005 Posté(e) le 15 mai 2005 Tu veu que je le desactive un moment puis que je lre active ? Mon win est en anglais je le trouve pas ce service
snooky Posté(e) le 15 mai 2005 Auteur Posté(e) le 15 mai 2005 ça concerne la vidéo en streaming ...ce service à désactiver.
Fahim0506 Posté(e) le 15 mai 2005 Posté(e) le 15 mai 2005 salut snooky, j'aimerai savoir qu'est ce qu'il faut fixer merci Logfile of HijackThis v1.99.1 Scan saved at 20:48:02, on 15/05/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\HEWLET~1\AiO\HPPSC7~1\Bin\hpobrt07.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\WINDOWS\system32\hpoipm07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Creative\MediaSource\RemoteControl\OSDEAX.exe C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE C:\Program Files\JetAudio\JetAudio.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107209730874 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Amnesiac Posté(e) le 15 mai 2005 Posté(e) le 15 mai 2005 bsoir Logfile of HijackThis v1.99.1 Scan saved at 23:20:08, on 15/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ASUS\Probe\AsusProb.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe I:\gamez\valve\steam\steam.exe C:\Program Files\TheTurtle\TheTurtle.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\Serv-U\ServUTray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Samurize\Client.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Serv-U\ServUDaemon.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\system32\wuauclt.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKCU\..\Run: [steam] "i:\gamez\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [servUTrayIcon] C:\Program Files\Serv-U\ServUTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger le site web avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Télécharger sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger tout avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098620658624 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing) O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\Program Files\Serv-U\ServUDaemon.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Anti Virus (Symantec) - Unknown owner - C:\WINDOWS\system32\symantec32.exe" -netsvcs (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing) voilà le dernier Hijackthis en date
snooky Posté(e) le 15 mai 2005 Auteur Posté(e) le 15 mai 2005 Ton rapport est clean Ces " inutiles " encore : O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
Amnesiac Posté(e) le 15 mai 2005 Posté(e) le 15 mai 2005 Ton rapport est clean Ces " inutiles " encore : O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe je vais virer tout ça Dr Snooky (t'es à plein tps ici on dirait )
Elhan Posté(e) le 16 mai 2005 Posté(e) le 16 mai 2005 Bonjour tout le monde, je suis nouveau ici. J'ai donc un problème d'ordinateur, et je vous montre mon log hijack de il y a quelques minutes :) Logfile of HijackThis v1.99.1 Scan saved at 15:03:17, on 16/05/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\foobar2000\foobar2000.exe C:\Program Files\a2 Free\a2start.exe C:\Program Files\a2 Free\a2scan.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing) O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Voilà, mon pc rame assez, je ne peux pas aller au gestionnaire de taches, mes applications plantent souvent..
guymauve Posté(e) le 16 mai 2005 Posté(e) le 16 mai 2005 Revoilà le mien avec plusieurs lignes impossibles à fixer. Encore merci dr snooky. Logfile of HijackThis v1.99.1 Scan saved at 15:24:09, on 16/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Program Files\Softwin\BitDefender8\bdoesrv.exe C:\Program Files\Softwin\BitDefender8\vsserv.exe C:\WINDOWS\System32\alg.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\Softwin\BitDefender8\bdoesrv.exe O4 - HKCU\..\Run: [Lhe] C:\WINDOWS\System32\Lpr.exe O4 - Startup: WindowsUpdate57726[1].exe O4 - Startup: winupdate14709836[1].exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1116248102577 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{170A721C-5192-4799-B912-A1AC489340B2}: NameServer = 194.119.228.67 193.74.208.135 O17 - HKLM\System\CS1\Services\Tcpip\..\{170A721C-5192-4799-B912-A1AC489340B2}: NameServer = 194.119.228.67 193.74.208.135 O21 - SSODL: NTDBGTOOL - {BED5C971-17E0-4CC1-AF8D-D87DBD000BC8} - C:\WINDOWS\system32\kbdhmasf.dll O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netnn32.exe (file missing) O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: Windows update Service (updater) - Unknown owner - C:\WINDOWS\System32\wisvcc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
snooky Posté(e) le 16 mai 2005 Auteur Posté(e) le 16 mai 2005 @ Elhan : Fixe ces lignes : O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing) Fait un scan en ligne ici :Trojanscan Installe le SP2 Poste un nouveau rapport.
snooky Posté(e) le 16 mai 2005 Auteur Posté(e) le 16 mai 2005 @guymauve : Désactive la restauration system. Boot en mode sans échec et supprime des lignes en cherchant sur ton pc ( regarde aussi dans msconfig pour voir si présents , et décoche ) : O4 - Startup: WindowsUpdate57726[1].exe O4 - Startup: winupdate14709836[1].exe Scan en ligne ici : http://fr.trendmicro-europe.com/consumer/p...usecall_pre.php
Messages recommandés
Archivé
Ce sujet est désormais archivé et ne peut plus recevoir de nouvelles réponses.