Aide Anallyse rapport Hijack This

(5 Pages)
1
2
3
→
Dernière »

Vous ne pouvez pas commencer un sujet
Vous ne pouvez pas répondre à ce sujet

Aide Anallyse rapport Hijack This merci de votre aide Noter :

#1 arnaud paris

Member

Groupe : Membres
Messages : 81
Inscrit(e) : 30-janvier 06

Posté 18 avril 2006 - 10:13

Bonjour,

Merci de votre aide pour analyse rapport hijack pc infecte . les manips prealables ont ete faites, antivir, configuration, dossiers caches, etc

le rapport est dessous

Logfile of HijackThis v1.99.1
Scan saved at 11:06:37, on 2006-04-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Real\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\DOCUME~1\Maciej\USTAWI~1\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - blank (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - blank (file missing)
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Real\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1060.dll,InstantAccess
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer_2005\uwfx5.exe" /scan
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downloadv3.com/binaries/P2E..._1049_EN_XP.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140995324841
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/egaccess4...ccess4_1060.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Merci Arnaud

Retour en haut of the page up there ^

#2 pitcat

Godlike Member

Groupe : Equipe Sécurité
Messages : 2331
Inscrit(e) : 02-décembre 05

Posté 18 avril 2006 - 10:31

bonjour arnaud paris
ton log montre des signes d'infection notamment Instant Access et WinFixer2005
attend un expert qui t'indiquera la demarche à suivre
à +

Ne pas cliquer

Retour en haut of the page up there ^

#3 pitcat

Godlike Member

Groupe : Equipe Sécurité
Messages : 2331
Inscrit(e) : 02-décembre 05

Posté 18 avril 2006 - 10:55

re
pour te debarrasser de winfixer utilise SpyBot Search & Destroy
* Télécharge SpyBot Search & Destroy :
http://spybot.safer-...load/index.html
l'installer et le configurer comme dans ce lien=>
http://www.zebulon.f...es/spybot_1.php

Note : n'oublie pas de le mettre à jour ! Ne mets pas le Teatimer en route, tu le feras plus tard si tu le désires.

* Lance Spybot. Sur la page d'accueil, clique sur "Vérifier tout"
Patiente le temps du scan. Lorsque le scan est fini, clique sur "Corriger les problèmes" pour éliminer les espions.
Sauvegarde le résultat du scan comme ceci =>
- Clique sur la liste de malwares trouvés avec le bouton droit de ta souris
- Dans le menu, choisis : "Sauver tout le rapport dans le fichier".
- Une fenêtre s'ouvre, clique sur le bouton "Enregistrer".
- Quitte le programme.
ensuite refait un hijackthis et colle le rapport ici
ton dossier hijackthis est mal situe,il est dans un dossier temps
le mettre à la racine du disque dur(C:\hijackthis)sinon tu perdra les sauvegardes
à+

Ce message a été modifié par pitcat - 18 avril 2006 - 10:58 .

Ne pas cliquer

Retour en haut of the page up there ^

#4 arnaud paris

Member

Groupe : Membres
Messages : 81
Inscrit(e) : 30-janvier 06

Posté 18 avril 2006 - 10:59

Merci de tes reponses> Je vais essayer avec spybot, ;ais j4ai;erias bien un avis expert en securite>

Cordialement

Arnaud

pitcat, le mardi 18 avril 2006 à 11h56, dit :

Retour en haut of the page up there ^

#5 arnaud paris

Member

Groupe : Membres
Messages : 81
Inscrit(e) : 30-janvier 06

Posté 18 avril 2006 - 12:03

Rebonjour,

J ai installe spybot, fait une analyse. Outre winfixer, il semble avoir eradiaque un bon nombre de spywares.

voila le nouveau rapport hijack this

merci d avance de votre aide

Logfile of HijackThis v1.99.1
Scan saved at 12:57:12, on 2006-04-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Real\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - blank (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - blank (file missing)
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Real\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1060.dll,InstantAccess
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downloadv3.com/binaries/P2E..._1049_EN_XP.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140995324841
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/egaccess4...ccess4_1060.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Retour en haut of the page up there ^

#6 naheulbeuk

Power Member

Groupe : Membres
Messages : 181
Inscrit(e) : 28-janvier 06

Posté 18 avril 2006 - 12:43

salut,

1/ Fais ceci pour éliminer Egdaccess :

Télécharge Brute Force Uninstaller (de Merijn)
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)

FAIS UN CLIC-DROIT ICI et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS Remover (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe

Sous Scriptline to execute copie/colle cette ligne :

c:\bfu\EGDACCESS.bfu

Clique sur Execute et laisse-le faire son travail.

Attendre que Complete script execution apparaîsse et clique sur OK.
Clique Exit pour fermer le programme BFU.

2/ refais un scan hijackthis coche et fix ces lignes :

O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1060.dll,InstantAccess
O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downl..._1049_EN_XP.cab
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.downl...svc32_EN_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downl...svc32_EN_XP.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4....ccess4_1060.cab

3/ ferme hijackthis et redémarre ton pc

4/ Télécharge la version d'essai d'Ewido ici :

http://www.ewido.net/fr/

et l'installer (important: pendant l'installation, sur la page "Additional Options" décocher les deux options "Install background guard" et "Install scan via context menu").

Démarrer ewido. Cliquer sur mise à jour, attendre la fin de cette mise à jour puis, fermer le programme.

Lorsque vous étes passé en mode sans échec, relancer Ewido et cliquer sur scanner puis sur scan complet du système.

Si des fichiers infectés sont trouvés, garder l'option par défaut Supprimer (avec la ligne "Créer des copies de sauvegarde cryptées dans la quarantaine" cochée).

A la fin du scan, Sauver le rapport (Fichier/Enregistrer sous...) et l'envoyer

5/ repost aussi un nouveau rapport hijackthis !

A+

Allez voir mon site personnel ! C'est un site sur la sécurité informatique !
http://mickael.barro...rite/index.html

Retour en haut of the page up there ^

#7 arnaud paris

Member

Groupe : Membres
Messages : 81
Inscrit(e) : 30-janvier 06

Posté 18 avril 2006 - 01:31

Bomjour,

merci de ces precisions. j ai fixe les ligmes mentionnes avec hijack this. une precision avant d installer hevido, est ce un antivirus et dois desinstaller antivir le cas echeant

merci par avance

arnaud

naheulbeuk, le mardi 18 avril 2006 à 13h44, dit :

salut,

1/ Fais ceci pour éliminer Egdaccess :

Télécharge Brute Force Uninstaller (de Merijn)
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)

FAIS UN CLIC-DROIT ICI et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS Remover (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe

Sous Scriptline to execute copie/colle cette ligne :

c:\bfu\EGDACCESS.bfu

Clique sur Execute et laisse-le faire son travail.

Attendre que Complete script execution apparaîsse et clique sur OK.
Clique Exit pour fermer le programme BFU.
2/ refais un scan hijackthis coche et fix ces lignes :

O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1060.dll,InstantAccess
O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downl..._1049_EN_XP.cab
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.downl...svc32_EN_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downl...svc32_EN_XP.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4....ccess4_1060.cab

3/ ferme hijackthis et redémarre ton pc

4/ Télécharge la version d'essai d'Ewido ici :

http://www.ewido.net/fr/

et l'installer (important: pendant l'installation, sur la page "Additional Options" décocher les deux options "Install background guard" et "Install scan via context menu").

Démarrer ewido. Cliquer sur mise à jour, attendre la fin de cette mise à jour puis, fermer le programme.

Lorsque vous étes passé en mode sans échec, relancer Ewido et cliquer sur scanner puis sur scan complet du système.

Si des fichiers infectés sont trouvés, garder l'option par défaut Supprimer (avec la ligne "Créer des copies de sauvegarde cryptées dans la quarantaine" cochée).

A la fin du scan, Sauver le rapport (Fichier/Enregistrer sous...) et l'envoyer

5/ repost aussi un nouveau rapport hijackthis !

A+

Retour en haut of the page up there ^

#8 arnaud paris

Member

Groupe : Membres
Messages : 81
Inscrit(e) : 30-janvier 06

Posté 18 avril 2006 - 04:16

Re Bonjour,

Merci de tes conseils avises .

voici le rapport suite au scan co;plet de evido et ensuite un nouvel hijack this apres ce scan .

Evido .

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 17:08:21, 2006-04-18
+ Report-Checksum: 47750C36

+ Scan result:

C:\Documents and Settings\Maciej\Cookies\maciej@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Maciej\Cookies\maciej@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adbutler : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adbutler : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adbutler : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.385:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.386:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Trafficcenter : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Trafficcenter : Cleaned with backup
:mozilla.391:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Trafficcenter : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Trafficcenter : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Trafficcenter : Cleaned with backup
:mozilla.394:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.395:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.396:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.401:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.402:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.410:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.411:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.430:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.431:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.439:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.440:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adition : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adition : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.462:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.71i : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.466:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.467:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.468:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.469:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.474:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.477:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.493:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Inet-cash : Cleaned with backup
:mozilla.494:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Inet-cash : Cleaned with backup
:mozilla.499:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.500:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.501:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.502:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.525:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.529:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.530:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.531:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.532:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.577:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.615:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.616:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.617:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\kiddjtk6.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Profiles\default\61n6gt64.slt\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
C:\Documents and Settings\Maciej\Pulpit\Nieużywane skróty pulpitu\Ulubione strony.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Documents and Settings\Maciej\Ustawienia lokalne\Temp\Cookies\maciej@gde.adocean[2].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Maciej\Ustawienia lokalne\Temp\Cookies\maciej@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Maciej\Ustawienia lokalne\Temp\SAcc.prod.v1158.02mar2006.exe.77bf176e5dca598920408defa75a7c80 -> Adware.SurfAccuracy : Cleaned with backup
C:\Documents and Settings\Maciej\Ustawienia lokalne\Temp\uninstall.exe -> Adware.SurfAcc : Cleaned with backup
C:\Program Files\Hijack this\backups\backup-20060418-142906-625.dll -> Dialer.InstantAccess.e : Cleaned with backup
C:\WINDOWS\antyvirk.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\WINDOWS\system32\egaccess4_1059.dll -> Trojan.Dialer.pc : Cleaned with backup
C:\WINDOWS\system32\hjewyrgcp.exe -> Adware.NaviPromo : Cleaned with backup
C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Cleaned with backup
C:\WINDOWS\system32\msplock32.dll -> Adware.NaviPromo : Cleaned with backup
D:\Instalki\Instant-Access.exe -> Dialer.InstantAccess.m : Cleaned with backup

::Report End

Hijack this

Logfile of HijackThis v1.99.1
Scan saved at 17:12:18, on 2006-04-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Real\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada

TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -

C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

blank (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - blank (file

missing)
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program

Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Real\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition

Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program

files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program

files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

-{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/.../client/wuweb_s

ite.cab?1140995324841
O17 -

HKLM\System\CCS\Services\Tcpip\..\{642D0FAE-18B4-40E9-A366-922BFA77DBC7}:

NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) -

Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA

GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program

Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe

cordialement

Arnaud

arnaud paris, le mardi 18 avril 2006 à 14h32, dit :

Retour en haut of the page up there ^

#9 naheulbeuk

Power Member

Groupe : Membres
Messages : 181
Inscrit(e) : 28-janvier 06

Posté 18 avril 2006 - 07:12

recoucou ! :-P

ewido a bien fait son boulot !

le bfu aussi car tu n'es plus infecté par EGDACCESS - Instant Access !

il faudra que tu mettes a jour windows une fois que l'on aura fini de désinfecter ton pc !

as-tu un pare-feu (=firewall) ? si oui, lequel ?

1/ refais un scan hijackthis coche et fix ces lignes :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - blank (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - blank (file missing)

2/ ferme hijackthis et redémarre ton pc

3/ fais un scan panda en ligne :
ici
et post moi le rapport de ce scan ici une fois terminé !

4/ repost aussi après tout ca un nouveau rapport hijackthis !

A+ :-(

Allez voir mon site personnel ! C'est un site sur la sécurité informatique !
http://mickael.barro...rite/index.html

Retour en haut of the page up there ^

#10 arnaud paris

Member

Groupe : Membres
Messages : 81
Inscrit(e) : 30-janvier 06

Posté 18 avril 2006 - 09:13

Bonsoir,

Je suis en train de faire un scan panda, je te post le resultat des aue c est pret, plus un nouveau rapport hijack this.

concernant les lignes a cocher, je n ai pas coche les lignes suivantes

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

La raion est aue c est l ordi d un ami qui est en pologne avec moi en ce moment, aussi les sites indiaues correspondent reellememt a quelaue chose de connu, je suis a l ecoute de ton avis...

Sur ce pc, il n y a que le pare feu de windows, je suis preneur d une solution efficace et meilleure et si possible gratuite.

Concernant les mises a jour de windows, je les ferai.

Merci et a tout a l heure.

arnaud

naheulbeuk, le mardi 18 avril 2006 à 20h13, dit :

recoucou ! :-P

ewido a bien fait son boulot !

le bfu aussi car tu n'es plus infecté par EGDACCESS - Instant Access !

il faudra que tu mettes a jour windows une fois que l'on aura fini de désinfecter ton pc !

as-tu un pare-feu (=firewall) ? si oui, lequel ?

1/ refais un scan hijackthis coche et fix ces lignes :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - blank (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - blank (file missing)

2/ ferme hijackthis et redémarre ton pc

3/ fais un scan panda en ligne :
[url="http://www.pandasoftware.fr/Activescan/Activescan.html"]ici
et post moi le rapport de ce scan ici une fois terminé !

4/ repost aussi après tout ca un nouveau rapport hijackthis !

A+ :-(

Retour en haut of the page up there ^

(5 Pages)
1
2
3
→
Dernière »

Vous ne pouvez pas commencer un sujet
Vous ne pouvez pas répondre à ce sujet

Similar Topics
Sujet	Commencé par	Statistiques	Infos sur le dernier message
Demande aide pour booter sur USB 1 2	b noel	11 réponses 257 vues	22 mai 2012 - 08:09 Par : ab-web
Demande d'aide pour interpréter HijackThis	ilayah	6 réponses 215 vues	11 mai 2012 - 07:45 Par : ilayah
SOS rapport Combofix please ! Sérieuse suspicion de contamination	Ecucu	3 réponses 155 vues	19 mai 2012 - 10:05 Par : bernard53
Néro : comment interpréter un rapport de plantage ?	Arnaud	2 réponses 188 vues	16 mai 2012 - 06:34 Par : Arnaud
[Résolu] Rapport HitjackThis PUP.OfferBox 1 2	jurassic herve	10 réponses 391 vues	06 mai 2012 - 08:06 Par : jurassic herve
Besoin d'aide pour ce code JavaScript Ajouter un champ input text	caramela-bxl	0 réponses 170 vues	17 mai 2012 - 08:39 Par : caramela-bxl
Aide pour contrôle si infection + problème Avira 1 2	jp9905	12 réponses 614 vues	11 mai 2012 - 02:11 Par : Notpa
[Résolu] PC qui rame - besoin d'aide 1 2 3 Envoyé par ab-web	Grenimarouille	26 réponses 719 vues	07 mai 2012 - 11:20 Par : tomtom95
[Résolu] Malware détecté dans rapport HiJackThis	Freeboy	7 réponses 333 vues	09 mai 2012 - 09:07 Par : tomtom95
PC rétif aux clics [sujet bloqué par rapport volumineux]	MCFIVE	4 réponses 198 vues	06 mai 2012 - 11:52 Par : MCFIVE