Aller au contenu

supergg76

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    2

  • Inscription

  • Dernière visite

supergg76's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. supergg76
    Voici la log hijack aprés plusieurs déinstall de q266143083_disk, qui ce réinstallai syntématiquement. sinon ne me retait plus que xbxae.dll. Un grand merci à vous. Est ce que c'est normal que les lignes O17 soient toujours présentes ? Je viens de voir sur d'autre forum le problème. Mais mon rasphone.pbk est vide, et les ligne O17 reviennent après chaque redémarrage !!! Logfile of HijackThis v1.99.1 Scan saved at 01:29:45, on 18/06/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\System32\mnmsrvc.exe C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe C:\WINDOWS\System32\carpserv.exe C:\PROGRA~1\SwiftBtn\SwiftBtn.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe C:\Program Files\OFFICE ONE6.5\OFFICE One Notes\oonotesv65.exe C:\Program Files\OFFICE ONE6.5\program\soffice.exe C:\WINDOWS\System32\wuauclt.exe C:\gg\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [QT4StBtn] C:\PROGRA~1\SwiftBtn\SwiftBtn.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe" O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [oouserv6.exe] C:\Program Files\OFFICE ONE6.5\program\oouserv6.exe O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\OFFICE ONE6.5\program\quickstart.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE ONE6.5\OFFICE One Notes\oonotesv65.exe O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O17 - HKLM\System\CCS\Services\Tcpip\..\{3DF430DE-25F8-4FE8-880C-3A3AFF891B34}: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CCS\Services\Tcpip\..\{440D0E6F-AADD-4031-92A1-0BDF8F7B10A9}: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CCS\Services\Tcpip\..\{758ED13E-2C1B-46B8-A314-41A05E55E031}: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CCS\Services\Tcpip\..\{9A7403DB-D1E6-447D-872D-0AC4B931EEDF}: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CCS\Services\Tcpip\..\{C9C4F4A0-7A87-4FF1-9CCD-117071F99025}: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CS1\Services\Tcpip\..\{3DF430DE-25F8-4FE8-880C-3A3AFF891B34}: NameServer = 69.50.184.84,195.225.176.37 O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  2. supergg76
    Bonjour à tous, Un nouveau defis. Depuis deux jours je cherche à virer de mon pc un virus (je pense) qui fais que l'explorer (redemarrage de la barre menu) je relance toutes les 5 secondes, et pour les manipes c'est super lourds. J'ai déja virer le troyen-spy.html/smithfraud.c puis le virus startpage.p19. Est ce que qq à une piste. Au cas où le resultat de hitjack. Logfile of HijackThis v1.99.1 Scan saved at 23:12:52, on 17/06/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\mnmsrvc.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe C:\WINDOWS\System32\carpserv.exe C:\PROGRA~1\SwiftBtn\SwiftBtn.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\imapi.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Internet Explorer\iexplore.exe E:\spy smtih\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Internet Explorer Hot Fix - {5A5D830F-2637-4E15-8420-1BDBC61F8C3F} - C:\WINDOWS\System32\xbxae.dll O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [QT4StBtn] C:\PROGRA~1\SwiftBtn\SwiftBtn.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe" O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe /auto O4 - HKLM\..\Run: [oouserv6.exe] C:\Program Files\OFFICE ONE6.5\program\oouserv6.exe O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe O4 - HKLM\..\Run: [control64] NopeZ.exe O4 - HKLM\..\Run: [sysEntry] new32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\PROGRA~1\SPYBOT~1\TeaTimer.exe O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\OFFICE ONE6.5\program\quickstart.exe O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE ONE6.5\OFFICE One Notes\oonotesv65.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/instal...hidden-test.cab O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://195.95.218.82/users/zoom/web/axe/x.chm::/update.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{440D0E6F-AADD-4031-92A1-0BDF8F7B10A9}: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CCS\Services\Tcpip\..\{758ED13E-2C1B-46B8-A314-41A05E55E031}: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CCS\Services\Tcpip\..\{9A7403DB-D1E6-447D-872D-0AC4B931EEDF}: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CCS\Services\Tcpip\..\{C9C4F4A0-7A87-4FF1-9CCD-117071F99025}: NameServer = 69.50.184.84,195.225.176.37 O18 - Filter: text/html - {2D456541-CA07-4B27-A1EF-FE4A4DBC198B} - C:\WINDOWS\System32\gjbo.dll O18 - Filter: text/plain - {2D456541-CA07-4B27-A1EF-FE4A4DBC198B} - C:\WINDOWS\System32\gjbo.dll O20 - Winlogon Notify: style2 - C:\WINDOWS\q266143083_disk.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
×
×
  • Créer...