woolfys
-
Compteur de contenus
9 -
Inscription
-
Dernière visite
woolfys's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
voila le rapport trend ne trouve rien il reste juste ca sur hijackthis que je ne peux pas fixer au fait regis vraiment merci pour ton coup de main c tres sympa O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Ser ver\bdss.exe" /service (file missing
-
voila les rapports hijachthis ,ewido et panda Logfile of HijackThis v1.99.1 Scan saved at 09:08:18, on 13/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe C:\Program Files\Trend Micro\Internet Security\tmproxy.exe C:\Program Files\Trend Micro\Internet Security\PccPfw.exe C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security\PCClient.EXE C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.voila.fr/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.trendmicro-europe.com/vinfo.php...e=TROJ_TPATCH.A R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) PANDA Incident Statut Analyse Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\yann\Application Data\Mozilla\Firefox\Profiles\4g8c2q62.default\cookies.txt[] Spyware:Cookie/Xiti No Désinfecté C:\RECYCLER\S-1-5-21-1757981266-1993962763-839522115-1003\Dc17.txt[] EWIDO + Créé le: 09:07:34, 13/04/2006 + Somme de contrôle: 56DE296F + Résultats du scan: :mozilla.9:C:\Documents and Settings\yann\Application Data\Mozilla\Firefox\Profiles\4g8c2q62.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder :mozilla.10:C:\Documents and Settings\yann\Application Data\Mozilla\Firefox\Profiles\4g8c2q62.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder :mozilla.12:C:\Documents and Settings\yann\Application Data\Mozilla\Firefox\Profiles\4g8c2q62.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder :mozilla.15:C:\Documents and Settings\yann\Application Data\Mozilla\Firefox\Profiles\4g8c2q62.default\cookies.txt -> TrackingCookie.Estat : Nettoyer et sauvegarder :mozilla.19:C:\Documents and Settings\yann\Application Data\Mozilla\Firefox\Profiles\4g8c2q62.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder :mozilla.22:C:\Documents and Settings\yann\Application Data\Mozilla\Firefox\Profiles\4g8c2q62.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder voila je pense sue c'est bon y'a que des cookies sauf le rapport hijackthis que je ne sais pas traduire merci encore
-
Incident Statut Analyse Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\TheMagsDashTick\drv surf.exe Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\TheMagsDashTick\ONEMEAL.exe Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\b5t0d53u.default\cookies.txt[] Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\yann\Application Data\Mozilla\Firefox\Profiles\4g8c2q62.default\cookies.txt[] Spyware:Cookie/Humanclick No Désinfecté C:\Documents and Settings\yann\Application Data\Mozilla\Firefox\Profiles\4g8c2q62.default\cookies.txt[31841376] Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\yann\Application Data\Mozilla\Firefox\Profiles\4g8c2q62.default\cookies.txt[] Adware:Adware/Lop No Désinfecté C:\Documents and Settings\yann\Application Data\shimaxislive\Bias Platform Ball Bore.exe Adware:Adware/Lop No Désinfecté C:\Documents and Settings\yann\Application Data\shimaxislive\cvpmcfsj.exe Adware:Adware/Lop No Désinfecté C:\Documents and Settings\yann\Application Data\shimaxislive\dgrnojjo.exe Adware:Adware/Lop No Désinfecté C:\Documents and Settings\yann\Application Data\shimaxislive\inbmjohn.exe Spyware:Cookie/Hbmediapro No Désinfecté C:\Documents and Settings\yann\Cookies\[email protected][2].txt Spyware:Cookie/adultfriendfinder No Désinfecté C:\Documents and Settings\yann\Cookies\yann@adultfriendfinder[2].txt Spyware:Cookie/Belnk No Désinfecté C:\Documents and Settings\yann\Cookies\yann@belnk[1].txt Spyware:Cookie/Belnk No Désinfecté C:\Documents and Settings\yann\Cookies\[email protected][2].txt Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\yann\Cookies\yann@doubleclick[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\yann\Cookies\yann@xiti[1].txt Spyware:Cookie/Xiti No Désinfecté C:\RECYCLER\NPROTECT\00000914.MOZ[] Spyware:Cookie/Xiti No Désinfecté C:\RECYCLER\NPROTECT\00000915.MOZ[] Spyware:Cookie/Xiti No Désinfecté C:\RECYCLER\NPROTECT\00000917.MOZ[] Spyware:Cookie/Xiti No Désinfecté C:\RECYCLER\NPROTECT\00000918.MOZ[] Spyware:Cookie/Xiti No Désinfecté C:\RECYCLER\NPROTECT\00000919.MOZ[] Virus:Trj/Spamer.Y Désinfecté C:\RECYCLER\S-1-5-21-1757981266-1993962763-839522115-1003\Dc1.exe voila et maintenant,tu crois que c'est bon?
-
le rapport ewido ne me detecte rien qd au winlogon de system et system32 je l'ai effacé donc je peux plus l'analyser merci en tout cas de vous pencher sur mon cas
-
oui effectivement j'ai supprimé ce fichier qui etait infecté en passant en mode ss echec car sinon je pouvais pas depuis plus de probleme merci bcp!!
-
qq'un pour lire mon rapport svp et pour sauver le monde ? lollll merci en tout cas
-
voila j'ai tout fait comme il faut et voici mon nouveau rapport merci de prendre un peu de temps pour ca Scan saved at 10:38:13, on 11/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security\tmproxy.exe C:\Program Files\Trend Micro\Internet Security\PccPfw.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Trend Micro\Internet Security\pccguide.exe C:\Program Files\Trend Micro\Internet Security\PCClient.exe C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe C:\WINDOWS\System32\msiexec.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.voila.fr/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.trendmicro-europe.com/vinfo.php...e=TROJ_TPATCH.A R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [bDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe O4 - HKLM\..\Run: [bDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [WindowsUpdateS] C:\WINDOWS\System\winlogon.exe /s O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
-
bonjour et biien voila ewido me trouve un trojan en me didsant winlogon.exe infecté par proxy.agent.jo voici un rapport hijackthis car je sais pas quoi faire d'avance meci pour votre aide Scan saved at 12:01:03, on 10/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Trend Micro\Internet Security\pccguide.exe C:\Program Files\Trend Micro\Internet Security\PCClient.exe C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security\tmproxy.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Trend Micro\Internet Security\PccPfw.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.voila.fr/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.trendmicro-europe.com/vinfo.php...e=TROJ_TPATCH.A R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [bDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe O4 - HKLM\..\Run: [bDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [WindowsUpdateS] C:\WINDOWS\System\winlogon.exe /s O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [internetooze] C:\DOCUME~1\yann\APPLIC~1\SHIMAX~1\Coal Open.exe O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
-
voila depuis 2/3 jours adaware me trouve spy generic sur la becane + un fichier.dll qui se cree ds system 32 que je ne peux enlever car il revient a chaque connexion voici mon rapport hijackthis auquel je comprends rien mais si une bonne fee se penche sur le berceau ...je le remercierait bcp Logfile of HijackThis v1.99.1 Scan saved at 19:01:13, on 28/03/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Trend Micro\Internet Security\pccguide.exe C:\Program Files\Trend Micro\Internet Security\PCClient.exe C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\svchost.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security\tmproxy.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Trend Micro\Internet Security\PccPfw.exe C:\PROGRA~1\MOZILL~1\firefox.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\yann\Local Settings\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.voila.fr/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.trendmicro-europe.com/vinfo.php...e=TROJ_TPATCH.A R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [bDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe O4 - HKLM\..\Run: [bDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [WindowsUpdateS] C:\WINDOWS\System\winlogon.exe /s O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [internetooze] C:\DOCUME~1\yann\APPLIC~1\SHIMAX~1\Coal Open.exe O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [system] C:\WINDOWS\svchost.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)