Aller au contenu

bremus

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    9

  • Inscription

  • Dernière visite

bremus's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. bremus
    Voici le rapport obtenu lors du scan de toolbarsd. Je n'arrive toujours pas a etteindre le site bleeping computer, j'ai essaye d'installer escan mais en vain il me demande une version plus recente car certains fichiers sont corompus. Je suis en Finlande, je ne sais pas si ceci explique le fait que je n'arrive pas a me rendre sur le site. Donc toujours pas de deuxieme scan.... -----------\\ ToolBar S&D 1.1.6 XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel® Celeron® M CPU 420 @ 1.60GHz ) BIOS : BIOS Date: 09/18/06 11:06:32 Ver: 08.00.13 USER : Sabina ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition Classic 0.0.0.0 (Not Activated) "C:\ToolBar SD" ( MAJ : 30-08-2008|00:19 ) Option : [2] ( m† 01.09.2008|22:21 ) -----------\\ SUPPRESSION Supprime! - C:\DOCUME~1\Sabina\APPLIC~1\FunWebProducts\Data Supprime! - C:\Program Files\FunWebProducts\ScreenSaver Supprime! - C:\Program Files\FunWebProducts\Shared Echec ! - C:\Program Files\MyWebSearch\bar Supprime! - C:\Program Files\MyWebSearch\SrchAstt Supprime! - C:\DOCUME~1\Sabina\Cookies\sabina@mywebsearch[2].txt Supprime! - C:\WINDOWS\System32\f3PSSavr.scr Supprime! - C:\Program Files\Internet Explorer\msimg32.dll Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Supprime! - C:\Program Files\MSN Messenger\riched20.dll Supprime! - C:\DOCUME~1\Sabina\APPLIC~1\FunWebProducts Supprime! - C:\Program Files\FunWebProducts Echec ! - C:\Program Files\MyWebSearch -----------\\ DEUXIEME PASSAGE Echec ! - C:\Program Files\MyWebSearch\bar Echec ! - C:\Program Files\MyWebSearch -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar -----------\\ Extensions (Sabina) - {7affbfae-c4e2-4915-8c0f-00fa3ec610a1} => aoltoolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Search Page"="http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR" "Search Bar"="http://search.msn.fi/spbasic.htm" "First Home Page"="http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.yahoo.com/" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections --------------------\\ ROOTKIT !! [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV] -- ROOTKIT Tibs ! [HKLM\..\CurrentControlSet\Enum\Root\tdssserv] -- ROOTKIT Tibs ! [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV] -- ROOTKIT Tibs ! [HKLM\..\ControlSet001\Enum\Root\tdssserv] -- ROOTKIT Tibs ! [HKLM\..\ControlSet003\Enum\Root\LEGACY_TDSSSERV] -- ROOTKIT Tibs ! [HKLM\..\ControlSet003\Enum\Root\tdssserv] -- ROOTKIT Tibs ! 1 - "C:\ToolBar SD\TB_1.txt" - s” 31.08.2008|20:01 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - m† 01.09.2008|22:27 - Option : [2] -----------\\ Fin du rapport a 22:27:16,42
  2. bremus
    Je n'arrive pas a atteindre les pages du sites bleeping computer. J'ai cependant reussi a trouver comofix. J'essaye de le lancer mais il me demande de le renommer.
  3. bremus
    le lien pour combofix ne fonctionne plus. Je n'ai pas reussi a le trouver sur internet...
  4. bremus
    Voici le rapport. Pardon pour les reponses multiples et repetees. Merci encore. -----------\\ ToolBar S&D 1.1.6 XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel® Celeron® M CPU 420 @ 1.60GHz ) BIOS : BIOS Date: 09/18/06 11:06:32 Ver: 08.00.13 USER : Sabina ( Administrator ) BOOT : Normal boot Antivirus : F-Secure Anti-Virus 5.44 5.44 (Activated) "C:\ToolBar SD" ( MAJ : 30-08-2008|00:19 ) Option : [1] ( s” 31.08.2008|19:55 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\DOCUME~1\Sabina\APPLIC~1\FunWebProducts C:\DOCUME~1\Sabina\APPLIC~1\FunWebProducts\Data C:\Program Files\FunWebProducts C:\Program Files\FunWebProducts\ScreenSaver C:\Program Files\FunWebProducts\Shared C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar C:\Program Files\MyWebSearch\SrchAstt C:\DOCUME~1\Sabina\Cookies\sabina@mywebsearch[2].txt C:\WINDOWS\System32\f3PSSavr.scr C:\Program Files\Internet Explorer\msimg32.dll C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll C:\Program Files\MSN Messenger\riched20.dll -----------\\ Extensions (Sabina) - {7affbfae-c4e2-4915-8c0f-00fa3ec610a1} => aoltoolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Search Page"="http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR" "Search Bar"="http://search.msn.fi/spbasic.htm" "First Home Page"="http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.yahoo.com/"'>http://www.yahoo.com/" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.yahoo.com/" --------------------\\ Recherche d'autres infections --------------------\\ ROOTKIT !! [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV] -- ROOTKIT Tibs ! [HKLM\..\CurrentControlSet\Enum\Root\tdssserv] -- ROOTKIT Tibs ! [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV] -- ROOTKIT Tibs ! [HKLM\..\ControlSet001\Enum\Root\tdssserv] -- ROOTKIT Tibs ! [HKLM\..\ControlSet003\Enum\Root\LEGACY_TDSSSERV] -- ROOTKIT Tibs ! [HKLM\..\ControlSet003\Enum\Root\tdssserv] -- ROOTKIT Tibs ! 1 - "C:\ToolBar SD\TB_1.txt" - s” 31.08.2008|20:01 - Option : [1] -----------\\ Fin du rapport a 20:01:53,01
  5. bremus
    L e rapport dans son integralite. Merci de cette reponse rapide Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:36:36, on 30.8.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\WINDOWS\system32\V0230Mon.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\rhc36bj0evea\rhc36bj0evea.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Realtek RTL8187 Wireless Network Driver and Utility\RtWLan.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\WINDOWS\system32\pphc76bj0evea.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fi/spbasic.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.soneraplaza.fi/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.fi;*.*.fi;*.*.*.fi;;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\syst
  6. bremus
    le rapport en integralite... Logfile of HijackThis v1.99.1 Scan saved at 14:22:52, on 30.8.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\WINDOWS\system32\V0230Mon.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\rhc36bj0evea\rhc36bj0evea.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Realtek RTL8187 Wireless Network Driver and Utility\RtWLan.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\WINDOWS\system32\pphc76bj0evea.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\DOCUME~1\Sabina\LOCALS~1\Temp\Tilapäinen kansio 2 hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fi/spbasic.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.soneraplaza.fi/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.fi;*.*.fi;*.*.*.fi;;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptic
  7. bremus
    L e rapport dans son integralite. Merci de cette reponse rapide Antivirus xp se lance au demarage, et commence un scan. Impossible jusqu¨a present de sën defaire. Il arrive que le pc se bloque lorsque je stoppe le scqn mais peu frequent. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:36:36, on 30.8.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\WINDOWS\system32\V0230Mon.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\rhc36bj0evea\rhc36bj0evea.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Realtek RTL8187 Wireless Network Driver and Utility\RtWLan.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\WINDOWS\system32\pphc76bj0evea.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fi/spbasic.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.soneraplaza.fi/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.fi;*.*.fi;*.*.*.fi;;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-
  8. bremus
    Bonjour, Grosse difficulté face à ce fichu virus. Aprés avoir parcouru quelques sites, je comprends que la réponse à apporter est spécifique pour chaque utilisateur malheureux. Je poste donc par avance le rapport Hijack, en espérant que quelqu'un a assez de temps pour m'aider. Merci d'avance. Bremus Rapport: Logfile of HijackThis v1.99.1 Scan saved at 14:00:57, on 30.8.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\WINDOWS\system32\V0230Mon.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\rhc36bj0evea\rhc36bj0evea.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Realtek RTL8187 Wireless Network Driver and Utility\RtWLan.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\WINDOWS\system32\pphc76bj0evea.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\Sabina\LOCALS~1\Temp\Tilapäinen kansio 1 hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fi/spbasic.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.soneraplaza.fi/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.fi;*.*.fi;*.*.*.fi;;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Recgua
  9. bremus
    Bonjour, Grosse difficulté face à ce fichu virus. Aprés avoir parcouru quelques sites, je comprends que la réponse à apporter est spécifique pour chaque utilisateur malheureux. Je poste donc par avance le rapport Hijack, en espérant que quelqu'un a assez de temps pour m'aider. Merci d'avance. Bremus Rapport: Logfile of HijackThis v1.99.1 Scan saved at 14:00:57, on 30.8.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE
×
×
  • Créer...