svp analyse hijack

[titou8111]

bonjour,

 

alors voila defender est bloqué certains install ne fonctionnent pas comme quicktime, ou office et certaines gravures plantent sans raisons + des petits bugs intempestifs ; tout cela n'a pas l'air lié mais mon pc déconne a plein tube depuis quelques temps et je vois pas d'ou ca vient tout cela est arrivé d'un coup alors si quelqu'un veut bien m'aider d'avance merci.

 

rapport hijack :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:19:40, on 02/09/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\mixer.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\BitTorrent\bittorrent.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)

O13 - Gopher Prefix:

O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.orange.fr/al/presentation/pc...ivex/Ephoto.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

[eclypse]

Salut

 

Fais ce scan par Internet Explorer puis poste le rapport

 

@+

 

Eclypse

[titou8111]

salut tout dabord merci pour ton intéret mais apparement ce scan n'est pas dispo pour vista

[eclypse]

Salut

 

Je vois que tu as avast je tencourage à lire ceci très instructif

 

Si tu veux desinstaller Avast apres la lecture :

 

• T
  é
  l
  é
  charge
  A
  S
  WCLEAR
  
  
• Ouvre-le
  
  
• S
  i tu avez in
  s
  tall
  é
  ava
  s
  t dan
  s
  un do
  s
  s
  ier diff
  é
  rent de celui par d
  é
  faut retrouve le en parcourrant votre di
  s
  que avec le bouton "...". (Note: Fait attention! Le contenu de tout do
  s
  s
  ier que tu choi
  s
  ira
  s
  s
  era
  s
  upprim
  é
  !)
  
  
• Clique
  s
  ur Unin
  s
  tall
  
  
• Red
  é
  marre votre ordinateur
  
  

  
  

 

Tuto pour installer antivr

 

une fois ceci fais et antivir mis à jour redemarre en mode sans echec (f8 au demarrage) puis lance un scan et poste moi le rapport dans ton prochain post

 

@+

 

Eclypse

Modifié le 4 septembre 2007 par eclypse

[titou8111]

bon j'ai quand même lancé le nanoscan panda voila le résultat

 

Scan result:

There are no active viruses on your PC

Time: 49 seconds.

 

Antivirus: Avira AntiVir PersonalEdition (active and updated)

 

 

 

Recommendation:

Scan your PC thoroughly with TotalScan

[titou8111]

bon j'ai lu, j'ai vu, j'ai compru je downloade, je met à jour, je scanne et je te tiens au jus

[titou8111]

Salut Eclypse,

 

Désolé de répondre si tardivement mais le scan a duré la bagatelle de 12 h !!!

 

Je me suis demandé pourquoi c'était si long aussi je me suis penché sur les détails du scan et je me suis apercu que les dossiers "Application Data" de tous les utilisateurs étaient dupliqués à environ 30 exemplaires minimum j'ai rien touché en attendant tes conseils voila, ci-joint le rapport d'antivir, merci encore.

 

 

 

AntiVir PersonalEdition Classic

Report file date: mardi 4 septembre 2007 10:53

 

Scanning for 1043873 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows Vista

Windows version: (plain) [6.0.6000]

Username: Tofe & Linlin

Computer name: TOTOR

 

Version information:

BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00

AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14

AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54

LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04

LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59

ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58

ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 08:48:34

ANTIVIR2.VDF : 6.39.1.74 1637376 Bytes 02/09/2007 08:48:36

ANTIVIR3.VDF : 6.39.1.83 28160 Bytes 04/09/2007 08:48:36

AVEWIN32.DLL : 7.4.1.66 2789888 Bytes 04/09/2007 08:48:37

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26

AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 04/09/2007 08:48:37

AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08

AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05

AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42

RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18

RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: F:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: mardi 4 septembre 2007 10:53

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'swdsvc.exe' - '1' Module(s) have been scanned

Scan process 'svcntaux.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsm.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'wininit.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

17 processes with 17 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'H:\'

[NOTE] No virus was found!

Boot sector 'A:\'

[NOTE] In the drive 'A:\' no data medium is inserted!

 

Starting to scan the registry.

The registry was scanned ( '10' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Tofe & Linlin\Documents\Download internet\W211_FR.EXE

[0] Archive type: ACE SFX (self extracting)

--> html\franais\av.htm

[WARNING] Error creating the file

--> html\franais\commands.htm

[WARNING] No further files can be extracted from this archive. The archive will be closed

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\Documents and Settings\Tofe & Linlin\Mes documents\Download internet\W211_FR.EXE

[0] Archive type: ACE SFX (self extracting)

--> html\franais\av.htm

[WARNING] Error creating the file

--> html\franais\commands.htm

[WARNING] No further files can be extracted from this archive. The archive will be closed

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\Program Files\Corel\Corel Paint Shop Pro X\crack\replacer.exe

[DETECTION] Is the Trojan horse TR/Crackpai.A.19

[iNFO] The file was moved to '474d45c8.qua'!

C:\Program Files\SoftwareDoctor\ErrorDoctor\ErrorDoctor.exe

[DETECTION] Contains signature of the Phish-File/Email PHISH/FraudTool.ErrorDoctor.A.2

[iNFO] The file was moved to '474f87b3.qua'!

C:\Users\Tofe & Linlin\Documents\Download internet\W211_FR.EXE

[0] Archive type: ACE SFX (self extracting)

--> html\franais\av.htm

[WARNING] Error creating the file

--> html\franais\commands.htm

[WARNING] No further files can be extracted from this archive. The archive will be closed

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\Users\Tofe & Linlin\Mes documents\Download internet\W211_FR.EXE

[0] Archive type: ACE SFX (self extracting)

--> html\franais\av.htm

[WARNING] Error creating the file

--> html\franais\commands.htm

[WARNING] No further files can be extracted from this archive. The archive will be closed

[WARNING] No further files can be extracted from this archive. The archive will be closed

Begin scan in 'D:\' <Disque local>

Begin scan in 'H:\'

H:\Download softwares\Paint_Shop_Pro_X_FR_crack_keygen.zip

[0] Archive type: ZIP

--> Corel Paint Shop Pro X - Installation Files/replacer.exe

[DETECTION] Is the Trojan horse TR/Crackpai.A.19

--> crack/replacer.exe

[DETECTION] Is the Trojan horse TR/Crackpai.A.19

[iNFO] The file was moved to '4746bb9e.qua'!

H:\Download softwares\zzz - Nero 7 Premium 7.5.9.0 - Multilangages(Incl-Serial).rar

[0] Archive type: RAR

--> setup.exe

[DETECTION] Contains signature of the worm WORM/Kapucen.B.73

[iNFO] The file was moved to '4757bc10.qua'!

Begin scan in 'A:\'

Search path A:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'E:\'

Search path E:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'F:\'

Search path F:\ could not be opened!

Le périphérique n'est pas prêt.

 

 

 

End of the scan: mardi 4 septembre 2007 22:11

Used time: 11:17:39 min

 

The scan has been done completely.

 

106596 Scanning directories

3705891 Files were scanned

5 viruses and/or unwanted programs were found

0 classified as suspicious:

0 files were deleted

0 files were repaired

4 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

3705886 Files not concerned

314857 Archives were scanned

13 Warnings

0 Notes

0 Hidden objects were found

[titou8111]

Ah 1 autre info beaucoup de dossiers de "documents & settings" sont marqués comme étant des raccourcis (en fait tous les dossiers de "base" de documents & settings: application data, bureau, documents, favoris, menu demarrer, modeles...)