HijackThis

Kevdu93 · le 23 juillet 2004

Salut a tous

voila si vous pouvez me donnez kelke conseils e serai sympas

merci bcp de vos reponse

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchweb2.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://searchweb2.com/passthrough/index.ht...unonce.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - Default URLSearchHook is missing

O2 - BHO: Bird gram readme - {6B4C3D8C-1D1A-A851-BB6E-FD07B76E67D0} - C:\PROGRA~1\EQHECK~1\Amen pile.dll (file missing)

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Bluewin - {AA88B988-6184-56F9-BD40-FE9D268DC487} - C:\PROGRA~1\EQHECK~1\Amen pile.dll (file missing)

O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\fr\msntb.dll (file missing)

O4 - HKLM\..\Run: [audio window] C:\PROGRA~1\UPLOAD~1\flap draw.exe

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\BOOTSKIN.EXE" /StartupJobs

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\CACHEMAN\Cacheman.exe

O4 - Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06390b30a72d12...RdxIE601_fr.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{548F3012-D281-4753-AC23-E5E22B3640F3}: NameServer = 194.117.200.10 194.117.200.15

edit : voila je lai mit a jour et refait un scan ^^

Modifié le 23 juillet 2004 par Kevdu93

Hellaumax · le 23 juillet 2004

Premier conseil : télécharges la dernière version de Hijackthis.

Apparemment, tu as Adaware , mais vérifie que tu as les dernières mises à jour.

Sinon, sur ton log, tu peux fixer :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchweb2.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://searchweb2.com/passthrough/index.ht...unonce.msn.com/

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll

O2 - BHO: (no name) - {6B4C3D8C-1D1A-A851-BB6E-FD07B76E67D0} - C:\PROGRA~1\EQHECK~1\Amen pile.dll (file missing)

O3 - Toolbar: Bluewin - {AA88B988-6184-56F9-BD40-FE9D268DC487} - C:\PROGRA~1\EQHECK~1\Amen pile.dll (file missing)

O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\fr\msntb.dll (file missing)

O4 - HKLM\..\Run: [rigqvuxqqmyg] C:\WINDOWS\System32\xzkyepyw.exe

Kevdu93 · le 23 juillet 2004

merci bcp pr scette reponse et j'ai verifier tout est a jour ^^

Hellaumax · le 23 juillet 2004

Ta version de HijackThis n'est pas la dernière : il existe une version 1.98.

Et penses à garder la liste des processes qui figure au début du log de hijackthis

ipl_001 · le 23 juillet 2004

Bonsoir , , bonsoir à tous,

Coche, ferme les fenêtres IE et "Fix Checked" :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchweb2.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://searchweb2.com/passthrough/index.ht...unonce.msn.com/

R3 - Default URLSearchHook is missing

O2 - BHO: Bird gram readme - {6B4C3D8C-1D1A-A851-BB6E-FD07B76E67D0} - C:\PROGRA~1\EQHECK~1\Amen pile.dll (file missing)

O3 - Toolbar: Bluewin - {AA88B988-6184-56F9-BD40-FE9D268DC487} - C:\PROGRA~1\EQHECK~1\Amen pile.dll (file missing)

O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\fr\msntb.dll (file missing)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

le 23 juillet 2004

salut

j'aurais bien supprimé celui la aussi, je le sens pas du tout :

O4 - HKLM\..\Run: [audio window] C:\PROGRA~1\UPLOAD~1\flap draw.exe

Kevdu93 · le 23 juillet 2004

merci beaucoup pour toute ses reponse voila apres vous avoir ecouté il me reste sa ^^

Logfile of HijackThis v1.97.7

Scan saved at 01:44:01, on 24/07/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\PROGRA~1\CACHEMAN\Cacheman.exe

C:\Program Files\Club-Internet\Lanceur\lanceur.exe

C:\Program Files\AIM95\aim.exe

C:\Program Files\Medal Script 4.9\mIRC.exe

C:\Program Files\FlashFXP\FlashFXP.exe

G:\eMule\emule.exe

C:\Program Files\FlashFXP\FlashFXP.exe

C:\Program Files\MyIE2\MyIE.exe

C:\Program Files\FlashFXP\FlashFXP.exe

C:\WINDOWS\system32\NOTEPAD.EXE

F:\APPZ\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll