Petit soucis de vers sans doute, log hijack inside
Dernière réponse : dans Sécurité
Voilà j'ai un petit soucis, quant je veux aller sur certains liens, j'ai un redirect automatique vers des résultats de recherche google bidons. Les liens sont clean, pas de problème sur un autre ordi, par contre sur celui-là à chaque fois j'ai une redirection.
pas d'autres problèmes sur le pc ni pour 90% du surf.
J'ai spyboté, j'ai fait un scan avec antivir mais le problème persiste.
voilà mon log hijack pour voir si vous trouvez des trucs à virer :
Logfile of HijackThis v1.99.1
Scan saved at 22:53:06, on 25/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\NetCaptor\NetCaptor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\FAB\Local Settings\Temporary Internet Files\Content.IE5\RNXJZT8W\HijackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.selexium.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.selexium.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.selexium.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O17 - HKLM\System\CCS\Services\Tcpip\..\{73525A7A-DFB2-4FAC-B1DB-3ED3C0DD5D43}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B5FA19F-B1E5-4FEF-A9B2-2FD568AEE00B}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{A048730A-9EE3-440E-9B66-6BFE25331682}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{D61695D1-BDE4-42A4-8A17-E87E506F7D4C}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF608025-EE1C-473F-B851-4005B59524E0}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CS1\Services\Tcpip\..\{73525A7A-DFB2-4FAC-B1DB-3ED3C0DD5D43}: NameServer = 85.255.114.5,85.255.112.147
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
merci
pas d'autres problèmes sur le pc ni pour 90% du surf.
J'ai spyboté, j'ai fait un scan avec antivir mais le problème persiste.
voilà mon log hijack pour voir si vous trouvez des trucs à virer :
Logfile of HijackThis v1.99.1
Scan saved at 22:53:06, on 25/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\NetCaptor\NetCaptor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\FAB\Local Settings\Temporary Internet Files\Content.IE5\RNXJZT8W\HijackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.selexium.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.selexium.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.selexium.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O17 - HKLM\System\CCS\Services\Tcpip\..\{73525A7A-DFB2-4FAC-B1DB-3ED3C0DD5D43}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B5FA19F-B1E5-4FEF-A9B2-2FD568AEE00B}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{A048730A-9EE3-440E-9B66-6BFE25331682}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{D61695D1-BDE4-42A4-8A17-E87E506F7D4C}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF608025-EE1C-473F-B851-4005B59524E0}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CS1\Services\Tcpip\..\{73525A7A-DFB2-4FAC-B1DB-3ED3C0DD5D43}: NameServer = 85.255.114.5,85.255.112.147
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
merci
Autres pages sur : petit soucis vers doute log hijack inside
Lassé par la pub ? Créez un compte
Bonsoir,
Tu as une infection wareout.
1/ Télécharge et lance Fixwareout.exe
Poste le rapport situé ici : C:\fixwareout\report.txt
2/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
O17 - HKLM\System\CCS\Services\Tcpip\..\{73525A7A-DFB2-4FAC-B1DB-3ED3C0DD5D43}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B5FA19F-B1E5-4FEF-A9B2-2FD568AEE00B}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{A048730A-9EE3-440E-9B66-6BFE25331682}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{D61695D1-BDE4-42A4-8A17-E87E506F7D4C}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF608025-EE1C-473F-B851-4005B59524E0}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CS1\Services\Tcpip\..\{73525A7A-DFB2-4FAC-B1DB-3ED3C0DD5D43}: NameServer = 85.255.114.5,85.255.112.147
3/ Télécharge, installe et mets à jour ewido
Lors de l'installation, décoche les 2 cases "Install background guard" et "Install scan via context menu"
Lance ewido (Scan complet du système) et supprime tout ce qu'il trouve. Sauvegarde le rapport sur le bureau.
4/ Enfin poste le rapport d'ewido ainsi qu'un nouveau rapport HJT.
Tu as une infection wareout.
1/ Télécharge et lance Fixwareout.exe
Poste le rapport situé ici : C:\fixwareout\report.txt
2/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
O17 - HKLM\System\CCS\Services\Tcpip\..\{73525A7A-DFB2-4FAC-B1DB-3ED3C0DD5D43}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B5FA19F-B1E5-4FEF-A9B2-2FD568AEE00B}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{A048730A-9EE3-440E-9B66-6BFE25331682}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{D61695D1-BDE4-42A4-8A17-E87E506F7D4C}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF608025-EE1C-473F-B851-4005B59524E0}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CS1\Services\Tcpip\..\{73525A7A-DFB2-4FAC-B1DB-3ED3C0DD5D43}: NameServer = 85.255.114.5,85.255.112.147
3/ Télécharge, installe et mets à jour ewido
Lors de l'installation, décoche les 2 cases "Install background guard" et "Install scan via context menu"
Lance ewido (Scan complet du système) et supprime tout ce qu'il trouve. Sauvegarde le rapport sur le bureau.
4/ Enfin poste le rapport d'ewido ainsi qu'un nouveau rapport HJT.
voilà le rapport du fix ( flippant comme prog quant même lol ):
Fixwareout ver 1.003
Last edited 04/09/2006
Post this report in the forums please
Reg Entries that were deleted
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...
PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is lagitamate
»»»»» Search by size and names...
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
le rapport d'ewido :
--------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 00:13:05, 26/04/2006
+ Somme de contrôle: 3E6C6E48
+ Résultats du scan:
C:\Documents and Settings\FAB\Cookies\fab@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@adtech[2].txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@counter10.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@media.fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@sexlist[1].txt -> TrackingCookie.Sexlist : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
::Fin du rapport
et le nouveau hijack :
Logfile of HijackThis v1.99.1
Scan saved at 00:13:49, on 26/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\NetCaptor\NetCaptor.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\FAB\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.selexium.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
et ça marche nickel, un gros gros gros merci à toi :-P :-P
Fixwareout ver 1.003
Last edited 04/09/2006
Post this report in the forums please
Reg Entries that were deleted
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...
PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is lagitamate
»»»»» Search by size and names...
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
le rapport d'ewido :
--------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 00:13:05, 26/04/2006
+ Somme de contrôle: 3E6C6E48
+ Résultats du scan:
C:\Documents and Settings\FAB\Cookies\fab@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@adtech[2].txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@counter10.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@media.fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@sexlist[1].txt -> TrackingCookie.Sexlist : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\FAB\Cookies\fab@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
::Fin du rapport
et le nouveau hijack :
Logfile of HijackThis v1.99.1
Scan saved at 00:13:49, on 26/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\NetCaptor\NetCaptor.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\FAB\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.selexium.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
et ça marche nickel, un gros gros gros merci à toi :-P :-P
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumLog hijack a analyser merci
- ForumLog de hijack this
- ForumLog hijack this merci
- ForumExplication pour log hijack this
- ForumVirus log hijack suspect
- ForumAnalyse log hijack this.
- ForumPc lent - log hijack
- ForumPc rame log hijack
- ForumAnalyse log hijack svp
- ForumAnalyse de log hijack thins
- Voir plus
