[ RESOLU ] BIG probleme !! HELP
Forum Sécurité - Virus : [ RESOLU ] BIG probleme !! HELP
Bonjour,
On va regarder si il y a infection 
Poste un rapport HijackThis
Télécharge le, puis met le dans un dossier dédié (exemple : ..\Bureau\Hijackthis\Hijackthis.exe ).
Renomme-le en Scanner.exe (clic droit sur le fichier HijackThis et choisis renommer).
Ensuite, lance le (double clic sur Scanner.exe ensuite tu l’exécutes) appuie sur Do a system scan a save a logfile, le bloc note va alors s’ouvrir, tu copies et tu colles le rapport ici dans ta prochaine réponse.
impossible, le pc en question refuse d'ouvrir le programme.... sa passe par acrobat reader, et comme tout les autre, il refuse de l'ouvrir 
| arsenik_2005 a écrit : ok, j'ai le bleme !
|
Re,
- Fais un scan en ligne Kaspersky avec Internet Explorer :
- Clique sur
- Clique maintenant sur J'accepte.
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des Mises à jour.
- Choisis par la suite l'analyse du Poste de travail
- Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE : Configurer le contrôle des ActiveX
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
j'ai resolus le probleme 
c'etait pas triste j'avoue ! ^^
tu c qd mm vite voir si g pas une merde qui traine qd mm ?
Logfile of HijackThis v1.99.1
Scan saved at 0:59:25, on 28/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\Program Files\Fujitsu\Utils\FjIrKbAp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\igfxext.exe
C:\Program Files\Netpresenter\NpAgent.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\VVSN\VVSN.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\MYTPEN\MYTPEN.EXE
C:\Program Files\Quick View Plus\Program\qvp32.exe
C:\WINDOWS\MYTPEN\PNLWATCH.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\admin01\Desktop\HijackThis\Scanner.exe
C:\Documents and Settings\admin01\Desktop\Important\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = beproxy.eu.unilever.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [FjEvents] C:\Program Files\Fujitsu\Utils\fjevents.exe
O4 - HKLM\..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe
O4 - HKLM\..\Run: [Fujitsu Menu] C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
O4 - HKLM\..\Run: [IR-KeyboardApp] C:\Program Files\Fujitsu\Utils\FjIrKbAp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Test] "C:\WINDOWS\system32\Macromed\Shockwave 8\shortcut to swinit.exe.lnk"
O4 - HKLM\..\Run: [IMAP] C:\Program Files\ISTORE\Istorefm.exe.lnk
O4 - HKLM\..\Run: [RunMediaPlayer9] "C:\Program Files\Windows Media Player\MPlayer9.lnk" /s
O4 - HKLM\..\Run: [NpAgent.exe] C:\Program Files\Netpresenter\NpAgent.exe
O4 - HKLM\..\Run: [DefaultScrSvr] C:\Program Files\Netpresenter\defaultscrsvr.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [virusscan] "C:\Program Files\Network Associates\editkey.EXE" /s
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\shstat.exe" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Siebel7.5.2.2GEN] C:\Program Files\siebel\7.7\web client\Advertise.EXE /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Avenue .lnk = C:\Avenue\Avenue.exe
O4 - Global Startup: My-T-Soft Tablet PC Interface.LNK = ?
O4 - Global Startup: Quick View Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\NPJPI141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\NPJPI141_02.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {37E50FC4-E9B2-4E9A-94F8-88A42FAD313F} (Siebel High Interactivity Framework) - http://BRSLT102/18356/applets/SiebelAx_HI_Client.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 4804443900
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {CD255E03-2DE0-47DE-8E22-AFA7D096B59B} (Siebel Calendar) - http://BRSLT102/18356/applets/SiebelAx_Calendar.cab
O16 - DPF: {D319E6A8-7FBD-4735-9A47-C9B39A0DC6DC} (Siebel Gantt Chart) - http://BRSLT102/18356/applets/SiebelAx_Gantt_Chart.cab
O16 - DPF: {E06373B3-02C9-11D5-8BE8-00D0B7C0A3B1} (WinHook Class) - http://cgtsapp035.eu.unilever.com/ [...] axhook.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = S2.MS.UNILEVER.COM
O17 - HKLM\Software\..\Telephony: DomainName = S2.MS.UNILEVER.COM
O17 - HKLM\System\CCS\Services\Tcpip\..\{14D7DD32-82F6-4169-A5DE-67D99F340B4A}: NameServer = 193.202.192.214,193.57.100.142
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7223F67-AECF-448B-89D3-D26DCD4D65B4}: NameServer = 193.202.192.214,193.57.100.142
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = S2.MS.UNILEVER.COM
O17 - HKLM\System\CS1\Services\Tcpip\..\{14D7DD32-82F6-4169-A5DE-67D99F340B4A}: NameServer = 193.202.192.214,193.57.100.142
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = S2.MS.UNILEVER.COM
O17 - HKLM\System\CS2\Services\Tcpip\..\{14D7DD32-82F6-4169-A5DE-67D99F340B4A}: NameServer = 193.202.192.214,193.57.100.142
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
merci Bob
c'est reglé mais sa ne fonctionnais pas, car la restauration du systeme est un execuatble, et dc s'ouvrai par defaut avec abode...
j'ai du modivier un parametre ds le menu de windows.
