HiJack
HiJack - Sécurité - Windows & Software
Marsh Posté le 20-03-2005 à 22:05:51
La meilleure chose que je puisse te conseiller est de télécharger la version d'essai de KAV sur :
http://www.kaspersky.com/trials?chapter=146481750
et de suivre les conseils donnés ici:
http://www.thespykiller.co.uk/bube.htm
Marsh Posté le 20-03-2005 à 22:40:54
et tu devrais combiner spybot, adaware, ms antispy, le SP2 et un firewall configuré le tout a jour
et desactive la restauration system si c est pas deja fait
Sujets relatifs:
- Galère de spyware, de l'aide pour lire mon log hijack???
- Hijack this?
- Aide pour Hijack difficile a enlever ...
- Analyse d'un Hijack
- Log Hijack à regarder please
- Quelqu'un pour analyser mon log HiJack? please...
- + tss.exe==> analyser mon log hijack!
- topic nainai pour log hijack
- Un peu d'aide pour mon rapport Hijack-this
- rapport hijack
Marsh Posté le 20-03-2005 à 21:48:57
Merci de m'aider je suis assailli de toute part
Logfile of HijackThis v1.99.1
Scan saved at 21:15:47, on 20/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\Explorer.EXE
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\win32resc.exe
C:\WINDOWS\System32\wurxct.exe
C:\WINDOWS\System32\cmd32.exe
C:\WINDOWS\System32\lssas.exe
C:\WINDOWS\System32\iexplore.exe
C:\temp\salm.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\System32\ap9h4qmo.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\pecpnk.exe
C:\WINDOWS\System32\hypertrm.exe
C:\WINDOWS\System32\algs.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\yktyyd.exe
C:\WINDOWS\System32\cicchap.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\ABox.exe
C:\WINDOWS\logon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\udhbase.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Media Pass\MediaPass.exe
C:\Program Files\Media Pass\MediaPassK.exe
C:\GMx.exe
C:\GMx.exe
C:\GMx.exe
C:\GMx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\System32\dumprep.exe
C:\WINDOWS\System32\dwwin.exe
D:\Logiciels\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: (no name) - {A616271F-E6C7-4E4D-87B2-43F3E7178B77} - C:\WINDOWS\System32\bihoa.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [*Microsoft Update] wurxct.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\System32\hqfdsnv.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\System32\pecpnk.exe
O4 - HKLM\..\Run: [Windows 32 Rescue] win32resc.exe
O4 - HKLM\..\Run: [MS Unix Binary] hypertrm.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32\algs.exe
O4 - HKLM\..\Run: [kpglof] C:\WINDOWS\kpglof.exe
O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Ftu65] C:\WINDOWS\yktyyd.exe
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\DOCUME~1\Tom\LOCALS~1\Temp\cxtpls_loader.exe" /PC=CP.IST /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [q33P36P] cicchap.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [F05CE18E] C:\WINDOWS\System32\izxxzdsafsafczxcr.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\RunServices: [*Microsoft Update] wurxct.exe
O4 - HKLM\..\RunServices: [Windows 32 Rescue] win32resc.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] hypertrm.exe
O4 - HKLM\..\RunOnce: [Windows 32 Rescue] win32resc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows 32 Rescue] win32resc.exe
O4 - HKCU\..\Run: [*Microsoft Update] wurxct.exe
O4 - HKCU\..\Run: [MS Unix Binary] hypertrm.exe
O4 - HKCU\..\Run: [b0sFRWj7T] udhbase.exe
O4 - HKCU\..\Run: [F05CE18E] C:\WINDOWS\System32\izxxzdsafsafczxcr.exe
O4 - HKCU\..\RunOnce: [Windows 32 Rescue] win32resc.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {44C06638-6594-459F-BAC0-6B4BE483EEB6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {44C06638-6594-459F-BAC0-6B4BE483EEB6} - (no file) (HKCU)
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: http://*.teens-dream.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_nos.exe
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/soft [...] egular.cab
O18 - Filter: text/html - {8F11F3C8-326A-4303-B677-B23A1D644DBF} - C:\WINDOWS\System32\bihoa.dll
O18 - Filter: text/plain - {8F11F3C8-326A-4303-B677-B23A1D644DBF} - C:\WINDOWS\System32\bihoa.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe