Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Erreur "services.exe" code état 128 (sui

Dernière réponse le 15 déc 2007 à 19:02:36 Prince G, le 21 aoû 2005 à 04:17:32

Signaler ce message aux modérateurs

Bonjour,
J'ai le même souci que rocket6598 mais les solutions qui lui ont été proposées ne fonctionnent pas pour moi. Je décris mon problème:
lorsque j'allume mon pc ou lorsque que je l'arrête j'ai le message suivant: Arrêt du système. Veuillez enregistrer tous les travaux en cours et quitter votre session. Toutes les modifications non enregistrées seront perdues. Cet arrêt est initié par NT AUTHORITY\SYSTEM.
Le processus système C:\WINNT\SYSTEM32\SERVICES.EXE s'est terminé de manière inattendue avec le code état 128. Le système va maintenant s'éteindre et redémarrer. (60 secondes).

Sur le site de microsoft on m'indique que la cause de ce message provient de la clé de registre hkey_local_machine\System\CurrentControlSet\Services\Lanmanserver\Shares\Security.

Effectivement, dans la colonne Données de l'éditeur de registre j'avais une valeur qui correspondait à un chemin d'accès obsolète. Comme indiqué par microsoft j'ai supprimé cette valeur et là je n'avais plus mon message d'erreur pendant 2 jours. Seulement aujourd'hui le souci est revenu et j'ai vérifié: il n y a pas cette fois de valeur erronée dans la clé de registre.
J'ai bien un pare-feu installé sur mon pc (zone alarm), je n'ai pas les symptômes de blaster ou autre virus, alors j'avoue que je ne sais plus quoi faire.
La seule "astuce" que j'ai trouvée est de débrancher le cable réseau de ma freebox au moment où j'allume mon pc. Une fois l'ouverture de session effectuée, je rebranche le cable réseau et là le message d'erreur n'apparait plus. Mais bon, c'est pas marrant de débrancher et rebrancher le cable réseau chaque fois.

Alors si quelqu'un peut m'aider svp, en espérant que je n'ai pas été trop long et que ma description est assez claire.

Merci pour votre aide.

Salutations.

Configuration: pentium 3, windows 2000 pro

Meilleures réponses pour « erreur "services.exe" code état 128 (sui » dans :

Erreur services.exe code d'état 128 (Résolu) Voir

Service.exe - code d'etat: 1073741819 (Résolu) Voir

Infection service.exe et désinstall antivirus Voir

Code état 128 : l'ordinateur va redémarrer (Résolu) Voir

Service.exe code 1073741819 et compte a rebo Voir

Erreur Service.exe AUTORITE NT Redémarrage Voir

Services - services.exe Voirservices - services.exe Le processus services.exe (Windows Service Controller) est un processus générique de Windows NT/2000/XP permettant de reconnaître et d'adapter les modifications matérielles du système sans intervention de l'utilisateur. Le...

Posez votre question Répondre

jean38, le 21 aoû 2005 à 08:35:04

Salut,

fait ceci pour voir
Télécharge ceci SilentRunners.
http://www.silentrunners.org/Silent%20Runners.vbs
Lance-le
Copie/colle-le rapport ici

et

telecharge hijackthis:
http://www.merijn.org/files/hijackthis.zip
Dezippe le dans un dossier prévu a cet effet.
Par exemple C:\hijackthis

Démo : (merci a balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

lance le puis:
clic sur "do a system scan and save logfile" et pas autre chose
fais un copier coller du log entier ici.

a+

Répondre à jean38

princeg69, le 21 aoû 2005 à 14:31:51

Salut Jean,

J'ai cliqué sur le lien SilentRunners, seulement j'arrive sur un script; je ne vois pas comment l'exécuter.
Aide-moi please, je ne suis pas très doué ;-)

Répondre à princeg69

princeg69, le 21 aoû 2005 à 15:14:44

Jean,

Je te mets les 2 rapports:

***rapport Silent Runners***:

"Silent Runners.vbs", revision 40, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"internat.exe" = "internat.exe" [MS]
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."]
"Mozilla Quick Launch" = ""C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo" ["Mozilla, Netscape"]
"MoneyAgent" = ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"" [MS]
"MyWebSearch Email Plugin" = "C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe" ["MyWebSearch.com"]
"LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [null data]
"Mess love" = "C:\DOCUME~1\ADMINI~1\APPLIC~1\SHOWPR~1\Sect stop.exe" [null data]
"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart" ["Patchou"]
"PcSync" = "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog" ["Time Information Services Ltd."]
"msnmsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"DUControl" = "C:\PROGRA~1\DIRECT~1\DUControl.exe" ["http://www.directupdate.net/"]
"NeroCheck" = "C:\WINNT\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"WinVNC" = ""C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper" ["AT&T Research Labs Cambridge"]
"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" [file not found]
"MyWebSearch Email Plugin" = "C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe" ["MyWebSearch.com"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Internet Optimizer" = ""C:\Program Files\Internet Optimizer\optimize.exe"" [null data]
"Apathjwm" = "C:\Program Files\Gdxl\Lpvqg.exe" [null data]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"WildTangent CDA" = ""C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"" ["WildTangent, Inc."]
"6vmr072g" = "C:\WINNT\system32\6vmr072g.exe" [empty string]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]
"PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray" ["Nokia"]
"DataLayer" = "C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE" ["Nokia Mobile Phones Ltd."]
"Pophtmoozethunk" = "C:\Documents and Settings\All Users\Application Data\Drv 4 Pop Htm\atom owns.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{00000010-6F7D-442C-93E3-4A4827C2E4C8}\(Default) = "BHObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\nem220.dll" [empty string]
{00A6FAF1-072E-44cf-8957-5838F569A31D}\(Default) = "MyWebSearch Search Assistant BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL" ["MyWebSearch.com"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{07B18EA1-A523-4961-B6BB-170DE4475CCA}\(Default) = "mwsBar BHO"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL" ["MyWebSearch.com"]
{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL" [null data]
{3A26BB57-7868-4EA0-8DCA-739FAB933F22}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\DOCUME~1\ADMINI~1\APPLIC~1\BINDBALM\Forseek.exe" [null data]
{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\(Default) = "BHObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\wsem303.dll" [empty string]
{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = "IeCatch2 Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Startup items in "Administrateur" & "All Users" startup folders:
----------------------------------------------------------------

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
"MyWebSearch Email Plugin" -> shortcut to: "C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE" ["MyWebSearch.com"]
INFECTION WARNING! "PowerReg Scheduler.exe" [empty string]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"MyWebSearch Email Plugin" -> shortcut to: "C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE" ["MyWebSearch.com"]
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]
"ZoneAlarm Pro" -> shortcut to: "C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe" ["Zone Labs Inc."]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll" ["Yahoo! Inc."]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM95\aim.exe" ["America Online, Inc."]

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]

Miscellaneous IE Hijack Points
------------------------------

C:\WINNT\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

Missing lines (compared with English-language version):
[Strings]: 1 line

HOSTS file
----------

C:\WINNT\System32\drivers\etc\HOSTS

maps: 439 domain names to IP addresses,
438 of the IP addresses are *not* localhost!

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Direct Update, DirectUpdate, ""C:\PROGRA~1\DIRECT~1\DUService.exe"" ["http://www.directupdate.net"]
Système d'événements de COM+, EventSystem, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\es.dll" [null data]}
TrueVector Internet Monitor, vsmon, "C:\WINNT\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs Inc."]
Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]
VNC Server, winvnc, ""C:\Program Files\ORL\VNC\WinVNC.exe" -service" ["AT&T Research Labs Cambridge"]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "Yes" at the first message box.
---------- (total run time: 67 seconds, including 19 seconds for message boxes)

**************************************************************

*** rapport hijackthis***

Logfile of HijackThis v1.99.1
Scan saved at 14:57:38, on 21/08/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\DIRECT~1\DUService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Mixer.exe
C:\PROGRA~1\DIRECT~1\DUControl.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Gdxl\Lpvqg.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\WINNT\system32\6vmr072g.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\docume~1\admini~1\applic~1\showpr~1\multi way save.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchcomplete.com/redir?lang={SUB_RFC1766}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.alfdwanzrxnqssencsrmrx.com/ynIYkRTQbFLpk87ugtg8S_z_LaRa0y2pXYU_kkG8edEU3hLtGV8f46nuPLpk_mo8.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hzhiwbcckoegv.us/ynIYkRTQbFJ8eYxwklp9KfZodTGlgmtK3FIqcJbZtm0.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.dtpslmgkltadaaooxhwwvhptq.org/ynIYkRTQbFJ8eYxwklp9Ka85U/HfIB403FIqcJbZtm0.html"); (C:\Documents and Settings\Administrateur\Application Data\Mozilla\Profiles\default\59sdccb4.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\Administrateur\Application Data\Mozilla\Profiles\default\59sdccb4.slt\prefs.js)
O1 - Hosts: 81.211.105.12 193.125.201.50
O1 - Hosts: 81.211.105.12 206.161.200.105
O1 - Hosts: 81.211.105.12 209.66.114.130
O1 - Hosts: 81.211.105.12 216.200.3.32
O1 - Hosts: 81.211.105.12 64.124.45.181
O1 - Hosts: 81.211.105.12 66.250.130.194
O1 - Hosts: 81.211.105.12 66.40.16.131
O1 - Hosts: 81.211.105.12 alfa-search.com
O1 - Hosts: 81.211.105.12 allhyperlinks.com
O1 - Hosts: 81.211.105.12 approvedlinks.com
O1 - Hosts: 81.211.105.12 bestcrawler.com
O1 - Hosts: 81.211.105.12 ewebsearch.net
O1 - Hosts: 81.211.105.12 global-finder.com
O1 - Hosts: 81.211.105.12 idgsearch.com
O1 - Hosts: 81.211.105.12 ie-search.com
O1 - Hosts: 81.211.105.12 itseasy.us
O1 - Hosts: 81.211.105.12 jetseeker.com
O1 - Hosts: 81.211.105.12 martfinder.com
O1 - Hosts: 81.211.105.12 rightfinder.net
O1 - Hosts: 81.211.105.12 runsearch.com
O1 - Hosts: 81.211.105.12 search.unipages.cc
O1 - Hosts: 81.211.105.12 search.xrenoder.com
O1 - Hosts: 81.211.105.12 search-2003.com
O1 - Hosts: 81.211.105.12 searchdot.net
O1 - Hosts: 81.211.105.12 searchv.com
O1 - Hosts: 81.211.105.12 searchxp.com
O1 - Hosts: 81.211.105.12 seekwell.net
O1 - Hosts: 81.211.105.12 slawsearch.com
O1 - Hosts: 81.211.105.12 srch-us6.hpwis.com
O1 - Hosts: 81.211.105.12 start-space.com
O1 - Hosts: 81.211.105.12 searchmyrequest.com
O1 - Hosts: 81.211.105.12 therealsearch.com
O1 - Hosts: 81.211.105.12 topsearcher.com
O1 - Hosts: 81.211.105.12 unipages.cc
O1 - Hosts: 81.211.105.12 webcoolsearch.com
O1 - Hosts: 81.211.105.12 worldnet.att.net
O1 - Hosts: 81.211.105.12 yourbookmarks.ws
O1 - Hosts: 81.211.105.6 www.0190-dialer.com
O1 - Hosts: 81.211.105.6 www.22469.com
O1 - Hosts: 81.211.105.6 www.3wisp.com
O1 - Hosts: 81.211.105.6 www.adult-cinema.org
O1 - Hosts: 81.211.105.6 www.adultfreehosting.com
O1 - Hosts: 81.211.105.6 www.adulthosting.com
O1 - Hosts: 81.211.105.6 www.adultlinks1.com
O1 - Hosts: 81.211.105.6 www.adultmegamovies.com
O1 - Hosts: 81.211.105.6 www.adultsexmovie.net
O1 - Hosts: 81.211.105.6 www.adultwall.com
O1 - Hosts: 81.211.105.6 www.afro-sex.com
O1 - Hosts: 81.211.105.6 www.agreathost.net
O1 - Hosts: 81.211.105.6 www.alehina.com
O1 - Hosts: 81.211.105.6 www.allnichestgp.com
O1 - Hosts: 81.211.105.6 www.allowednet.com
O1 - Hosts: 81.211.105.6 www.amateurlips.com
O1 - Hosts: 81.211.105.6 www.amateurnudephoto.com
O1 - Hosts: 81.211.105.6 www.amateursgonebad.com
O1 - Hosts: 81.211.105.6 www.ambersamateurhardcore.com
O1 - Hosts: 81.211.105.6 www.anyamateur.com
O1 - Hosts: 81.211.105.6 www.apornhost.com
O1 - Hosts: 81.211.105.6 www.findmodels.com
O1 - Hosts: 81.211.105.6 www.asianscum.com
O1 - Hosts: 81.211.105.6 www.awethumbs.com
O1 - Hosts: 81.211.105.6 www.badassxxx.com
O1 - Hosts: 81.211.105.6 www.badbimbo.com
O1 - Hosts: 81.211.105.6 www.beautifulbondage.com
O1 - Hosts: 81.211.105.6 www.bestpornhost.com
O1 - Hosts: 81.211.105.6 www.biggestdickinporn.net
O1 - Hosts: 81.211.105.6 www1.3wisp.com
O1 - Hosts: 81.211.105.6 www1.kinghost.com
O1 - Hosts: 81.211.105.6 www1.ndhosting.com
O1 - Hosts: 81.211.105.6 www1.sexls.com
O1 - Hosts: 81.211.105.6 www1.smutserver.com
O1 - Hosts: 81.211.105.6 www1.toptgphost.com
O1 - Hosts: 81.211.105.6 www1.xfreehosting.com
O1 - Hosts: 81.211.105.6 www10.kinghost.com
O1 - Hosts: 81.211.105.6 www10.smutserver.com
O1 - Hosts: 81.211.105.6 www11.kinghost.com
O1 - Hosts: 81.211.105.6 www11.smutserver.com
O1 - Hosts: 81.211.105.6 www12.kinghost.com
O1 - Hosts: 81.211.105.6 www12.smutserver.com
O1 - Hosts: 81.211.105.6 www13.smutserver.com
O1 - Hosts: 81.211.105.6 www14.smutserver.com
O1 - Hosts: 81.211.105.6 www15.smutserver.com
O1 - Hosts: 81.211.105.6 www16.smutserver.com
O1 - Hosts: 81.211.105.6 www17.smutserver.com
O1 - Hosts: 81.211.105.6 www18.smutserver.com
O1 - Hosts: 81.211.105.6 www19.smutserver.com
O1 - Hosts: 81.211.105.6 www2.3wisp.com
O1 - Hosts: 81.211.105.6 www2.kinghost.com
O1 - Hosts: 81.211.105.6 www2.ndhosting.com
O1 - Hosts: 81.211.105.6 www2.smutserver.com
O1 - Hosts: 81.211.105.6 www2.toptgphost.com
O1 - Hosts: 81.211.105.6 www2.xfreehosting.com
O1 - Hosts: 81.211.105.6 www2.zpornstars.com
O1 - Hosts: 81.211.105.6 www20.smutserver.com
O1 - Hosts: 81.211.105.6 www21.smutserver.com
O1 - Hosts: 81.211.105.6 www22.smutserver.com
O1 - Hosts: 81.211.105.6 www23.smutserver.com
O1 - Hosts: 81.211.105.6 www24.smutserver.com
O1 - Hosts: 81.211.105.6 www25.smutserver.com
O1 - Hosts: 81.211.105.6 www26.smutserver.com
O1 - Hosts: 81.211.105.6 www27.smutserver.com
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
O2 - BHO: (no name) - {3A26BB57-7868-4EA0-8DCA-739FAB933F22} - C:\DOCUME~1\ADMINI~1\APPLIC~1\BINDBALM\Forseek.exe
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINNT\wsem303.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [DUControl] C:\PROGRA~1\DIRECT~1\DUControl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Apathjwm] C:\Program Files\Gdxl\Lpvqg.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [6vmr072g] C:\WINNT\system32\6vmr072g.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Pophtmoozethunk] C:\Documents and Settings\All Users\Application Data\Drv 4 Pop Htm\atom owns.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Mess love] C:\DOCUME~1\ADMINI~1\APPLIC~1\SHOWPR~1\Sect stop.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http://63.217.29.115/cax.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/Bridge-c139.cab
O23 - Service: Direct Update (DirectUpdate) - http://www.directupdate.net - C:\PROGRA~1\DIRECT~1\DUService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing)

************************************************

Merci

Répondre à princeg69

jean38, le 21 aoû 2005 à 14:43:30

Oui, quand tu le lance, il travaille et à la fin il te dit que le rapport est dispo dans le dossier ou tu l'as installé. Tu vas dans ce dossier et tu copie le log (fichier txt bloc note).

Répondre à jean38

jean38, le 21 aoû 2005 à 15:24:29

Et bien si c'est pas une infection, je m'y connais pas.

pendant qu'on y est

telecharge smitfraudfix ici:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
dezippe le et lance le.
choisis l'option 1 (rechercher)
fais un copier/coller du résultat ici

et testeles fichiers suivants sur
http://virusscan.jotti.org

C:\Program Files\Gdxl\Lpvqg.exe
C:\WINNT\system32\6vmr072g.exe

et colle les rapports

Répondre à jean38

princeg69, le 21 aoû 2005 à 15:44:16

Pour Smitfraudfix ça n'a pas fonctionné: j'ai juste eu une fenêtre noire qui s'est ouverte une fraction de seconde et elle s'est refermée.

En revanche, voici les rapports des 2 fichiers que tu m'as demandés d'examiner :

File: Lpvqg.exe
Status:
INFECTED/MALWARE
MD5 0fdfa35275c1255b161e698296fcc942
Packers detected:
PETITE
Scanner results
AntiVir
Found TR/DelProx.A
ArcaVir
Found Trojan.Small.Cy.A
Avast
Found Win32:Trojano-1035
AVG Antivirus
Found Small.P
BitDefender
Found Trojan.Small.CY
ClamAV
Found Trojan.Small-35
Dr.Web
Found Trojan.DownLoader.1389
F-Prot Antivirus
Found W32/Downloader.AAW
Fortinet
Found nothing
Kaspersky Anti-Virus
Found Trojan.Win32.Small.cy
NOD32
Found Win32/Small.CY
Norman Virus Control
Found nothing
UNA
Found Trojan.Win32.Rog
VBA32
Found Trojan.Win32.Small.cy

******************************************

File: 6vmr072g.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: only non-destructive malware has been found. Considering the non-destructive nature of samples like these - although they can be a pain -, results will not be stored in the database.)
MD5 3a325a6135d9720662b7d7b651a1ce3b
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found Adware.Sahagent.J22
Avast
Found Win32:Adan-003
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found Adware.Shopathome
Dr.Web
Found not a virus Adware.SAHAgent
F-Prot Antivirus
Found nothing
Fortinet
Found Adware/SahAgent
Kaspersky Anti-Virus
Found not-a-virus:AdWare.Sahat.ag
NOD32
Found Win32/Adware.SAHAgent application
Norman Virus Control
Found W32/Sahat.AG
UNA
Found Adware.Sahat
VBA32
Found AdWare.Sahat.ag

Répondre à princeg69

jean38, le 21 aoû 2005 à 15:50:28

Pour smitfraud fix, tu dois lancer le ficheir.bat et non l'autre.

retente.

Répondre à jean38

princeg69, le 21 aoû 2005 à 15:54:25

Autant pour moi.
Voici le rapport:

SmitFraudFix v1.7

Rapport fait à 15:40:47,32 le dim. 21/08/2005
Executé à partir de C:\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195]

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNT

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNT\system

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNT\Web

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNT\system32

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNT\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Administrateur\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

Répondre à princeg69

jean38, le 21 aoû 2005 à 15:55:13

OK pour le <log,

je te transmets la manip de nettoyage dans un moment.

Répondre à jean38

princeg69, le 21 aoû 2005 à 15:57:46

Merci pour ton dévouement

Répondre à princeg69

jean38, le 21 aoû 2005 à 16:20:21

Alors imprime ceci pour ne rien oublier (je ne sais ou tu es allé pour tous çà mais faut pas y retourner).

Si dans les prog annoncés en effacement, un te parlait, ne le supprime pas mais je doute de celà.

A/ si tu ne les as pas, telecharge:

Ad-Aware SE 1.06
http://www.lavasoftusa.com/software/adaware/

Spybot S&D 1.4
http://www.safer-networking.org/fr/index.html
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

puis Clean Up 40 :
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
ne les utilise pas tout de suite

idem si tu ne l’as pas A2 free sur
http://www.emsisoft.net/fr/software/download/

met à jour spybot, ad aware et a2 free sur internet (tu trouves l’option dans les menus) mais ne lance pas les scan.

1) clic droit sur poste de travail
propriété
restauration systeme
coche desactivé puis appliquer

2) demarrer
panneau de configuration
outil
option des dossiers
affichage,
coche afficher dossier cachés
decoche : masquer extension des fichiers dont le type est connu
masquer les fichiers protégés du systeme d'exploitation.

3) demarre en mode sans echec.
Soit tu tapotte sur la touche F8 alancement de Windows et tu choisi sans echec (pas d’inquiétude pour l’aspect de l’ecran)

4) lance hijack, ferme le bloc note et coche les cases devant les lignes, à la fin valide à l’aide du bouton fix checked:

R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O1 - Hosts: 81.211.105.12 193.125.201.50
O1 - Hosts: 81.211.105.12 206.161.200.105
O1 - Hosts: 81.211.105.12 209.66.114.130
O1 - Hosts: 81.211.105.12 216.200.3.32
O1 - Hosts: 81.211.105.12 64.124.45.181
O1 - Hosts: 81.211.105.12 66.250.130.194
O1 - Hosts: 81.211.105.12 66.40.16.131
O1 - Hosts: 81.211.105.12 alfa-search.com
O1 - Hosts: 81.211.105.12 allhyperlinks.com
O1 - Hosts: 81.211.105.12 approvedlinks.com
O1 - Hosts: 81.211.105.12 bestcrawler.com
O1 - Hosts: 81.211.105.12 ewebsearch.net
O1 - Hosts: 81.211.105.12 global-finder.com
O1 - Hosts: 81.211.105.12 idgsearch.com
O1 - Hosts: 81.211.105.12 ie-search.com
O1 - Hosts: 81.211.105.12 itseasy.us
O1 - Hosts: 81.211.105.12 jetseeker.com
O1 - Hosts: 81.211.105.12 martfinder.com
O1 - Hosts: 81.211.105.12 rightfinder.net
O1 - Hosts: 81.211.105.12 runsearch.com
O1 - Hosts: 81.211.105.12 search.unipages.cc
O1 - Hosts: 81.211.105.12 search.xrenoder.com
O1 - Hosts: 81.211.105.12 search-2003.com
O1 - Hosts: 81.211.105.12 searchdot.net
O1 - Hosts: 81.211.105.12 searchv.com
O1 - Hosts: 81.211.105.12 searchxp.com
O1 - Hosts: 81.211.105.12 seekwell.net
O1 - Hosts: 81.211.105.12 slawsearch.com
O1 - Hosts: 81.211.105.12 srch-us6.hpwis.com
O1 - Hosts: 81.211.105.12 start-space.com
O1 - Hosts: 81.211.105.12 searchmyrequest.com
O1 - Hosts: 81.211.105.12 therealsearch.com
O1 - Hosts: 81.211.105.12 topsearcher.com
O1 - Hosts: 81.211.105.12 unipages.cc
O1 - Hosts: 81.211.105.12 webcoolsearch.com
O1 - Hosts: 81.211.105.12 worldnet.att.net
O1 - Hosts: 81.211.105.12 yourbookmarks.ws
O1 - Hosts: 81.211.105.6 www.0190-dialer.com
O1 - Hosts: 81.211.105.6 www.22469.com
O1 - Hosts: 81.211.105.6 www.3wisp.com
O1 - Hosts: 81.211.105.6 www.adult-cinema.org
O1 - Hosts: 81.211.105.6 www.adultfreehosting.com
O1 - Hosts: 81.211.105.6 www.adulthosting.com
O1 - Hosts: 81.211.105.6 www.adultlinks1.com
O1 - Hosts: 81.211.105.6 www.adultmegamovies.com
O1 - Hosts: 81.211.105.6 www.adultsexmovie.net
O1 - Hosts: 81.211.105.6 www.adultwall.com
O1 - Hosts: 81.211.105.6 www.afro-sex.com
O1 - Hosts: 81.211.105.6 www.agreathost.net
O1 - Hosts: 81.211.105.6 www.alehina.com
O1 - Hosts: 81.211.105.6 www.allnichestgp.com
O1 - Hosts: 81.211.105.6 www.allowednet.com
O1 - Hosts: 81.211.105.6 www.amateurlips.com
O1 - Hosts: 81.211.105.6 www.amateurnudephoto.com
O1 - Hosts: 81.211.105.6 www.amateursgonebad.com
O1 - Hosts: 81.211.105.6 www.ambersamateurhardcore.com
O1 - Hosts: 81.211.105.6 www.anyamateur.com
O1 - Hosts: 81.211.105.6 www.apornhost.com
O1 - Hosts: 81.211.105.6 www.findmodels.com
O1 - Hosts: 81.211.105.6 www.asianscum.com
O1 - Hosts: 81.211.105.6 www.awethumbs.com
O1 - Hosts: 81.211.105.6 www.badassxxx.com
O1 - Hosts: 81.211.105.6 www.badbimbo.com
O1 - Hosts: 81.211.105.6 www.beautifulbondage.com
O1 - Hosts: 81.211.105.6 www.bestpornhost.com
O1 - Hosts: 81.211.105.6 www.biggestdickinporn.net
O1 - Hosts: 81.211.105.6 www1.3wisp.com
O1 - Hosts: 81.211.105.6 www1.kinghost.com
O1 - Hosts: 81.211.105.6 www1.ndhosting.com
O1 - Hosts: 81.211.105.6 www1.sexls.com
O1 - Hosts: 81.211.105.6 www1.smutserver.com
O1 - Hosts: 81.211.105.6 www1.toptgphost.com
O1 - Hosts: 81.211.105.6 www1.xfreehosting.com
O1 - Hosts: 81.211.105.6 www10.kinghost.com
O1 - Hosts: 81.211.105.6 www10.smutserver.com
O1 - Hosts: 81.211.105.6 www11.kinghost.com
O1 - Hosts: 81.211.105.6 www11.smutserver.com
O1 - Hosts: 81.211.105.6 www12.kinghost.com
O1 - Hosts: 81.211.105.6 www12.smutserver.com
O1 - Hosts: 81.211.105.6 www13.smutserver.com
O1 - Hosts: 81.211.105.6 www14.smutserver.com
O1 - Hosts: 81.211.105.6 www15.smutserver.com
O1 - Hosts: 81.211.105.6 www16.smutserver.com
O1 - Hosts: 81.211.105.6 www17.smutserver.com
O1 - Hosts: 81.211.105.6 www18.smutserver.com
O1 - Hosts: 81.211.105.6 www19.smutserver.com
O1 - Hosts: 81.211.105.6 www2.3wisp.com
O1 - Hosts: 81.211.105.6 www2.kinghost.com
O1 - Hosts: 81.211.105.6 www2.ndhosting.com
O1 - Hosts: 81.211.105.6 www2.smutserver.com
O1 - Hosts: 81.211.105.6 www2.toptgphost.com
O1 - Hosts: 81.211.105.6 www2.xfreehosting.com
O1 - Hosts: 81.211.105.6 www2.zpornstars.com
O1 - Hosts: 81.211.105.6 www20.smutserver.com
O1 - Hosts: 81.211.105.6 www21.smutserver.com
O1 - Hosts: 81.211.105.6 www22.smutserver.com
O1 - Hosts: 81.211.105.6 www23.smutserver.com
O1 - Hosts: 81.211.105.6 www24.smutserver.com
O1 - Hosts: 81.211.105.6 www25.smutserver.com
O1 - Hosts: 81.211.105.6 www26.smutserver.com
O1 - Hosts: 81.211.105.6 www27.smutserver.com

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL

O2 - BHO: (no name) - {3A26BB57-7868-4EA0-8DCA-739FAB933F22} - C:\DOCUME~1\ADMINI~1\APPLIC~1\BINDBALM\Forseek.exe

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINNT\wsem303.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [Apathjwm] C:\Program Files\Gdxl\Lpvqg.exe

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

O4 - HKLM\..\Run: [6vmr072g] C:\WINNT\system32\6vmr072g.exe

O4 - HKLM\..\Run: [Pophtmoozethunk] C:\Documents and Settings\All Users\Application Data\Drv 4 Pop Htm\atom owns.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKCU\..\Run: [Mess love] C:\DOCUME~1\ADMINI~1\APPLIC~1\SHOWPR~1\Sect stop.exe

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http://63.217.29.115/cax.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/Bridge-c139.cab

5) supprime les fichiers

C:\WINNT\nem220.dll
C:\Program Files\MyWebSearch<< tout le dossier
C:\WINNT\wsem303.dll
C:\Program Files\Internet Optimizer<< le dossier
C:\Program Files\Gdxl\Lpvqg.exe
C:\ProgramFiles\WildTangent\<< le dossier
C:\WINNT\system32\6vmr072g.exe
c:\Documents and Settings\All Users\Application Data\Drv 4 Pop Htm\atom owns.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\SHOWPR~1\Sect stop.exe

execute cleanup40.exe

tu relances tes scan ad aware
puis spy boot
puis a2 free
et vire tout ce qu'ils trouvent (c'est un peu long mais tu devrais t'en sortir).

vide ta poubelle et redemarre en mode normal, c'est à dire avant de redemarrer, tu refais les manip de départ (1) et (2) mais en recochant ... pour retrouver la config de départ.

redemarre

refait un log

A+

Jean

Répondre à jean38

jean38, le 21 aoû 2005 à 16:21:25

Pardon,

je n'ais pas vu ton window, tu oublies la deconnection de la restauration système. (faite sur XP)

Répondre à jean38

princeg69, le 21 aoû 2005 à 20:39:27

Re-salut Jean,

Je suis désolé de te déranger à nouveau. J'ai passé l'après-midi à suivre tes instructions à la lettre, malheureusement j'ai toujours mon message d'erreur.

Voici pour info les rapports de Silent runners et de hijackthis que j'ai relancés:

"Silent Runners.vbs", revision 40, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"internat.exe" = "internat.exe" [MS]
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."]
"Mozilla Quick Launch" = ""C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo" ["Mozilla, Netscape"]
"MoneyAgent" = ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"" [MS]
"LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [file not found]
"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart" ["Patchou"]
"PcSync" = "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog" ["Time Information Services Ltd."]
"msnmsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"DUControl" = "C:\PROGRA~1\DIRECT~1\DUControl.exe" ["http://www.directupdate.net/"]
"NeroCheck" = "C:\WINNT\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"WinVNC" = ""C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper" [file not found]
"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" [file not found]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]
"PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray" ["Nokia"]
"DataLayer" = "C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE" ["Nokia Mobile Phones Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = "IeCatch2 Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Startup items in "Administrateur" & "All Users" startup folders:
----------------------------------------------------------------

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
INFECTION WARNING! "PowerReg Scheduler.exe" [empty string]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]
"ZoneAlarm Pro" -> shortcut to: "C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe" ["Zone Labs Inc."]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll" ["Yahoo! Inc."]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM95\aim.exe" ["America Online, Inc."]

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]

Miscellaneous IE Hijack Points
------------------------------

C:\WINNT\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

Missing lines (compared with English-language version):
[Strings]: 1 line

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Direct Update, DirectUpdate, ""C:\PROGRA~1\DIRECT~1\DUService.exe"" ["http://www.directupdate.net"]
Système d'événements de COM+, EventSystem, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\es.dll" [null data]}
TrueVector Internet Monitor, vsmon, "C:\WINNT\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs Inc."]
Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "Yes" at the first message box.
---------- (total run time: 42 seconds, including 8 seconds for message boxes)

****************************

Logfile of HijackThis v1.99.1
Scan saved at 20:22:06, on 21/08/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\DIRECT~1\DUService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Mixer.exe
C:\PROGRA~1\DIRECT~1\DUControl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.alfdwanzrxnqssencsrmrx.com/ynIYkRTQbFLpk87ugtg8S_z_LaRa0y2pXYU_kkG8edEU3hLtGV8f46nuPLpk_mo8.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hzhiwbcckoegv.us/ynIYkRTQbFJ8eYxwklp9KfZodTGlgmtK3FIqcJbZtm0.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.dtpslmgkltadaaooxhwwvhptq.org/ynIYkRTQbFJ8eYxwklp9Ka85U/HfIB403FIqcJbZtm0.html"); (C:\Documents and Settings\Administrateur\Application Data\Mozilla\Profiles\default\59sdccb4.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\Administrateur\Application Data\Mozilla\Profiles\default\59sdccb4.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [DUControl] C:\PROGRA~1\DIRECT~1\DUControl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O23 - Service: Direct Update (DirectUpdate) - http://www.directupdate.net - C:\PROGRA~1\DIRECT~1\DUService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing)

Répondre à princeg69

jean38, le 21 aoû 2005 à 20:55:56

Alors relance hijack et fixe la ligne
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS

pour le reste je ne vois plus rien dans ton log.

quel est le message d'erreur et ou??

fait un scan ici pour voir
Scan bit defender
http://www.bitdefender.fr
clik sur scan on line a gauche et suis la procedure

et donne le log.

A+

Répondre à jean38

princeg69, le 21 aoû 2005 à 23:06:34

Mon message d'erreur est toujours le même. A l'ouverture de ma session windows, j'ai une fenêtre qui s'ouvre avec ce message:

Arrêt du système. Veuillez enregistrer tous les travaux en cours et quitter votre session. Toutes les modifications non enregistrées seront perdues. Cet arrêt est initié par NT AUTHORITY\SYSTEM.
Le processus système C:\WINNT\SYSTEM32\SERVICES.EXE s'est terminé de manière inattendue avec le code état 128. Le système va maintenant s'éteindre et redémarrer. (60 secondes).

J'ai scanné avec bitdefender comme tu m'as demandé. Voici le rapport d'analyse:

BitDefender Online Scanner - Rapport virus en temps réel

Généré à: Sun, Aug 21, 2005 - 22:45:58

Info d'analyse

Fichiers scannés: 189301

Infectés Fichiers: 6

Virus Détectés

Trojan.Lopad.C: 1

Application.Adware.Funweb.A: 1

Trojan.Spy.Qukart.H: 1

Trojan.Downloader.Gen: 1

Trojan.Winad.J.DLL: 1

Trojan.Downloader.Dyfuca.DT: 1

Voilà je ne sais pas si c'est vraiment un virus qui provoque le redémarrage.

Répondre à princeg69

alecko, le 15 déc 2007 à 19:02:36

Bonjour jai un trouble avec mon pc quand je veut le fermer elle ne souvre plus elle devint noir et apparait une petite page qui ecrit isass.exe error .
tout le temps que mon pc es ouvert il fonction aussitot que je le ferme le rapport d erreur isass.exe aparait et je dois remettre le cd window xp et tout recommencer que dois-je fair

Répondre à alecko

Posez votre question Répondre