rdriv.sys ...

Recherche :

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : rdriv.sys ...

patator70

Je suis sous WIN2000 Pro et je viens d em'apercevoir que j'étais infecté par "rdriv.sys" et "re11.REG", NORTON a aussi détecté "Hidehunpexed.exe"
Comment faire pour me débarrasser de ces "invités" indésirables ?

Merci

Publicité

stonangel

Bonjour, télécharge HijackThis v1.99.1:
http://www.merijn.org/files/hijackthis.zip

Important: Installer Hijackthis correctement
Linstaller sous C:\Hijackthis par exemple (pas dans un fichier temp)

Scan/save log (rapport)/copier&coller le contenu du rapport ici

Tutorial pour linstallation et l'utilisation:
http://sitethemacs.free.fr/aide_en [...] ackthi.htm

Démo en images ici
http://pageperso.aol.fr/balltrap34/demohijack.htm

Merci balltrap

patator70

stonangel a écrit :

Voici les logs que j'ai pu reccueillir :

Logfile of HijackThis v1.99.1
Scan saved at 16:58:29, on 01/08/2005
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
d:\Programs\AVPersonal\AVWUPSRV.EXE
C:\WINNT\system32\nnn.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINNT\System32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\WINNT\loadqm.exe
C:\WINNT\System32\OpenGL.exe
C:\WINNT\System32\microsoft.exe
C:\WINNT\System32\msngta32.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
G:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Local Area Network] OpenGL.exe
O4 - HKLM\..\Run: [Microsoft Update 32] microsoft.exe
O4 - HKLM\..\Run: [msngta32] msngta32.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\RunServices: [Local Area Network] OpenGL.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] microsoft.exe
O4 - HKLM\..\RunServices: [msngta32] msngta32.exe
O4 - HKCU\..\Run: [msngta32] msngta32.exe
O4 - HKCU\..\RunServices: [msngta32] msngta32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JA [...] anager.ocx
O18 - Protocol: bw+0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {6F99915D-A962-4513-A1E5-6389AE48694F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - d:\Programs\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DirectX Graphics (dxdmain) - Unknown owner - C:\WINNT\system32\nnn.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IspMsg - Unknown owner - C:\WINNT\ismdg.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

patator70

Ah oui, joubliais , dernière petite chose je ne peux pas accéder au mode sans échec :-(((((((

HELP !!!!!!!!!!!!!!!!!!!!!!!!!!

balltrap34

salut

► imprime ceci pour ne rien oublier et tous faire
tous faire dans l ordre imperativement
-------------------------
► tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore et verifie que tu as les bonnes version c est imperatif

♪<gras> ad-aware (1)version 1.06</gras>

(ici) http://www.florensac-chasse-trap.com/ section virus
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
--
♪<gras> spybot (2)version 1.4</gras>

(ici) http://www.florensac-chasse-trap.com/ section virus
voir demo
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
--
et aussi ceci
♪<gras> CleanUp40.exe(3)</gras>

voir demo
http://pageperso.aol.fr/balltrap34/democleanup.htm
--
♪<gras> a2(4)</gras>

http://www.emsisoft.net/fr/
penser a le metre a jour avant de scanner le pc
-------

----------------
►<gras> desactive ta restauration systeme </gras>

pour ça tu fais clic droit sur poste de travail
propriété tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
------------

►<gras> assure toi de ceci </gras>

Affiche tous les fichiers et dossiers :
cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.

Et appliquer
----------------------
►<gras> vide tes fichiers temps et tempory internet file sur tous les utilisateur </gras>

utilise ceci pour le faire
♪http://pageperso.aol.fr/Balltrap34/CleanUp40.exe

--------------------
►<gras> relance hijack coche ces lignes et ensuite clik sur fix</gras>

O4 - HKLM\..\Run: [Microsoft Update 32] microsoft.exe
O4 - HKLM\..\Run: [msngta32] msngta32.exe

O4 - HKLM\..\RunServices: [Microsoft Update 32] microsoft.exe
O4 - HKLM\..\RunServices: [msngta32] msngta32.exe
O4 - HKCU\..\Run: [msngta32] msngta32.exe
O4 - HKCU\..\RunServices: [msngta32] msngta32.exe
O23 - Service: DirectX Graphics (dxdmain) - Unknown owner - C:\WINNT\system32\nnn.exe
O23 - Service: IspMsg - Unknown owner - C:\WINNT\ismdg.exe

----------------------

►<gras> redemarre en mode sans echec</gras>

mode sans echec pour cela tu tapote la touche f8
des le debut de l allumage du pc sans t arreter
une fenetre vas souvrir tute deplace avec les fleches du clavier sur demarreren mode sans echec
une fois sur le bureau il ni auras pas toutes les couleurs et autres c est normal.si f8 ne marche pas utilise la touche f5
-------------------------
►<gras> recherche et suppr ceci</gras>

attention seulement les fichiers si tu trouve
C:\WINNT\system32\nnn.exe
C:\WINNT\ismdg.exe
msngta32.exe
microsoft.exe
-----------------
copie colle ceci dans le bloc note ce qui est entre les etoiles
*************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dxdmain]
"start"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dxdmain]
"start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IspMsg]
"start"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IspMsg]
"start"=dword:00000004

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinAwk"=-
"WinAwk.exe"=-
"smss.exe"=-
"nnn.exe"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dxdmain]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dxdmain]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\dxdmain]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\dxdmain]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iTunesMusic]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous" =-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM" =-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_ITUNESMUSIC\0000]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_RDRIV\0000]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanger\parameters\AutoShareServer]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanger\parameters\AutoShareWks]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanworkstation\parameters\AutoShareServer]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanworkstation\parameters\AutoShareWks]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"DoNotAllowXPSP2" =-
"AUOptions" =-

***********************************************
enregistre le sur ton bureau met lui comme nom
regspy.reg
et sur type tu met tous fichiers
-------------

double clik sur le fichier reg que tu vient de faire et confirme

-----
redemarre passe ton anti virus
verifie que ton pare feu est actif
reconnecte toi et fait une mise a jour windows

►passe adaware et vire tous se qu il trouve
----------
►passe spy boot et vire tous se qu il trouvent
-------------

tu vide ta poubelle et tu redemarre en mode normal et refait un hijack

et precise ou en sont tes soucis

--

---------------
la chasse et le balltrap une vrai passion http://www.florensac-chasse-trap.com/

patator70

toujours un status quo : j'essaie de "fixer" nnn.exe mais rien n'y fait, il reste là !
Que faire ???

balltrap34

il ne faut pas seuleùent fixer il faut imperativement tous faire

---------------
la chasse et le balltrap une vrai passion http://www.florensac-chasse-trap.com/

western-shadow

Pan !

:hello: Ball toujours la forme - bravo!

tu as comme qui dirait les balises d'un autre forum dans ton post <gras> </gras> [no comment] :lol:

balltrap34

salut dolly
oui pour les balises elles sont doffice sur mes bloc notes
pour ccm c est pour cela pas grave c est quand meme lisible :hello:

---------------
la chasse et le balltrap une vrai passion http://www.florensac-chasse-trap.com/

FORUM HardWare.fr

Windows & Software

Sécurité

rdriv.sys ...

Sujets relatifs
rdriv.sys (extel.exe ) galere pour eradiquer	C:\windows\system32\rdriv.sys (trojan) impossible à supprimer...help
Plus de sujets relatifs à : rdriv.sys ...

Page générée en 0.078 secondes