Contenu de Apollo - Page 1012

Log HJT[Abandonné because P2P]

Apollo a répondu à un(e) sujet de Apollo dans Analyses et éradication malwares

Bonjour BipBip, D'après Cécile, rien de tout cela à cet endroit mais je doute un peu, je vais donc lui redemander de bien regarder cela. Rapport HJT d'hier en attendant résultats Ewido et nouveau log HJT: Logfile of HijackThis v1.99.1 Scan saved at 16:17:01, on 13/12/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\System32\ELAN.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\GSICON.EXE C:\WINDOWS\System32\dslagent.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Shareaza\Shareaza.exe C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\palstart(2).exe C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\palstart.exe C:\WINDOWS\System32\NotifyPhoneBook.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: phoneaccess Class - {5054F860-748D-4840-B7B4-DDDB428421AF} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\System32\ELAN.exe O4 - HKLM\..\Run: [AME_CSA] rundll32 AmeCSA.cpl,RUN_DLL O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\System32\Utility.exe \1008 O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [services32] C:\Program Files\Fichiers communs\Windows\mc-48-555-0000027.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - Startup: desktop(2)(2)(2)(2)(2)(2).ini O4 - Startup: desktop(2)(2)(2)(2)(2).ini O4 - Startup: desktop(2)(2)(2)(2)(3).ini O4 - Startup: desktop(2)(2)(2)(2).ini O4 - Startup: desktop(2)(2)(2)(3)(2).ini O4 - Startup: desktop(2)(2)(2)(3).ini O4 - Startup: desktop(2)(2)(2)(4).ini O4 - Startup: desktop(2)(2)(2).ini O4 - Startup: desktop(2)(2)(3)(2)(2).ini O4 - Startup: desktop(2)(2)(3)(2).ini O4 - Startup: desktop(2)(2)(3)(3).ini O4 - Startup: desktop(2)(2)(3).ini O4 - Startup: desktop(2)(2)(4)(2).ini O4 - Startup: desktop(2)(2)(4).ini O4 - Startup: desktop(2)(2)(5).ini O4 - Startup: desktop(2)(2).ini O4 - Startup: desktop(2)(3)(2)(2)(2).ini O4 - Startup: desktop(2)(3)(2)(2).ini O4 - Startup: desktop(2)(3)(2)(3).ini O4 - Startup: desktop(2)(3)(2).ini O4 - Startup: desktop(2)(3)(3)(2).ini O4 - Startup: desktop(2)(3)(3).ini O4 - Startup: desktop(2)(3)(4).ini O4 - Startup: desktop(2)(3).ini O4 - Startup: desktop(2)(4)(2)(2).ini O4 - Startup: desktop(2)(4)(2).ini O4 - Startup: desktop(2)(4)(3).ini O4 - Startup: desktop(2)(4).ini O4 - Startup: desktop(2)(5)(2).ini O4 - Startup: desktop(2)(5).ini O4 - Startup: desktop(2)(6).ini O4 - Startup: desktop(2).ini O4 - Startup: desktop(3)(2)(2)(2)(2).ini O4 - Startup: desktop(3)(2)(2)(2).ini O4 - Startup: desktop(3)(2)(2)(3).ini O4 - Startup: desktop(3)(2)(2).ini O4 - Startup: desktop(3)(2)(3)(2).ini O4 - Startup: desktop(3)(2)(3).ini O4 - Startup: desktop(3)(2)(4).ini O4 - Startup: desktop(3)(2).ini O4 - Startup: desktop(3)(3)(2)(2).ini O4 - Startup: desktop(3)(3)(2).ini O4 - Startup: desktop(3)(3)(3).ini O4 - Startup: desktop(3)(3).ini O4 - Startup: desktop(3)(4)(2).ini O4 - Startup: desktop(3)(4).ini O4 - Startup: desktop(3)(5).ini O4 - Startup: desktop(3).ini O4 - Startup: desktop(4)(2)(2)(2).ini O4 - Startup: desktop(4)(2)(2).ini O4 - Startup: desktop(4)(2)(3).ini O4 - Startup: desktop(4)(2).ini O4 - Startup: desktop(4)(3)(2).ini O4 - Startup: desktop(4)(3).ini O4 - Startup: desktop(4)(4).ini O4 - Startup: desktop(4).ini O4 - Startup: desktop(5)(2).ini O4 - Startup: desktop(5).ini O4 - Global Startup: desktop(2)(2)(2)(2)(2)(2).ini O4 - Global Startup: desktop(2)(2)(2)(2)(2).ini O4 - Global Startup: desktop(2)(2)(2)(2)(3).ini O4 - Global Startup: desktop(2)(2)(2)(2).ini O4 - Global Startup: desktop(2)(2)(2)(3)(2).ini O4 - Global Startup: desktop(2)(2)(2)(3).ini O4 - Global Startup: desktop(2)(2)(2)(4).ini O4 - Global Startup: desktop(2)(2)(2).ini O4 - Global Startup: desktop(2)(2)(3)(2)(2).ini O4 - Global Startup: desktop(2)(2)(3)(2).ini O4 - Global Startup: desktop(2)(2)(3)(3).ini O4 - Global Startup: desktop(2)(2)(3).ini O4 - Global Startup: desktop(2)(2)(4)(2).ini O4 - Global Startup: desktop(2)(2)(4).ini O4 - Global Startup: desktop(2)(2)(5).ini O4 - Global Startup: desktop(2)(2).ini O4 - Global Startup: desktop(2)(3)(2)(2)(2).ini O4 - Global Startup: desktop(2)(3)(2)(2).ini O4 - Global Startup: desktop(2)(3)(2)(3).ini O4 - Global Startup: desktop(2)(3)(2).ini O4 - Global Startup: desktop(2)(3)(3)(2).ini O4 - Global Startup: desktop(2)(3)(3).ini O4 - Global Startup: desktop(2)(3)(4).ini O4 - Global Startup: desktop(2)(3).ini O4 - Global Startup: desktop(2)(4)(2)(2).ini O4 - Global Startup: desktop(2)(4)(2).ini O4 - Global Startup: desktop(2)(4)(3).ini O4 - Global Startup: desktop(2)(4).ini O4 - Global Startup: desktop(2)(5)(2).ini O4 - Global Startup: desktop(2)(5).ini O4 - Global Startup: desktop(2)(6).ini O4 - Global Startup: desktop(2).ini O4 - Global Startup: desktop(3)(2)(2)(2)(2).ini O4 - Global Startup: desktop(3)(2)(2)(2).ini O4 - Global Startup: desktop(3)(2)(2)(3).ini O4 - Global Startup: desktop(3)(2)(2).ini O4 - Global Startup: desktop(3)(2)(3)(2).ini O4 - Global Startup: desktop(3)(2)(3).ini O4 - Global Startup: desktop(3)(2)(4).ini O4 - Global Startup: desktop(3)(2).ini O4 - Global Startup: desktop(3)(3)(2)(2).ini O4 - Global Startup: desktop(3)(3)(2).ini O4 - Global Startup: desktop(3)(3)(3).ini O4 - Global Startup: desktop(3)(3).ini O4 - Global Startup: desktop(3)(4)(2).ini O4 - Global Startup: desktop(3)(4).ini O4 - Global Startup: desktop(3)(5).ini O4 - Global Startup: desktop(3).ini O4 - Global Startup: desktop(4)(2)(2)(2).ini O4 - Global Startup: desktop(4)(2)(2).ini O4 - Global Startup: desktop(4)(2)(3).ini O4 - Global Startup: desktop(4)(2).ini O4 - Global Startup: desktop(4)(3)(2).ini O4 - Global Startup: desktop(4)(3).ini O4 - Global Startup: desktop(4)(4).ini O4 - Global Startup: desktop(4).ini O4 - Global Startup: desktop(5)(2)(2).ini O4 - Global Startup: desktop(5)(2).ini O4 - Global Startup: desktop(5)(3).ini O4 - Global Startup: desktop(5).ini O4 - Global Startup: desktop(6)(2).ini O4 - Global Startup: desktop(6).ini O4 - Global Startup: palstart(2).exe O4 - Global Startup: palstart.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_21.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} (phoneaccess Class) - http://ip.sponsoradulto.com/cab/4/fr/phoneaccess.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122920828967 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {701DC9DC-ACD5-4E94-85E3-F3F1ED68611A} (CWebClientCtl Object) - http://download.paltalk.com/webclient_prod...ebclientctl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} (VOGWeb2 Class) - http://216.32.89.203/activex/vogweb29.cab O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rcabinstall.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/eng/billard9_2_0_0_24.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: MAPI Mail Client (MAPI) - Unknown owner - C:\WINDOWS\System32\mapi32.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Je lui ai dit de virer son P2P déjà plusieurs fois...

le 14 décembre 2005
12 réponses

Log HJT[Abandonné because P2P]

Apollo a répondu à un(e) sujet de Apollo dans Analyses et éradication malwares

Toujours là! Incident Status Location Adware:adware/maxifiles Not desinfected C:\PROGRAM FILES\FICHIERS COMMUNS\InetGet Adware:adware/exact.bargainbuddyNot desinfected Windows Registry Les instructions ont été suivies Charles, du moins c'est ce qui m'est certifié...

le 13 décembre 2005
12 réponses

Log HJT[Abandonné because P2P]

Apollo a répondu à un(e) sujet de Apollo dans Analyses et éradication malwares

Re, Pendant ce temps j'ai eu le rapport Antivir: Creation date of the report file: mardi 13 décembre 2005 13:01 AntiVir®/XP (2000 + NT) PersonalEdition Classic Build 1114 of 04.11.2005 Mainprogram 6.32.00.51 of 03.11.2005 VDF file 6.33.0.20 (0) of 12.12.2005 This program is for PERSONAL USE only. Any other use is PROHIBITED. Informations regarding commercial versions of AntiVir may be obtained from: www.hbedv.com. Scanning for 262109 virus strains and unwanted programs. Licensed for: AntiVir Personal Edition Serial number: 0000149991-WURGE-0001 Please enter the workstation and contact name with phone number in this form: Name ___________________________________________ Street ___________________________________________ Town ___________________________________________ Phone/Fax ___________________________________________ Email ___________________________________________ Platform: Windows NT Workstation Windows version: 5.1 Build 2600 () Username: X Processor: Pentium Working memory: 1572076 KB free Version information: AVWIN.DLL : 6.32.00.51 561192 04.11.2005 07:50:54 AVEWIN32.DLL : 6.33.0.61 1004032 24.11.2005 17:53:20 AVGNT.EXE : 6.32.00.02 180327 03.11.2005 17:06:56 AVGUARD.EXE : 6.32.00.12 208424 03.11.2005 17:06:58 GUARDMSG.DLL : 6.30.00.02 94248 01.02.2005 10:24:12 AVGCMSG.DLL : 6.32.00.01 295029 03.11.2005 17:06:58 AVGNTDW.SYS : 6.31.00.01 32896 29.04.2005 08:07:16 AVPACK32.DLL : 6.32.00.02 319528 03.11.2005 16:57:42 AVGETVER.DLL : 6.30.00.00 24576 28.01.2005 17:10:20 AVSHLEXT.DLL : 6.30.00.01 40960 28.01.2005 17:10:22 AVSched32.EXE : 6.32.00.01 110632 20.09.2005 14:16:26 AVSched32.DLL : 6.30.00.00 122880 01.02.2005 10:24:12 AVREG.DLL : 6.31.00.05 41000 07.09.2005 16:34:50 AVRep.DLL : 6.33.00.08 1577000 06.12.2005 11:09:16 INETUPD.EXE : 6.32.00.53 262203 04.11.2005 07:49:30 INETUPD.DLL : 6.32.00.53 143360 04.11.2005 07:49:30 CTL3D32.DLL : 2.31.000 27136 28.08.2001 13:00:00 MFC42.DLL : 6.00.8665.0 995383 28.08.2001 13:00:00 MSVCRT.DLL : 7.0.2600.0 (xpclient.010817-1148 MSVCRT.DLL : 7.0.2600.0 (xp 322560 28.08.2001 13:00:00 CTL3DV2.DLL : No information Configuration file: Name of configuration file: C:\Program Files\AVPersonal\AVWIN.INI Name of report file: C:\Program Files\AVPersonal\LOGFILES\AVWIN.LOG Start path: C:\Program Files\AVPersonal Command line: Start mode: unknown Mode of report file: [ ] Do not create report [X] Overwrite report [ ] Append new report Data in report file: [X] Infected files [ ] Infected files with paths [ ] All scanned files [ ] Full information Abridge report file: [ ] Abridge report file Warnings in report: [X] Access denied/file locked [X] Wrong file size in directory [X] Wrong creation time in directory [ ] COM file is too large [X] Invalid start address [X] Invalid EXE header [X] Possibly damaged Summary report: [X] Create summary report Output file: AVWIN.ACT Maximum number of entries: 100 Where to search: [X] Memory [X] Boot record of selected drives [ ] Report unknown boot sectors [X] All files [ ] Program files Response in case of a detection: [X] Repair with prompt [ ] Repair without prompt [ ] Delete with prompt [ ] Delete without prompt [ ] Write in report file only [X] Acoustic alarm Response in case of destroyed files: [X] Delete with prompt [ ] Delete without prompt [ ] Ignore Response in case of destroyed files: [X] No change [ ] Current system time [ ] Correct date Drag&drop settings: [X] Scan subdirectories Profile settings: [X] Scan subdirectories Archive options [X] Search archive [X] Archive types to leave out 1002 1001 1000 Miscellaneous options: Temporary path: %TEMP% -> C:\DOCUME~1\X\LOCALS~1\Temp [X] Overwrite infected files [ ] Detect idle time [X] Allow interruptions of scan [ ] Load AVWin®/NT Guard on System start General settings: [X] Save options on exiting AntiVir Priority: medium Drives: A: Floppy drive C: Hard disk D: CD-ROM E: CD-ROM F: CD-ROM Start of scan: mardi 13 décembre 2005 13:01 Memory test OK Master boot record of hard disk HD0 OK Boot record of drive C: OK Access denied! Error during file opening! Error code: 0x0002 C:\ WARNING! Access error/file locked! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery AlexaRelated.zip ArchiveType: ZIP NOTE! The whole archive is password protected ExactAdvertisingBargainsBuddy.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINDashBar.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINDashBar1.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINDashBar2.zip ArchiveType: ZIP GAINDashBar3.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINDashBar4.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINDashBar5.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator1.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator10.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator11.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator12.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator13.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator14.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator15.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator16.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator17.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator18.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator19.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator2.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator20.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator21.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator22.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator23.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator24.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator25.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator26.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator27.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator28.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator29.zip ArchiveType: ZIP GAINGator3.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator30.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator31.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator32.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator33.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator34.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator35.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator36.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator37.zip ArchiveType: ZIP GAINGator38.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator39.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator4.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator40.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator5.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator6.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator7.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator8.zip ArchiveType: ZIP NOTE! The whole archive is password protected GAINGator9.zip ArchiveType: ZIP NOTE! The whole archive is password protected Hotbar.zip ArchiveType: ZIP NOTE! The whole archive is password protected Hotbar1.zip ArchiveType: ZIP Hotbar2.zip ArchiveType: ZIP NOTE! The whole archive is password protected Hotbar3.zip ArchiveType: ZIP NOTE! The whole archive is password protected Hotbar4.zip ArchiveType: ZIP NOTE! The whole archive is password protected Hotbar5.zip ArchiveType: ZIP NOTE! The whole archive is password protected MaxSearch.zip ArchiveType: ZIP NOTE! The whole archive is password protected MaxSearch1.zip ArchiveType: ZIP NOTE! The whole archive is password protected MaxSearch10.zip ArchiveType: ZIP NOTE! The whole archive is password protected MaxSearch11.zip ArchiveType: ZIP NOTE! The whole archive is password protected MaxSearch12.zip ArchiveType: ZIP NOTE! The whole archive is password protected MaxSearch13.zip ArchiveType: ZIP MaxSearch2.zip ArchiveType: ZIP NOTE! The whole archive is password protected MaxSearch3.zip ArchiveType: ZIP MaxSearch4.zip ArchiveType: ZIP NOTE! The whole archive is password protected MaxSearch5.zip ArchiveType: ZIP NOTE! The whole archive is password protected MaxSearch6.zip ArchiveType: ZIP NOTE! The whole archive is password protected MaxSearch7.zip ArchiveType: ZIP NOTE! The whole archive is password protected MaxSearch8.zip ArchiveType: ZIP NOTE! The whole archive is password protected MaxSearch9.zip ArchiveType: ZIP NOTE! The whole archive is password protected MyWayMyBar.zip ArchiveType: ZIP NOTE! The whole archive is password protected MyWayMySearch.zip ArchiveType: ZIP NOTE! The whole archive is password protected MyWayMySearch1.zip ArchiveType: ZIP NOTE! The whole archive is password protected MyWayMySearch10.zip ArchiveType: ZIP NOTE! The whole archive is password protected MyWayMySearch11.zip ArchiveType: ZIP NOTE! The whole archive is password protected MyWayMySearch12.zip ArchiveType: ZIP NOTE! The whole archive is password protected MyWayMySearch13.zip ArchiveType: ZIP NOTE! The whole archive is password protected MyWayMySearch14.zip ArchiveType: ZIP NOTE! The whole archive is password protected MyWayMySearch15.zip ArchiveType: ZIP NOTE! The whole archive is password protected MyWayMySearch16.zip ArchiveType: ZIP NOTE! The whole archive is password protected MyWayMySearch2.zip ArchiveType: ZIP NOTE! The whole archive is password protected MyWayMySearch3.zip ArchiveType: ZIP NOTE! The whole archive is password protected MyWayMySearch4.zip ArchiveType: ZIP NOTE! The whole archive is password protected MyWayMySearch5.zip ArchiveType: ZIP MyWayMySearch6.zip ArchiveType: ZIP MyWayMySearch7.zip ArchiveType: ZIP NOTE! The whole archive is password protected MyWayMySearch8.zip ArchiveType: ZIP NOTE! The whole archive is password protected MyWayMySearch9.zip ArchiveType: ZIP NOTE! The whole archive is password protected SolutionsSearchAssistant.zip ArchiveType: ZIP NOTE! The whole archive is password protected C:\Documents and Settings\mika\Local Settings\Temp\hsperfdata_mika 2248 Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! C:\Documents and Settings\X ntuser.dat Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! ntuser.dat.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! C:\Documents and Settings\X\Local Settings\Application Data\Microsoft\Windows UsrClass.dat Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! UsrClass.dat.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! C:\Program Files\BoontyGames\Ricochet Lost World Recharged Data.dat ArchiveType: ZIP C:\Program Files\LimeWire\.NetworkShare nemo ps1.rar ArchiveType: RAR --> setup.exe [DETECTION] Is the Trojan horse TR/Dldr.IstBar.nj.1 nemo ps1.zip ArchiveType: ZIP --> setup.exe [DETECTION] Is the Trojan horse TR/Dldr.IstBar.nj.1 C:\Program Files\PC Wizard 2006\Web webupdt.exe [DETECTION] Contains suspicious code HEURISTIC/Trojan.Downloader WAS DELETED! C:\Program Files\Rockstar Games\GTA San Andreas pztrain.exe [DETECTION] Contains an unusual runtime compression tool (PCK/MEW). Please verify the origin of the file WAS DELETED! C:\Program Files\WinRAR rarnew.dat ArchiveType: RAR NOTE! The archive is created by multiple volumes C:\Program Files\Yahoo!\YPSR\Quarantine 20050927101448.zip ArchiveType: ZIP --> persist.dbs NOTE! The file is password protected --> LimeWirePackedJars4.9.23.7z NOTE! The file is password protected --> LimeWirePackedJars4.9.28.7z NOTE! The file is password protected --> LimeWirePackedJars4.9.30.7z NOTE! The file is password protected --> LimeWireWin4.9.23.exe NOTE! The file is password protected --> LimeWireWin4.9.28(2).exe NOTE! The file is password protected --> clink.jar NOTE! The file is password protected --> commons-httpclient.jar NOTE! The file is password protected --> commons-logging.jar NOTE! The file is password protected --> COPYING NOTE! The file is password protected --> daap.jar NOTE! The file is password protected --> data.ser NOTE! The file is password protected --> GenericWindowsUtils(2).dll NOTE! The file is password protected --> hashes NOTE! The file is password protected --> i18n.jar NOTE! The file is password protected --> icu4j.jar NOTE! The file is password protected --> id3v2.jar NOTE! The file is password protected --> install.log NOTE! The file is password protected --> jcraft.jar NOTE! The file is password protected --> jl011.jar NOTE! The file is password protected --> jmdns.jar NOTE! The file is password protected --> language.prop NOTE! The file is password protected --> LimeWire On Startup.lnk NOTE! The file is password protected --> LimeWire(2).exe NOTE! The file is password protected --> LimeWire(2).ico NOTE! The file is password protected --> LimeWire.exe NOTE! The file is password protected --> LimeWire.ico NOTE! The file is password protected --> LimeWire.jar NOTE! The file is password protected --> LimeWire20(2).dll NOTE! The file is password protected --> logicrypto.jar NOTE! The file is password protected --> looks.jar NOTE! The file is password protected --> MessagesBundle.properties NOTE! The file is password protected --> MessagesBundles.jar NOTE! The file is password protected --> mp3sp14.jar NOTE! The file is password protected --> pmf.ico NOTE! The file is password protected --> ProgressTabs.jar NOTE! The file is password protected --> badge.img NOTE! The file is password protected --> limewire.gif NOTE! The file is password protected --> options.js NOTE! The file is password protected --> silentdetect.js NOTE! The file is password protected --> badge.img NOTE! The file is password protected --> limewire.gif NOTE! The file is password protected --> options.js NOTE! The file is password protected --> silentdetect.js NOTE! The file is password protected --> SOURCE NOTE! The file is password protected --> spacer.gif NOTE! The file is password protected --> themes.jar NOTE! The file is password protected --> tritonus.jar NOTE! The file is password protected --> uninstall.exe NOTE! The file is password protected --> unpack.log NOTE! The file is password protected --> update.ver NOTE! The file is password protected --> vorbis.jar NOTE! The file is password protected --> WindowsV5PlusUtils(2).dll NOTE! The file is password protected --> xerces.jar NOTE! The file is password protected --> xml-apis.jar NOTE! The file is password protected --> xml.war NOTE! The file is password protected --> reg9E.tmp NOTE! The file is password protected --> x@2o7[1].txt NOTE! The file is password protected 20051110200250.zip ArchiveType: ZIP --> LimeWirePackedJars4.9.28.7z NOTE! The file is password protected --> LimeWirePackedJars4.9.30.7z NOTE! The file is password protected --> LimeWireWin4.9.28.exe NOTE! The file is password protected --> LimeWireWin4.9.30.exe NOTE! The file is password protected --> clink.jar NOTE! The file is password protected --> commons-httpclient.jar NOTE! The file is password protected --> commons-logging.jar NOTE! The file is password protected --> COPYING NOTE! The file is password protected --> daap.jar NOTE! The file is password protected --> data.ser NOTE! The file is password protected --> GenericWindowsUtils.dll NOTE! The file is password protected --> hashes NOTE! The file is password protected --> i18n.jar NOTE! The file is password protected --> icu4j.jar NOTE! The file is password protected --> id3v2.jar NOTE! The file is password protected --> install.log NOTE! The file is password protected --> jcraft.jar NOTE! The file is password protected --> jl011.jar NOTE! The file is password protected --> jmdns.jar NOTE! The file is password protected --> language.prop NOTE! The file is password protected --> LimeWire On Startup.lnk NOTE! The file is password protected --> LimeWire.exe NOTE! The file is password protected --> LimeWire.ico NOTE! The file is password protected --> LimeWire.jar NOTE! The file is password protected --> LimeWire20.dll NOTE! The file is password protected --> logicrypto.jar NOTE! The file is password protected --> looks.jar NOTE! The file is password protected --> MessagesBundle.properties NOTE! The file is password protected --> MessagesBundles.jar NOTE! The file is password protected --> mp3sp14.jar NOTE! The file is password protected --> pmf.ico NOTE! The file is password protected --> ProgressTabs.jar NOTE! The file is password protected --> badge.img NOTE! The file is password protected --> limewire.gif NOTE! The file is password protected --> options.js NOTE! The file is password protected --> silentdetect.js NOTE! The file is password protected --> SOURCE NOTE! The file is password protected --> spacer.gif NOTE! The file is password protected --> themes.jar NOTE! The file is password protected --> tritonus.jar NOTE! The file is password protected --> uninstall.exe NOTE! The file is password protected --> unpack.log NOTE! The file is password protected --> update.ver NOTE! The file is password protected --> vorbis.jar NOTE! The file is password protected --> WindowsV5PlusUtils.dll NOTE! The file is password protected --> xerces.jar NOTE! The file is password protected --> xml-apis.jar NOTE! The file is password protected --> xml.war NOTE! The file is password protected --> LimeWirePackedJars4.9.28.7z NOTE! The file is password protected --> LimeWirePackedJars4.9.30.7z NOTE! The file is password protected --> LimeWireWin4.9.28.exe NOTE! The file is password protected --> LimeWireWin4.9.30.exe NOTE! The file is password protected --> clink.jar NOTE! The file is password protected --> commons-httpclient.jar NOTE! The file is password protected --> commons-logging.jar NOTE! The file is password protected --> COPYING NOTE! The file is password protected --> daap.jar NOTE! The file is password protected --> data.ser NOTE! The file is password protected --> GenericWindowsUtils.dll NOTE! The file is password protected --> hashes NOTE! The file is password protected --> i18n.jar NOTE! The file is password protected --> icu4j.jar NOTE! The file is password protected --> id3v2.jar NOTE! The file is password protected --> install.log NOTE! The file is password protected --> jcraft.jar NOTE! The file is password protected --> jl011.jar NOTE! The file is password protected --> jmdns.jar NOTE! The file is password protected --> language.prop NOTE! The file is password protected --> LimeWire On Startup.lnk NOTE! The file is password protected --> LimeWire.exe NOTE! The file is password protected --> LimeWire.ico NOTE! The file is password protected --> LimeWire.jar NOTE! The file is password protected --> LimeWire20.dll NOTE! The file is password protected --> logicrypto.jar NOTE! The file is password protected --> looks.jar NOTE! The file is password protected --> MessagesBundle.properties NOTE! The file is password protected --> MessagesBundles.jar NOTE! The file is password protected --> mp3sp14.jar NOTE! The file is password protected --> pmf.ico NOTE! The file is password protected --> ProgressTabs.jar NOTE! The file is password protected --> badge.img NOTE! The file is password protected --> limewire.gif NOTE! The file is password protected --> options.js NOTE! The file is password protected --> silentdetect.js NOTE! The file is password protected --> SOURCE NOTE! The file is password protected --> spacer.gif NOTE! The file is password protected --> themes.jar NOTE! The file is password protected --> tritonus.jar NOTE! The file is password protected --> uninstall.exe NOTE! The file is password protected --> unpack.log NOTE! The file is password protected --> update.ver NOTE! The file is password protected --> vorbis.jar NOTE! The file is password protected --> WindowsV5PlusUtils.dll NOTE! The file is password protected --> xerces.jar NOTE! The file is password protected --> xml-apis.jar NOTE! The file is password protected --> xml.war NOTE! The file is password protected --> reg6F.tmp NOTE! The file is password protected --> x@bluestreak[2].txt NOTE! The file is password protected --> x@metriweb[1].txt NOTE! The file is password protected --> x@tradedoubler[2].txt NOTE! The file is password protected --> x@weborama[1].txt NOTE! The file is password protected --> clink.jar NOTE! The file is password protected --> commons-httpclient.jar NOTE! The file is password protected --> commons-logging.jar NOTE! The file is password protected --> daap.jar NOTE! The file is password protected --> GenericWindowsUtils.dll NOTE! The file is password protected --> i18n.jar NOTE! The file is password protected --> icu4j.jar NOTE! The file is password protected --> id3v2.jar NOTE! The file is password protected --> jcraft.jar NOTE! The file is password protected --> jl011.jar NOTE! The file is password protected --> jmdns.jar NOTE! The file is password protected --> LimeWire.exe NOTE! The file is password protected --> LimeWire.jar NOTE! The file is password protected --> LimeWire20.dll NOTE! The file is password protected --> logicrypto.jar NOTE! The file is password protected --> looks.jar NOTE! The file is password protected --> MessagesBundles.jar NOTE! The file is password protected --> mp3sp14.jar NOTE! The file is password protected --> ProgressTabs.jar NOTE! The file is password protected --> clink.jar NOTE! The file is password protected --> commons-httpclient.jar NOTE! The file is password protected --> commons-logging.jar NOTE! The file is password protected --> daap.jar NOTE! The file is password protected --> GenericWindowsUtils.dll NOTE! The file is password protected --> i18n.jar NOTE! The file is password protected --> icu4j.jar NOTE! The file is password protected --> id3v2.jar NOTE! The file is password protected --> jcraft.jar NOTE! The file is password protected --> jl011.jar NOTE! The file is password protected --> jmdns.jar NOTE! The file is password protected --> LimeWire.exe NOTE! The file is password protected --> LimeWire.jar NOTE! The file is password protected --> LimeWire20.dll NOTE! The file is password protected --> logicrypto.jar NOTE! The file is password protected --> looks.jar NOTE! The file is password protected --> MessagesBundles.jar NOTE! The file is password protected --> mp3sp14.jar NOTE! The file is password protected --> ProgressTabs.jar NOTE! The file is password protected 20051116204623.zip ArchiveType: ZIP NOTE! The whole archive is password protected C:\RECYCLER\S-1-5-21-448539723-507921405-839522115-1005 Dc18.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes Error! Could not change directory: System Volume Information C:\WINDOWS\$NtUninstallKB835732$ reg00005 [DETECTION] Contains signature of the worm WORM/CodBot.20959 WAS DELETED! C:\WINDOWS\system32\config default Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! default.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SAM Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SAM.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SECURITY Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SECURITY.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! software Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! software.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! system Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! system.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! End of scan: mardi 13 décembre 2005 14:32 Time taken: 90:24 min 4614 directories were scanned 101704 files were scanned 17 warning messages were issued 3 files were deleted 0 files were repaired 5 detections Le scan Panda est en cours... mais je suppose qu'on va me dire autre-chose avec ce que je vois dans ce rapport comme noms.

le 13 décembre 2005
12 réponses

Log HJT[Abandonné because P2P]

Apollo a répondu à un(e) sujet de Apollo dans Analyses et éradication malwares

Ok Charles, c'est transmis merci. On n'a plus qu'à se laisser pousser la barbe...

le 13 décembre 2005
12 réponses

Log HJT[Abandonné because P2P]

Apollo a répondu à un(e) sujet de Apollo dans Analyses et éradication malwares

Bonjour à tous, Voici le scan Panda en attendant la suite... Incident Status Location Adware:adware/maxifiles Not desinfected C:\PROGRAM FILES\FICHIERS COMMUNS\InetGet Adware:adware/exact.bargainbuddyNot desinfected Windows Registry

le 13 décembre 2005
12 réponses

Log HJT[Abandonné because P2P]

Apollo a répondu à un(e) sujet de Apollo dans Analyses et éradication malwares

Salut BipBip et Charles, Transmis le message de BipBip concernant les multiples apparitions dans le panneau; j'attends la suite. Charles, Il est évident que je déconseille toujours les logiciels P2P; quant au XP du moyen-âge, va savoir pourquoi il est toujours là. J'ai une petite idée, comme beaucoup de monde sûrement... Je posterai le rapport Antivir dès que je l'aurais reçu. T'as essayé la machine à courir?

le 12 décembre 2005
12 réponses

Log HJT[Abandonné because P2P]

Apollo a posté un sujet dans Analyses et éradication malwares

Bonsoir, Après avoir admiré ce beau panneau de configuration, j'ai conseillé d'appliquer la procédure avant Hijackthis et analyse du rapport d'Antivir et HJT; je poste tout de même un premier log pour voir les belles infections qu'il doit y avoir. Logfile of HijackThis v1.99.1 Scan saved at 18:06:18, on 12/12/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\System32\ELAN.exe C:\WINDOWS\System32\GSICON.EXE C:\WINDOWS\System32\dslagent.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Shareaza\Shareaza.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\ZonejeuX\GRoom\GroomAgent.exe C:\Program Files\Namtuk\Capture My Screen\CaptureMyScreen.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\INSTAN~1\bin\CMCENT~1.EXE C:\PROGRA~1\INSTAN~1\bin\INSTAN~1.EXE C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: phoneaccess Class - {5054F860-748D-4840-B7B4-DDDB428421AF} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\System32\ELAN.exe O4 - HKLM\..\Run: [AME_CSA] rundll32 AmeCSA.cpl,RUN_DLL O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\System32\Utility.exe \1008 O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ML1HelperStartUp] C:\PROGRA~1\MIDNIG~1\ML1HEL~1.EXE /partner ML1 O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [services32] C:\Program Files\Fichiers communs\Windows\mc-48-555-0000027.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - Startup: desktop(2)(2)(2)(2)(2)(2).ini O4 - Startup: desktop(2)(2)(2)(2)(2).ini O4 - Startup: desktop(2)(2)(2)(2)(3).ini O4 - Startup: desktop(2)(2)(2)(2).ini O4 - Startup: desktop(2)(2)(2)(3)(2).ini O4 - Startup: desktop(2)(2)(2)(3).ini O4 - Startup: desktop(2)(2)(2)(4).ini O4 - Startup: desktop(2)(2)(2).ini O4 - Startup: desktop(2)(2)(3)(2)(2).ini O4 - Startup: desktop(2)(2)(3)(2).ini O4 - Startup: desktop(2)(2)(3)(3).ini O4 - Startup: desktop(2)(2)(3).ini O4 - Startup: desktop(2)(2)(4)(2).ini O4 - Startup: desktop(2)(2)(4).ini O4 - Startup: desktop(2)(2)(5).ini O4 - Startup: desktop(2)(2).ini O4 - Startup: desktop(2)(3)(2)(2)(2).ini O4 - Startup: desktop(2)(3)(2)(2).ini O4 - Startup: desktop(2)(3)(2)(3).ini O4 - Startup: desktop(2)(3)(2).ini O4 - Startup: desktop(2)(3)(3)(2).ini O4 - Startup: desktop(2)(3)(3).ini O4 - Startup: desktop(2)(3)(4).ini O4 - Startup: desktop(2)(3).ini O4 - Startup: desktop(2)(4)(2)(2).ini O4 - Startup: desktop(2)(4)(2).ini O4 - Startup: desktop(2)(4)(3).ini O4 - Startup: desktop(2)(4).ini O4 - Startup: desktop(2)(5)(2).ini O4 - Startup: desktop(2)(5).ini O4 - Startup: desktop(2)(6).ini O4 - Startup: desktop(2).ini O4 - Startup: desktop(3)(2)(2)(2)(2).ini O4 - Startup: desktop(3)(2)(2)(2).ini O4 - Startup: desktop(3)(2)(2)(3).ini O4 - Startup: desktop(3)(2)(2).ini O4 - Startup: desktop(3)(2)(3)(2).ini O4 - Startup: desktop(3)(2)(3).ini O4 - Startup: desktop(3)(2)(4).ini O4 - Startup: desktop(3)(2).ini O4 - Startup: desktop(3)(3)(2)(2).ini O4 - Startup: desktop(3)(3)(2).ini O4 - Startup: desktop(3)(3)(3).ini O4 - Startup: desktop(3)(3).ini O4 - Startup: desktop(3)(4)(2).ini O4 - Startup: desktop(3)(4).ini O4 - Startup: desktop(3)(5).ini O4 - Startup: desktop(3).ini O4 - Startup: desktop(4)(2)(2)(2).ini O4 - Startup: desktop(4)(2)(2).ini O4 - Startup: desktop(4)(2)(3).ini O4 - Startup: desktop(4)(2).ini O4 - Startup: desktop(4)(3)(2).ini O4 - Startup: desktop(4)(3).ini O4 - Startup: desktop(4)(4).ini O4 - Startup: desktop(4).ini O4 - Startup: desktop(5)(2).ini O4 - Startup: desktop(5).ini O4 - Startup: Groom Agent.lnk = C:\Program Files\ZonejeuX\GRoom\GroomAgent.exe O4 - Global Startup: desktop(2)(2)(2)(2)(2)(2).ini O4 - Global Startup: desktop(2)(2)(2)(2)(2).ini O4 - Global Startup: desktop(2)(2)(2)(2)(3).ini O4 - Global Startup: desktop(2)(2)(2)(2).ini O4 - Global Startup: desktop(2)(2)(2)(3)(2).ini O4 - Global Startup: desktop(2)(2)(2)(3).ini O4 - Global Startup: desktop(2)(2)(2)(4).ini O4 - Global Startup: desktop(2)(2)(2).ini O4 - Global Startup: desktop(2)(2)(3)(2)(2).ini O4 - Global Startup: desktop(2)(2)(3)(2).ini O4 - Global Startup: desktop(2)(2)(3)(3).ini O4 - Global Startup: desktop(2)(2)(3).ini O4 - Global Startup: desktop(2)(2)(4)(2).ini O4 - Global Startup: desktop(2)(2)(4).ini O4 - Global Startup: desktop(2)(2)(5).ini O4 - Global Startup: desktop(2)(2).ini O4 - Global Startup: desktop(2)(3)(2)(2)(2).ini O4 - Global Startup: desktop(2)(3)(2)(2).ini O4 - Global Startup: desktop(2)(3)(2)(3).ini O4 - Global Startup: desktop(2)(3)(2).ini O4 - Global Startup: desktop(2)(3)(3)(2).ini O4 - Global Startup: desktop(2)(3)(3).ini O4 - Global Startup: desktop(2)(3)(4).ini O4 - Global Startup: desktop(2)(3).ini O4 - Global Startup: desktop(2)(4)(2)(2).ini O4 - Global Startup: desktop(2)(4)(2).ini O4 - Global Startup: desktop(2)(4)(3).ini O4 - Global Startup: desktop(2)(4).ini O4 - Global Startup: desktop(2)(5)(2).ini O4 - Global Startup: desktop(2)(5).ini O4 - Global Startup: desktop(2)(6).ini O4 - Global Startup: desktop(2).ini O4 - Global Startup: desktop(3)(2)(2)(2)(2).ini O4 - Global Startup: desktop(3)(2)(2)(2).ini O4 - Global Startup: desktop(3)(2)(2)(3).ini O4 - Global Startup: desktop(3)(2)(2).ini O4 - Global Startup: desktop(3)(2)(3)(2).ini O4 - Global Startup: desktop(3)(2)(3).ini O4 - Global Startup: desktop(3)(2)(4).ini O4 - Global Startup: desktop(3)(2).ini O4 - Global Startup: desktop(3)(3)(2)(2).ini O4 - Global Startup: desktop(3)(3)(2).ini O4 - Global Startup: desktop(3)(3)(3).ini O4 - Global Startup: desktop(3)(3).ini O4 - Global Startup: desktop(3)(4)(2).ini O4 - Global Startup: desktop(3)(4).ini O4 - Global Startup: desktop(3)(5).ini O4 - Global Startup: desktop(3).ini O4 - Global Startup: desktop(4)(2)(2)(2).ini O4 - Global Startup: desktop(4)(2)(2).ini O4 - Global Startup: desktop(4)(2)(3).ini O4 - Global Startup: desktop(4)(2).ini O4 - Global Startup: desktop(4)(3)(2).ini O4 - Global Startup: desktop(4)(3).ini O4 - Global Startup: desktop(4)(4).ini O4 - Global Startup: desktop(4).ini O4 - Global Startup: desktop(5)(2)(2).ini O4 - Global Startup: desktop(5)(2).ini O4 - Global Startup: desktop(5)(3).ini O4 - Global Startup: desktop(5).ini O4 - Global Startup: desktop(6)(2).ini O4 - Global Startup: desktop(6).ini O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: palstart(2).exe O4 - Global Startup: palstart.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_21.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} (phoneaccess Class) - http://ip.sponsoradulto.com/cab/4/fr/phoneaccess.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122920828967 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {701DC9DC-ACD5-4E94-85E3-F3F1ED68611A} (CWebClientCtl Object) - http://download.paltalk.com/webclient_prod...ebclientctl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} (VOGWeb2 Class) - http://216.32.89.203/activex/vogweb29.cab O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rcabinstall.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/eng/billard9_2_0_0_24.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe O23 - Service: MAPI Mail Client (MAPI) - Unknown owner - C:\WINDOWS\System32\mapi32.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Bonne soirée à tous et merci d'avance. (il y a du sermon dans l'air, je le sens...)

le 12 décembre 2005
12 réponses

Profils

Forums

Blogs

Tout ce qui a été posté par Apollo