Aller au contenu

Jarlaxe

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    19

  • Inscription

  • Dernière visite

Contact Methods

  • Website URL
    http://

Profile Information

  • Localisation
    nice

Autres informations

  • Mes langues
    francais

Jarlaxe's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Jarlaxe
    re bonjour non pas pour le moment merci de ton aide
  2. Jarlaxe
    bonjours voicile rapport edwido --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 11:41:32, 25/01/2006 + Somme de contrôle: 80F87753 + Résultats du scan: HKLM\SOFTWARE\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} -> Spyware.ISTBar : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\ISTx.Installer -> Spyware.ISTBar : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\ISTx.Installer\CLSID -> Spyware.ISTBar : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} -> Spyware.ISTBar : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\WUSN.1 -> Spyware.SaveNow : Nettoyer et sauvegarder HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll -> Spyware.ISTBar : Nettoyer et sauvegarder HKLM\SOFTWARE\WhenU -> Spyware.SaveNow : Nettoyer et sauvegarder HKU\S-1-5-21-1645522239-1935655697-1957994488-1004\Software\IST -> Spyware.ISTBar : Nettoyer et sauvegarder :mozilla.32:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder :mozilla.33:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder :mozilla.34:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder :mozilla.35:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder :mozilla.38:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Sexcounter : Nettoyer et sauvegarder :mozilla.39:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Sexcounter : Nettoyer et sauvegarder :mozilla.40:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Sexcounter : Nettoyer et sauvegarder :mozilla.41:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Sexcounter : Nettoyer et sauvegarder :mozilla.47:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Overture : Nettoyer et sauvegarder :mozilla.49:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Overture : Nettoyer et sauvegarder :mozilla.54:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder :mozilla.63:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder :mozilla.64:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder :mozilla.65:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder :mozilla.66:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder :mozilla.67:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder :mozilla.90:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder :mozilla.106:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder :mozilla.107:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder :mozilla.108:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder :mozilla.113:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder :mozilla.127:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Mediaplex : Nettoyer et sauvegarder :mozilla.130:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.131:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.132:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.133:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.134:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.135:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder :mozilla.139:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.159:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Pointroll : Nettoyer et sauvegarder :mozilla.160:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Pointroll : Nettoyer et sauvegarder :mozilla.161:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder :mozilla.162:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder :mozilla.163:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Pointroll : Nettoyer et sauvegarder :mozilla.164:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Pointroll : Nettoyer et sauvegarder :mozilla.170:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder :mozilla.179:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.180:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.181:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.182:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.183:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.184:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.185:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.193:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder :mozilla.204:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder :mozilla.205:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder :mozilla.206:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder :mozilla.207:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder :mozilla.218:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder C:\Documents and Settings\Jarlaxe\Cookies\jarlaxe@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Nettoyer et sauvegarder C:\Documents and Settings\Jarlaxe\Cookies\jarlaxe@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder C:\Documents and Settings\Jarlaxe\Cookies\jarlaxe@atdmt[2].txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder C:\Documents and Settings\Jarlaxe\Cookies\jarlaxe@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder C:\Documents and Settings\Jarlaxe\Cookies\jarlaxe@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Nettoyer et sauvegarder C:\Documents and Settings\Jarlaxe\Cookies\jarlaxe@weborama[1].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder C:\Documents and Settings\Jarlaxe\Cookies\jarlaxe@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder C:\Documents and Settings\Jarlaxe\Local Settings\Temp\Uninst.exe -> Adware.SaveNow : Nettoyer et sauvegarder C:\Program Files\ISTsvc -> Spyware.ISTBar : Nettoyer et sauvegarder C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MirarSetup.exe -> Adware.SaveNow : Nettoyer et sauvegarder C:\WINDOWS\Downloaded Program Files\MirarSetup.exe -> Adware.SaveNow : Nettoyer et sauvegarder C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Nettoyer et sauvegarder C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Nettoyer et sauvegarder ::Fin du rapport et voici le rapport hijackthis Logfile of HijackThis v1.99.1 Scan saved at 12:05:23, on 25/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Canon\MultiPASS4\MPTBox.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: stop messenger.bat O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe et la ligne O4 - Startup: stop messenger.bat est normale c'est un fichier batch que jai cree pour arrete le service des message de windows car je recevais des message provenant de site x
  3. Jarlaxe
    bonsoir voila mon premier rapport hijac (celui de mon 2eme pc portable) Logfile of HijackThis v1.99.1 Scan saved at 19:24:30, on 23/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\MESSAG~1\StartMessager.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Canon\MultiPASS4\MPTBox.exe C:\Program Files\SaveNow\SaveNow.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\wuauclt.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe O4 - HKLM\..\Run: [saveNow] C:\Program Files\SaveNow\SaveNow.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: stop messenger.bat O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_cracks.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE et voici mon rapport apres nettoyage et optimisation si Jack Burton ou une autre personne competente peu y jeter un coup d'oeil et me dire si j'ai pas fais de connerie ce serai super cool Logfile of HijackThis v1.99.1 Scan saved at 23:18:02, on 23/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe O4 - HKLM\..\Run: [saveNow] C:\Program Files\SaveNow\SaveNow.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: stop messenger.bat O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe et me dire si la line O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe et nefaste ou pas voila merci d'avance
  4. Jarlaxe
    bonjours ipl_001 je ne vois pas de problem au fait que tu serve de cette discution comme exemple et tu peu garde mon spedo si tu en a envie et desoler pour le retard de ma reponse
  5. Jarlaxe
    re bonjour donc il me reste plus qu'a installer un anty spyware et regarder pour le navigateur je te remercie pour ces conseils et juste pour ewido je le laisse installer ou je l'enleve
  6. Jarlaxe
    pas pour le moment et je te remercie pour tes reponses je vais lire les posts dont tu ma donner les liens
  7. Jarlaxe
    alors deja que fait SmitfraudFix l2mfix je presume que c'est la même chose que SmitfraudFix mais pour une autre "virus" et comment fait tu pour savoir se qu'il ne va pas dans le rapport de hijackthis (qui au passage et un log asse interessant) voila en gros je pense que pour le moment ce tous
  8. Jarlaxe
    pour le moment tous a l'aire d'aller je t'en remercie j'ai pas tous compris ce qu'on a fais mais si tu a le temps j'aurai bien aimé que tu m'explique un peu
  9. Jarlaxe
    alors deja demarrage sans message d'erreur et voici le rapport Logfile of HijackThis v1.99.1 Scan saved at 21:59:27, on 11/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Acer\eManager\anbmServ.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\acer\epm\epm-dm.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Hacker\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  10. Jarlaxe
    voila le rapport Logfile of HijackThis v1.99.1 Scan saved at 21:43:50, on 11/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\acer\epm\epm-dm.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Hacker\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe si je comprend bien il y a une clé (ou un system) qui essaie d'ouvrir se fichier au demarrage et ce de la que me vien le message d'erreur me disant qu'il ne trouve pas le fichier
  11. Jarlaxe
    non justement et une question par raport a zone alarm dois-je autoriser generic Host Process for Win32 Services a ce connecter en tant que serveur et a se connecter a internet?
  12. Jarlaxe
    a chaque demarrage windows m'envoi un message d'erreure me disant qu'il ne trouve pas se fichier justemet et vien d'essaie avec killbox et il y a message d'erreur "PendiingFileRenameOperations Registry Data has been Removed by External Process!" avec un seul bouton "OK" et il redemare pas
  13. Jarlaxe
    re bonsoir desoler j'ai du m'absenter un moment alors le raport ewido --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 20:39:04, 11/01/2006 + Somme de contrôle: 9CB8B6F0 + Résultats du scan: C:\Documents and Settings\Hacker\Cookies\hacker@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Cookies\hacker@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Cookies\hacker@atdmt[2].txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Cookies\hacker@weborama[2].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Cookies\hacker@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Nettoyer et sauvegarder ::Fin du rapport et le raport de hijackthis Logfile of HijackThis v1.99.1 Scan saved at 20:47:08, on 11/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\acer\epm\epm-dm.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Hacker\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  14. Jarlaxe
    voici le raport de ewido --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 17:24:15, 11/01/2006 + Somme de contrôle: 53A92E2C + Résultats du scan: HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} -> Spyware.HotBar : Nettoyer et sauvegarder HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP -> Spyware.Look2Me : Nettoyer et sauvegarder HKU\S-1-5-21-3373964283-40180423-4169274459-1005\Software\Microsoft\Internet Explorer\Keywords -> Spyware.CoolWebSearch : Nettoyer et sauvegarder HKU\S-1-5-21-3373964283-40180423-4169274459-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289} -> Spyware.SmartShopper : Nettoyer et sauvegarder HKU\S-1-5-21-3373964283-40180423-4169274459-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74CC49F7-EB32-4A08-B204-948962A6E3DB} -> Spyware.HotBar : Nettoyer et sauvegarder HKU\S-1-5-21-3373964283-40180423-4169274459-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Nettoyer et sauvegarder HKU\S-1-5-21-3373964283-40180423-4169274459-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{946B3E9E-E21A-49C8-9F63-900533FAFE14} -> Spyware.HotBar : Nettoyer et sauvegarder C:\WINDOWS\Temp\Cookies\hacker@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder C:\WINDOWS\Temp\Cookies\hacker@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Nettoyer et sauvegarder C:\WINDOWS\Temp\Cookies\hacker@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder C:\WINDOWS\Temp\Cookies\hacker@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder C:\WINDOWS\Temp\Cookies\hacker@paypopup[1].txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder C:\WINDOWS\hosts -> Trojan.Qhost.el : Nettoyer et sauvegarder C:\WINDOWS\inet20003\3.00.13.dll -> Spyware.Ihbo : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@weborama[2].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@atdmt[2].txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@2o7[2].txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@perf.overture[1].txt -> Spyware.Cookie.Overture : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@data1.perf.overture[1].txt -> Spyware.Cookie.Overture : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@advertising[2].txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\dinhpast.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\dmprov.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\hr6s05j7e.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\jtj2071oe.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\kwdlv1.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\mbltiplex_vcd.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\mcdart.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\mptlsapi.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\osbccr32.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\Pfpr01sw.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\pyrfproc.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/dinhpast.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/dmprov.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/hr6s05j7e.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/jtj2071oe.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/kwdlv1.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/mbltiplex_vcd.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/mcdart.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/mptlsapi.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/osbccr32.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/Pfpr01sw.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/pyrfproc.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Cookies\hacker@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder C:\Program Files\Softwin\BitDefender8\Quarantine\mscornet.exe -> Downloader.Zlob.ei : Nettoyer et sauvegarder C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002338.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002351.exe -> Adware.Spyaxe : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002357.dll -> Adware.SpySheriff : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002368.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002388.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002405.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002641.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002700.exe/regfreeze.5.4-patch.exe -> Worm.Incef.b : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002702.exe -> Worm.Incef.b : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002721.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002722.dll -> Spyware.Ihbo : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002734.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002740.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002743.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002764.dll -> Adware.SpySheriff : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002766.dll -> Spyware.SpywareNo : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002767.dll -> Adware.SpySheriff : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002778.dll -> Downloader.Small : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002782.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002790.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002791.dll -> Spyware.Ihbo : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002804.exe -> Adware.SpySheriff : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002812.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002820.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002821.dll -> Spyware.Ihbo : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002834.exe -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002855.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002863.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002864.dll -> Spyware.Ihbo : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002874.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP20\A0002890.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP20\A0002896.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP20\A0002906.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP20\A0002907.dll -> Spyware.Ihbo : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP20\A0002915.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003049.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003075.exe -> Not-A-Virus.Hoax.Win32.Renos.al : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003077.dll -> Not-A-Virus.SpamTool.Win32.Mailbot.u : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003078.dll -> Logger.Small.dg : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003079.dll -> Logger.Small.dg : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003080.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003087.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003092.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003096.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003100.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003107.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003112.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003116.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003125.TLB -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003133.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003142.TLB -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003150.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003151.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003156.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003163.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003175.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003177.DLL -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003178.DLL -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003179.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003180.DLL -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003181.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003182.DLL -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003183.DLL -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003184.DLL -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003185.DLL -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP22\A0004297.dll -> Spyware.CommAd : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP22\A0004298.exe -> Adware.CommAd : Nettoyer et sauvegarder C:\!KillBox\mscornet.exe -> Downloader.Zlob.ei : Nettoyer et sauvegarder ::Fin du rapport et le raport de hijackthis Logfile of HijackThis v1.99.1 Scan saved at 17:33:46, on 11/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\acer\epm\epm-dm.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Hacker\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1133511621375 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: Mixer - sndmixex.dl (file missing) O20 - Winlogon Notify: msctl32.dll - msctl32.dll (file missing) O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  15. Jarlaxe
    voici le nouveau raport l2mfix L2mfix 010406 Creating Account. La commande s'est termin‚e correctement. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 596 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 676 'winlogon.exe' Killing PID 676 'winlogon.exe' Killing PID 676 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 896 'explorer.exe' Killing PID 896 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1952 'rundll32.exe' Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrateurs ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). Deleting: C:\WINDOWS\system32\dinhpast.dll Successfully Deleted: C:\WINDOWS\system32\dinhpast.dll Deleting: C:\WINDOWS\system32\dmprov.dll Successfully Deleted: C:\WINDOWS\system32\dmprov.dll Deleting: C:\WINDOWS\system32\hr6s05j7e.dll Successfully Deleted: C:\WINDOWS\system32\hr6s05j7e.dll Deleting: C:\WINDOWS\system32\jtj2071oe.dll Successfully Deleted: C:\WINDOWS\system32\jtj2071oe.dll Deleting: C:\WINDOWS\system32\kwdlv1.dll Successfully Deleted: C:\WINDOWS\system32\kwdlv1.dll Deleting: C:\WINDOWS\system32\mbltiplex_vcd.dll Successfully Deleted: C:\WINDOWS\system32\mbltiplex_vcd.dll Deleting: C:\WINDOWS\system32\mcdart.dll Successfully Deleted: C:\WINDOWS\system32\mcdart.dll Deleting: C:\WINDOWS\system32\mptlsapi.dll Successfully Deleted: C:\WINDOWS\system32\mptlsapi.dll Deleting: C:\WINDOWS\system32\osbccr32.dll Successfully Deleted: C:\WINDOWS\system32\osbccr32.dll Deleting: C:\WINDOWS\system32\Pfpr01sw.dll Successfully Deleted: C:\WINDOWS\system32\Pfpr01sw.dll Deleting: C:\WINDOWS\system32\pyrfproc.dll Successfully Deleted: C:\WINDOWS\system32\pyrfproc.dll msg11?.dll 0 fichier(s) copi‚(s). Desktop.ini sucessfully removed Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\jtj2071oe.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] @="" "DLLName"="igfxdev.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Mixer] "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "StartShell"="Entry" "DllName"="sndmixex.dl" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msctl32.dll] "DllName"="msctl32.dll" "Startup"="Startup" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000000 "ExtParam"=hex:65,3b,ac,98,14,6a,59,33,f8,bc,d5,10,4d,57,6f,fe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** C:\WINDOWS\system32\dinhpast.dll C:\WINDOWS\system32\dmprov.dll C:\WINDOWS\system32\hr6s05j7e.dll C:\WINDOWS\system32\jtj2071oe.dll C:\WINDOWS\system32\kwdlv1.dll C:\WINDOWS\system32\mbltiplex_vcd.dll C:\WINDOWS\system32\mcdart.dll C:\WINDOWS\system32\mptlsapi.dll C:\WINDOWS\system32\osbccr32.dll C:\WINDOWS\system32\Pfpr01sw.dll C:\WINDOWS\system32\pyrfproc.dll Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{E30042D7-B96D-442C-973E-9598065B41BE}] @="" [HKEY_CLASSES_ROOT\CLSID\{E30042D7-B96D-442C-973E-9598065B41BE}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{E30042D7-B96D-442C-973E-9598065B41BE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{E30042D7-B96D-442C-973E-9598065B41BE}\InprocServer32] @="C:\\WINDOWS\\system32\\mptlsapi.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{74BDD8BF-1931-48DE-A207-F701BA48E231}] @="" [HKEY_CLASSES_ROOT\CLSID\{74BDD8BF-1931-48DE-A207-F701BA48E231}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{74BDD8BF-1931-48DE-A207-F701BA48E231}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{74BDD8BF-1931-48DE-A207-F701BA48E231}\InprocServer32] @="C:\\WINDOWS\\system32\\dinhpast.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{849ED89B-6529-408A-96D6-9A6E3A360E00}] @="" [HKEY_CLASSES_ROOT\CLSID\{849ED89B-6529-408A-96D6-9A6E3A360E00}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{849ED89B-6529-408A-96D6-9A6E3A360E00}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{849ED89B-6529-408A-96D6-9A6E3A360E00}\InprocServer32] @="C:\\WINDOWS\\system32\\Pfpr01sw.dll" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{E30042D7-B96D-442C-973E-9598065B41BE}"=- "{74BDD8BF-1931-48DE-A207-F701BA48E231}"=- "{849ED89B-6529-408A-96D6-9A6E3A360E00}"=- [-HKEY_CLASSES_ROOT\CLSID\{E30042D7-B96D-442C-973E-9598065B41BE}] [-HKEY_CLASSES_ROOT\CLSID\{74BDD8BF-1931-48DE-A207-F701BA48E231}] [-HKEY_CLASSES_ROOT\CLSID\{849ED89B-6529-408A-96D6-9A6E3A360E00}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: adding: dlls/dinhpast.dll (deflated 5%) adding: dlls/dmprov.dll (deflated 5%) adding: dlls/hr6s05j7e.dll (deflated 5%) adding: dlls/jtj2071oe.dll (deflated 4%) adding: dlls/kwdlv1.dll (deflated 4%) adding: dlls/mbltiplex_vcd.dll (deflated 5%) adding: dlls/mcdart.dll (deflated 6%) adding: dlls/mptlsapi.dll (deflated 5%) adding: dlls/osbccr32.dll (deflated 5%) adding: dlls/Pfpr01sw.dll (deflated 4%) adding: dlls/pyrfproc.dll (deflated 6%) adding: backregs/notibac.reg (deflated 87%) adding: backregs/shell.reg (deflated 73%) adding: backregs/E30042D7-B96D-442C-973E-9598065B41BE.reg (deflated 70%) adding: backregs/74BDD8BF-1931-48DE-A207-F701BA48E231.reg (deflated 70%) adding: backregs/849ED89B-6529-408A-96D6-9A6E3A360E00.reg (deflated 70%) et le nouveau raoprt hijackthis Logfile of HijackThis v1.99.1 Scan saved at 15:36:07, on 11/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\WINDOWS\SGFja2Vy\command.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Network Monitor\netmon.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\acer\epm\epm-dm.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Hacker\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1133511621375 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\jtj2071oe.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: Mixer - sndmixex.dl (file missing) O20 - Winlogon Notify: msctl32.dll - msctl32.dll (file missing) O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SGFja2Vy\command.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
×
×
  • Créer...