Aller au contenu

Jarlaxe

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    19

  • Inscription

  • Dernière visite

Tout ce qui a été posté par Jarlaxe

  1. Jarlaxe
    re bonjour non pas pour le moment merci de ton aide
  2. Jarlaxe
    bonjours voicile rapport edwido --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 11:41:32, 25/01/2006 + Somme de contrôle: 80F87753 + Résultats du scan: HKLM\SOFTWARE\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} -> Spyware.ISTBar : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\ISTx.Installer -> Spyware.ISTBar : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\ISTx.Installer\CLSID -> Spyware.ISTBar : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} -> Spyware.ISTBar : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\WUSN.1 -> Spyware.SaveNow : Nettoyer et sauvegarder HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll -> Spyware.ISTBar : Nettoyer et sauvegarder HKLM\SOFTWARE\WhenU -> Spyware.SaveNow : Nettoyer et sauvegarder HKU\S-1-5-21-1645522239-1935655697-1957994488-1004\Software\IST -> Spyware.ISTBar : Nettoyer et sauvegarder :mozilla.32:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder :mozilla.33:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder :mozilla.34:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder :mozilla.35:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder :mozilla.38:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Sexcounter : Nettoyer et sauvegarder :mozilla.39:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Sexcounter : Nettoyer et sauvegarder :mozilla.40:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Sexcounter : Nettoyer et sauvegarder :mozilla.41:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Sexcounter : Nettoyer et sauvegarder :mozilla.47:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Overture : Nettoyer et sauvegarder :mozilla.49:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Overture : Nettoyer et sauvegarder :mozilla.54:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder :mozilla.63:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder :mozilla.64:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder :mozilla.65:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder :mozilla.66:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder :mozilla.67:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder :mozilla.90:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder :mozilla.106:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder :mozilla.107:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder :mozilla.108:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder :mozilla.113:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder :mozilla.127:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Mediaplex : Nettoyer et sauvegarder :mozilla.130:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.131:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.132:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.133:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.134:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder :mozilla.135:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder :mozilla.139:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.159:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Pointroll : Nettoyer et sauvegarder :mozilla.160:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Pointroll : Nettoyer et sauvegarder :mozilla.161:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder :mozilla.162:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder :mozilla.163:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Pointroll : Nettoyer et sauvegarder :mozilla.164:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Pointroll : Nettoyer et sauvegarder :mozilla.170:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder :mozilla.179:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.180:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.181:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.182:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.183:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.184:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.185:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.193:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder :mozilla.204:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder :mozilla.205:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder :mozilla.206:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder :mozilla.207:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder :mozilla.218:C:\Documents and Settings\Jarlaxe\Application Data\Mozilla\Firefox\Profiles\ro9ksi04.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder C:\Documents and Settings\Jarlaxe\Cookies\jarlaxe@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Nettoyer et sauvegarder C:\Documents and Settings\Jarlaxe\Cookies\jarlaxe@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder C:\Documents and Settings\Jarlaxe\Cookies\jarlaxe@atdmt[2].txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder C:\Documents and Settings\Jarlaxe\Cookies\jarlaxe@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder C:\Documents and Settings\Jarlaxe\Cookies\jarlaxe@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Nettoyer et sauvegarder C:\Documents and Settings\Jarlaxe\Cookies\jarlaxe@weborama[1].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder C:\Documents and Settings\Jarlaxe\Cookies\jarlaxe@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder C:\Documents and Settings\Jarlaxe\Local Settings\Temp\Uninst.exe -> Adware.SaveNow : Nettoyer et sauvegarder C:\Program Files\ISTsvc -> Spyware.ISTBar : Nettoyer et sauvegarder C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MirarSetup.exe -> Adware.SaveNow : Nettoyer et sauvegarder C:\WINDOWS\Downloaded Program Files\MirarSetup.exe -> Adware.SaveNow : Nettoyer et sauvegarder C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Nettoyer et sauvegarder C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Nettoyer et sauvegarder ::Fin du rapport et voici le rapport hijackthis Logfile of HijackThis v1.99.1 Scan saved at 12:05:23, on 25/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Canon\MultiPASS4\MPTBox.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: stop messenger.bat O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe et la ligne O4 - Startup: stop messenger.bat est normale c'est un fichier batch que jai cree pour arrete le service des message de windows car je recevais des message provenant de site x
  3. Jarlaxe
    bonsoir voila mon premier rapport hijac (celui de mon 2eme pc portable) Logfile of HijackThis v1.99.1 Scan saved at 19:24:30, on 23/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\MESSAG~1\StartMessager.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Canon\MultiPASS4\MPTBox.exe C:\Program Files\SaveNow\SaveNow.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\wuauclt.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe O4 - HKLM\..\Run: [saveNow] C:\Program Files\SaveNow\SaveNow.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: stop messenger.bat O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_cracks.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE et voici mon rapport apres nettoyage et optimisation si Jack Burton ou une autre personne competente peu y jeter un coup d'oeil et me dire si j'ai pas fais de connerie ce serai super cool Logfile of HijackThis v1.99.1 Scan saved at 23:18:02, on 23/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe O4 - HKLM\..\Run: [saveNow] C:\Program Files\SaveNow\SaveNow.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: stop messenger.bat O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe et me dire si la line O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe et nefaste ou pas voila merci d'avance
  4. Jarlaxe
    bonjours ipl_001 je ne vois pas de problem au fait que tu serve de cette discution comme exemple et tu peu garde mon spedo si tu en a envie et desoler pour le retard de ma reponse
  5. Jarlaxe
    re bonjour donc il me reste plus qu'a installer un anty spyware et regarder pour le navigateur je te remercie pour ces conseils et juste pour ewido je le laisse installer ou je l'enleve
  6. Jarlaxe
    pas pour le moment et je te remercie pour tes reponses je vais lire les posts dont tu ma donner les liens
  7. Jarlaxe
    alors deja que fait SmitfraudFix l2mfix je presume que c'est la même chose que SmitfraudFix mais pour une autre "virus" et comment fait tu pour savoir se qu'il ne va pas dans le rapport de hijackthis (qui au passage et un log asse interessant) voila en gros je pense que pour le moment ce tous
  8. Jarlaxe
    pour le moment tous a l'aire d'aller je t'en remercie j'ai pas tous compris ce qu'on a fais mais si tu a le temps j'aurai bien aimé que tu m'explique un peu
  9. Jarlaxe
    alors deja demarrage sans message d'erreur et voici le rapport Logfile of HijackThis v1.99.1 Scan saved at 21:59:27, on 11/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Acer\eManager\anbmServ.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\acer\epm\epm-dm.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Hacker\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  10. Jarlaxe
    voila le rapport Logfile of HijackThis v1.99.1 Scan saved at 21:43:50, on 11/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\acer\epm\epm-dm.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Hacker\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe si je comprend bien il y a une clé (ou un system) qui essaie d'ouvrir se fichier au demarrage et ce de la que me vien le message d'erreur me disant qu'il ne trouve pas le fichier
  11. Jarlaxe
    non justement et une question par raport a zone alarm dois-je autoriser generic Host Process for Win32 Services a ce connecter en tant que serveur et a se connecter a internet?
  12. Jarlaxe
    a chaque demarrage windows m'envoi un message d'erreure me disant qu'il ne trouve pas se fichier justemet et vien d'essaie avec killbox et il y a message d'erreur "PendiingFileRenameOperations Registry Data has been Removed by External Process!" avec un seul bouton "OK" et il redemare pas
  13. Jarlaxe
    re bonsoir desoler j'ai du m'absenter un moment alors le raport ewido --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 20:39:04, 11/01/2006 + Somme de contrôle: 9CB8B6F0 + Résultats du scan: C:\Documents and Settings\Hacker\Cookies\hacker@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Cookies\hacker@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Cookies\hacker@atdmt[2].txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Cookies\hacker@weborama[2].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Cookies\hacker@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Nettoyer et sauvegarder ::Fin du rapport et le raport de hijackthis Logfile of HijackThis v1.99.1 Scan saved at 20:47:08, on 11/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\acer\epm\epm-dm.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Hacker\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  14. Jarlaxe
    voici le raport de ewido --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 17:24:15, 11/01/2006 + Somme de contrôle: 53A92E2C + Résultats du scan: HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} -> Spyware.HotBar : Nettoyer et sauvegarder HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP -> Spyware.Look2Me : Nettoyer et sauvegarder HKU\S-1-5-21-3373964283-40180423-4169274459-1005\Software\Microsoft\Internet Explorer\Keywords -> Spyware.CoolWebSearch : Nettoyer et sauvegarder HKU\S-1-5-21-3373964283-40180423-4169274459-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289} -> Spyware.SmartShopper : Nettoyer et sauvegarder HKU\S-1-5-21-3373964283-40180423-4169274459-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74CC49F7-EB32-4A08-B204-948962A6E3DB} -> Spyware.HotBar : Nettoyer et sauvegarder HKU\S-1-5-21-3373964283-40180423-4169274459-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Nettoyer et sauvegarder HKU\S-1-5-21-3373964283-40180423-4169274459-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{946B3E9E-E21A-49C8-9F63-900533FAFE14} -> Spyware.HotBar : Nettoyer et sauvegarder C:\WINDOWS\Temp\Cookies\hacker@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder C:\WINDOWS\Temp\Cookies\hacker@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Nettoyer et sauvegarder C:\WINDOWS\Temp\Cookies\hacker@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder C:\WINDOWS\Temp\Cookies\hacker@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder C:\WINDOWS\Temp\Cookies\hacker@paypopup[1].txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder C:\WINDOWS\hosts -> Trojan.Qhost.el : Nettoyer et sauvegarder C:\WINDOWS\inet20003\3.00.13.dll -> Spyware.Ihbo : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@weborama[2].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@atdmt[2].txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@2o7[2].txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@perf.overture[1].txt -> Spyware.Cookie.Overture : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@data1.perf.overture[1].txt -> Spyware.Cookie.Overture : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Local Settings\Temp\Cookies\hacker@advertising[2].txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\dinhpast.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\dmprov.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\hr6s05j7e.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\jtj2071oe.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\kwdlv1.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\mbltiplex_vcd.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\mcdart.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\mptlsapi.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\osbccr32.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\Pfpr01sw.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\dlls\pyrfproc.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/dinhpast.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/dmprov.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/hr6s05j7e.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/jtj2071oe.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/kwdlv1.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/mbltiplex_vcd.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/mcdart.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/mptlsapi.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/osbccr32.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/Pfpr01sw.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Bureau\l2mfix\backup.zip/dlls/pyrfproc.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\Hacker\Cookies\hacker@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder C:\Program Files\Softwin\BitDefender8\Quarantine\mscornet.exe -> Downloader.Zlob.ei : Nettoyer et sauvegarder C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002338.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002351.exe -> Adware.Spyaxe : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002357.dll -> Adware.SpySheriff : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002368.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002388.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002405.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002641.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002700.exe/regfreeze.5.4-patch.exe -> Worm.Incef.b : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002702.exe -> Worm.Incef.b : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002721.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002722.dll -> Spyware.Ihbo : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002734.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002740.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002743.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002764.dll -> Adware.SpySheriff : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002766.dll -> Spyware.SpywareNo : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002767.dll -> Adware.SpySheriff : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002778.dll -> Downloader.Small : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002782.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002790.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002791.dll -> Spyware.Ihbo : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002804.exe -> Adware.SpySheriff : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002812.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002820.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002821.dll -> Spyware.Ihbo : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002834.exe -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002855.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002863.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002864.dll -> Spyware.Ihbo : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP19\A0002874.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP20\A0002890.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP20\A0002896.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP20\A0002906.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP20\A0002907.dll -> Spyware.Ihbo : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP20\A0002915.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003049.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003075.exe -> Not-A-Virus.Hoax.Win32.Renos.al : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003077.dll -> Not-A-Virus.SpamTool.Win32.Mailbot.u : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003078.dll -> Logger.Small.dg : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003079.dll -> Logger.Small.dg : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003080.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003087.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003092.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003096.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003100.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003107.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003112.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003116.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003125.TLB -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003133.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003142.TLB -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003150.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003151.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003156.tlb -> Downloader.Zlob.dr : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003163.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003175.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003177.DLL -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003178.DLL -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003179.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003180.DLL -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003181.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003182.DLL -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003183.DLL -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003184.DLL -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP21\A0003185.DLL -> Spyware.Look2Me : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP22\A0004297.dll -> Spyware.CommAd : Nettoyer et sauvegarder C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP22\A0004298.exe -> Adware.CommAd : Nettoyer et sauvegarder C:\!KillBox\mscornet.exe -> Downloader.Zlob.ei : Nettoyer et sauvegarder ::Fin du rapport et le raport de hijackthis Logfile of HijackThis v1.99.1 Scan saved at 17:33:46, on 11/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\acer\epm\epm-dm.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Hacker\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1133511621375 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: Mixer - sndmixex.dl (file missing) O20 - Winlogon Notify: msctl32.dll - msctl32.dll (file missing) O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  15. Jarlaxe
    voici le nouveau raport l2mfix L2mfix 010406 Creating Account. La commande s'est termin‚e correctement. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 596 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 676 'winlogon.exe' Killing PID 676 'winlogon.exe' Killing PID 676 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 896 'explorer.exe' Killing PID 896 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1952 'rundll32.exe' Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrateurs ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). Deleting: C:\WINDOWS\system32\dinhpast.dll Successfully Deleted: C:\WINDOWS\system32\dinhpast.dll Deleting: C:\WINDOWS\system32\dmprov.dll Successfully Deleted: C:\WINDOWS\system32\dmprov.dll Deleting: C:\WINDOWS\system32\hr6s05j7e.dll Successfully Deleted: C:\WINDOWS\system32\hr6s05j7e.dll Deleting: C:\WINDOWS\system32\jtj2071oe.dll Successfully Deleted: C:\WINDOWS\system32\jtj2071oe.dll Deleting: C:\WINDOWS\system32\kwdlv1.dll Successfully Deleted: C:\WINDOWS\system32\kwdlv1.dll Deleting: C:\WINDOWS\system32\mbltiplex_vcd.dll Successfully Deleted: C:\WINDOWS\system32\mbltiplex_vcd.dll Deleting: C:\WINDOWS\system32\mcdart.dll Successfully Deleted: C:\WINDOWS\system32\mcdart.dll Deleting: C:\WINDOWS\system32\mptlsapi.dll Successfully Deleted: C:\WINDOWS\system32\mptlsapi.dll Deleting: C:\WINDOWS\system32\osbccr32.dll Successfully Deleted: C:\WINDOWS\system32\osbccr32.dll Deleting: C:\WINDOWS\system32\Pfpr01sw.dll Successfully Deleted: C:\WINDOWS\system32\Pfpr01sw.dll Deleting: C:\WINDOWS\system32\pyrfproc.dll Successfully Deleted: C:\WINDOWS\system32\pyrfproc.dll msg11?.dll 0 fichier(s) copi‚(s). Desktop.ini sucessfully removed Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\jtj2071oe.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] @="" "DLLName"="igfxdev.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Mixer] "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "StartShell"="Entry" "DllName"="sndmixex.dl" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msctl32.dll] "DllName"="msctl32.dll" "Startup"="Startup" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000000 "ExtParam"=hex:65,3b,ac,98,14,6a,59,33,f8,bc,d5,10,4d,57,6f,fe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** C:\WINDOWS\system32\dinhpast.dll C:\WINDOWS\system32\dmprov.dll C:\WINDOWS\system32\hr6s05j7e.dll C:\WINDOWS\system32\jtj2071oe.dll C:\WINDOWS\system32\kwdlv1.dll C:\WINDOWS\system32\mbltiplex_vcd.dll C:\WINDOWS\system32\mcdart.dll C:\WINDOWS\system32\mptlsapi.dll C:\WINDOWS\system32\osbccr32.dll C:\WINDOWS\system32\Pfpr01sw.dll C:\WINDOWS\system32\pyrfproc.dll Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{E30042D7-B96D-442C-973E-9598065B41BE}] @="" [HKEY_CLASSES_ROOT\CLSID\{E30042D7-B96D-442C-973E-9598065B41BE}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{E30042D7-B96D-442C-973E-9598065B41BE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{E30042D7-B96D-442C-973E-9598065B41BE}\InprocServer32] @="C:\\WINDOWS\\system32\\mptlsapi.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{74BDD8BF-1931-48DE-A207-F701BA48E231}] @="" [HKEY_CLASSES_ROOT\CLSID\{74BDD8BF-1931-48DE-A207-F701BA48E231}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{74BDD8BF-1931-48DE-A207-F701BA48E231}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{74BDD8BF-1931-48DE-A207-F701BA48E231}\InprocServer32] @="C:\\WINDOWS\\system32\\dinhpast.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{849ED89B-6529-408A-96D6-9A6E3A360E00}] @="" [HKEY_CLASSES_ROOT\CLSID\{849ED89B-6529-408A-96D6-9A6E3A360E00}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{849ED89B-6529-408A-96D6-9A6E3A360E00}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{849ED89B-6529-408A-96D6-9A6E3A360E00}\InprocServer32] @="C:\\WINDOWS\\system32\\Pfpr01sw.dll" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{E30042D7-B96D-442C-973E-9598065B41BE}"=- "{74BDD8BF-1931-48DE-A207-F701BA48E231}"=- "{849ED89B-6529-408A-96D6-9A6E3A360E00}"=- [-HKEY_CLASSES_ROOT\CLSID\{E30042D7-B96D-442C-973E-9598065B41BE}] [-HKEY_CLASSES_ROOT\CLSID\{74BDD8BF-1931-48DE-A207-F701BA48E231}] [-HKEY_CLASSES_ROOT\CLSID\{849ED89B-6529-408A-96D6-9A6E3A360E00}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: adding: dlls/dinhpast.dll (deflated 5%) adding: dlls/dmprov.dll (deflated 5%) adding: dlls/hr6s05j7e.dll (deflated 5%) adding: dlls/jtj2071oe.dll (deflated 4%) adding: dlls/kwdlv1.dll (deflated 4%) adding: dlls/mbltiplex_vcd.dll (deflated 5%) adding: dlls/mcdart.dll (deflated 6%) adding: dlls/mptlsapi.dll (deflated 5%) adding: dlls/osbccr32.dll (deflated 5%) adding: dlls/Pfpr01sw.dll (deflated 4%) adding: dlls/pyrfproc.dll (deflated 6%) adding: backregs/notibac.reg (deflated 87%) adding: backregs/shell.reg (deflated 73%) adding: backregs/E30042D7-B96D-442C-973E-9598065B41BE.reg (deflated 70%) adding: backregs/74BDD8BF-1931-48DE-A207-F701BA48E231.reg (deflated 70%) adding: backregs/849ED89B-6529-408A-96D6-9A6E3A360E00.reg (deflated 70%) et le nouveau raoprt hijackthis Logfile of HijackThis v1.99.1 Scan saved at 15:36:07, on 11/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\WINDOWS\SGFja2Vy\command.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Network Monitor\netmon.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\acer\epm\epm-dm.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Hacker\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1133511621375 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\jtj2071oe.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: Mixer - sndmixex.dl (file missing) O20 - Winlogon Notify: msctl32.dll - msctl32.dll (file missing) O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SGFja2Vy\command.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  16. Jarlaxe
    voici le raport de l2mfix L2MFIX find log 010406 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\jtj2071oe.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] @="" "DLLName"="igfxdev.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Mixer] "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "StartShell"="Entry" "DllName"="sndmixex.dl" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msctl32.dll] "DllName"="msctl32.dll" "Startup"="Startup" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000000 "ExtParam"=hex:65,3b,ac,98,14,6a,59,33,f8,bc,d5,10,4d,57,6f,fe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{2D325E29-B4FC-5D5E-8195-19BBA3F5FE3C}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel" "{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0}"="EPM-PO Shell Extension" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="P‚riph‚riques Plug and Play universels" "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v8" "{E30042D7-B96D-442C-973E-9598065B41BE}"="" "{74BDD8BF-1931-48DE-A207-F701BA48E231}"="" "{849ED89B-6529-408A-96D6-9A6E3A360E00}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{E30042D7-B96D-442C-973E-9598065B41BE}] @="" [HKEY_CLASSES_ROOT\CLSID\{E30042D7-B96D-442C-973E-9598065B41BE}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{E30042D7-B96D-442C-973E-9598065B41BE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{E30042D7-B96D-442C-973E-9598065B41BE}\InprocServer32] @="C:\\WINDOWS\\system32\\mptlsapi.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{74BDD8BF-1931-48DE-A207-F701BA48E231}] @="" [HKEY_CLASSES_ROOT\CLSID\{74BDD8BF-1931-48DE-A207-F701BA48E231}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{74BDD8BF-1931-48DE-A207-F701BA48E231}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{74BDD8BF-1931-48DE-A207-F701BA48E231}\InprocServer32] @="C:\\WINDOWS\\system32\\dinhpast.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{849ED89B-6529-408A-96D6-9A6E3A360E00}] @="" [HKEY_CLASSES_ROOT\CLSID\{849ED89B-6529-408A-96D6-9A6E3A360E00}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{849ED89B-6529-408A-96D6-9A6E3A360E00}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{849ED89B-6529-408A-96D6-9A6E3A360E00}\InprocServer32] @="C:\\WINDOWS\\system32\\Pfpr01sw.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ spmsg.dll Thu 13 Oct 2005 0:15:26 ..... 15 072 14,72 K wininet.dll Fri 21 Oct 2005 4:41:06 A.... 662 528 647,00 K urlmon.dll Sat 5 Nov 2005 4:17:26 A.... 606 208 592,00 K shlwapi.dll Fri 21 Oct 2005 4:41:04 A.... 474 112 463,00 K shdocvw.dll Thu 1 Dec 2005 5:01:16 A.... 1 492 992 1,42 M pngfilt.dll Fri 21 Oct 2005 4:41:04 A.... 39 424 38,50 K osbccr32.dll Wed 11 Jan 2006 12:17:28 ..S.R 235 206 229,69 K mstime.dll Fri 21 Oct 2005 4:41:04 A.... 530 944 518,50 K browseui.dll Thu 24 Nov 2005 1:08:34 A.... 1 022 976 999,00 K msrating.dll Fri 21 Oct 2005 4:41:04 A.... 146 432 143,00 K mshtmled.dll Fri 21 Oct 2005 4:41:04 A.... 448 512 438,00 K mshtml.dll Thu 24 Nov 2005 1:08:36 A.... 3 013 632 2,87 M dxtrans.dll Fri 21 Oct 2005 4:41:00 A.... 205 312 200,50 K inseng.dll Fri 21 Oct 2005 4:41:00 A.... 96 768 94,50 K iepeers.dll Fri 21 Oct 2005 4:41:00 A.... 251 392 245,50 K danim.dll Sat 5 Nov 2005 4:17:22 A.... 1 056 768 1,01 M cdfview.dll Fri 21 Oct 2005 4:41:00 A.... 152 064 148,50 K fontsub.dll Mon 17 Oct 2005 22:21:08 A.... 80 896 79,00 K extmgr.dll Fri 21 Oct 2005 4:41:00 A.... 55 808 54,50 K esent.dll Thu 20 Oct 2005 23:25:54 A.... 1 097 728 1,05 M sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118 784 116,00 K vsdata.dll Tue 15 Nov 2005 0:50:30 A.... 83 720 81,76 K gdi32.dll Thu 29 Dec 2005 3:56:04 A.... 280 064 273,50 K pbpr01sw.dll Mon 26 Dec 2005 15:57:32 A.... 7 168 7,00 K pfpr01sw.dll Wed 11 Jan 2006 14:47:28 ..S.R 233 606 228,13 K hr6s05~1.dll Wed 11 Jan 2006 14:46:34 ..S.R 236 716 231,17 K vsutil.dll Tue 15 Nov 2005 0:51:12 A.... 382 728 373,76 K mcdart.dll Wed 11 Jan 2006 11:17:36 ..S.R 237 304 231,74 K vsmonapi.dll Tue 15 Nov 2005 0:50:52 A.... 104 208 101,77 K bassmod.dll Tue 10 Jan 2006 10:43:36 A.... 14 848 14,50 K atmtd.dll Tue 10 Jan 2006 10:40:34 A.... 687 592 671,48 K vspubapi.dll Tue 15 Nov 2005 0:50:56 A.... 227 088 221,77 K mptlsapi.dll Tue 10 Jan 2006 21:27:44 ..S.R 235 005 229,50 K kwdlv1.dll Tue 10 Jan 2006 10:40:58 ..S.R 234 272 228,78 K dinhpast.dll Tue 10 Jan 2006 21:34:54 ..S.R 236 331 230,79 K t2embed.dll Mon 17 Oct 2005 22:21:08 A.... 118 272 115,50 K pyrfproc.dll Wed 11 Jan 2006 9:30:24 ..S.R 237 304 231,74 K vsinit.dll Tue 15 Nov 2005 0:50:42 A.... 141 064 137,76 K vsxml.dll Tue 15 Nov 2005 0:51:20 A.... 100 104 97,76 K vsregexp.dll Tue 15 Nov 2005 0:51:00 A.... 71 440 69,77 K zlcomm.dll Tue 15 Nov 2005 0:51:40 A.... 79 624 77,76 K zlcommdb.dll Tue 15 Nov 2005 0:51:44 A.... 71 440 69,77 K dmprov.dll Wed 11 Jan 2006 13:41:44 ..S.R 236 716 231,17 K jtj207~1.dll Wed 11 Jan 2006 14:38:32 ..S.R 233 606 228,13 K mbltip~1.dll Wed 11 Jan 2006 12:26:02 ..S.R 236 327 230,79 K vsutil~1.dll Tue 15 Nov 2005 0:37:08 A.... 54 960 53,67 K legitc~1.dll Fri 4 Nov 2005 16:27:24 A.... 534 280 521,76 K 47 items found: 47 files (11 H/S), 0 directories. Total of file sizes: 17 119 345 bytes 16,32 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C s'appelle ACER Le num‚ro de s‚rie du volume est 320D-180E R‚pertoire de C:\WINDOWS\System32 11/01/2006 14:47 233ÿ606 Pfpr01sw.dll 11/01/2006 14:46 236ÿ716 hr6s05j7e.dll 11/01/2006 14:38 233ÿ606 jtj2071oe.dll 11/01/2006 13:41 236ÿ716 dmprov.dll 11/01/2006 12:26 236ÿ327 mbltiplex_vcd.dll 11/01/2006 12:17 235ÿ206 osbccr32.dll 11/01/2006 11:17 237ÿ304 mcdart.dll 11/01/2006 09:30 237ÿ304 pyrfproc.dll 10/01/2006 21:34 236ÿ331 dinhpast.dll 10/01/2006 21:27 235ÿ005 mptlsapi.dll 10/01/2006 10:40 234ÿ272 kwdlv1.dll 24/08/2005 03:39 <REP> Microsoft 24/08/2005 03:23 <REP> dllcache 11 fichier(s) 2ÿ592ÿ393 octets 2 R‚p(s) 21ÿ442ÿ543ÿ616 octets libres
  17. Jarlaxe
    voici le 2eme raport en mode sans echec et il a deja des amelirations SmitFraudFix v2.14 Rapport fait à 14:45:14,90 le 11/01/2006 Executé à partir de C:\Documents and Settings\Hacker\Bureau\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\desktop.html supprimé C:\WINDOWS\drsmartloadb1.dat supprimé C:\WINDOWS\system32\hp????.tmp supprimé C:\WINDOWS\system32\msvol.tlb supprimé C:\WINDOWS\system32\ncompat.tlb supprimé C:\WINDOWS\system32\nvctrl.exe supprimé C:\WINDOWS\system32\ot.ico supprimé C:\WINDOWS\system32\ts.ico supprimé C:\WINDOWS\system32\zlbw.dll supprimé C:\WINDOWS\system32\1024\ supprimé C:\Documents and Settings\Hacker\Application Data\Install.dat supprimé »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport et voici le raport de hijacckthis Logfile of HijackThis v1.99.1 Scan saved at 14:52:49, on 11/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\WINDOWS\SGFja2Vy\command.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\WINDOWS\explorer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Network Monitor\netmon.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\acer\epm\epm-dm.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Hacker\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1133511621375 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\jtj2071oe.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: Mixer - sndmixex.dl (file missing) O20 - Winlogon Notify: msctl32.dll - msctl32.dll (file missing) O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SGFja2Vy\command.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  18. Jarlaxe
    merci de m'avoir repondu aussi rapidement voici le premier raport de SmitFraudFix SmitFraudFix v2.14 Rapport fait à 14:40:03,92 le 11/01/2006 Executé à partir de C:\Documents and Settings\Hacker\Bureau\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\ »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS C:\WINDOWS\desktop.html PRESENT ! C:\WINDOWS\drsmartloadb1.dat PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32 C:\WINDOWS\system32\hp????.tmp PRESENT ! C:\WINDOWS\system32\msvol.tlb PRESENT ! C:\WINDOWS\system32\ncompat.tlb PRESENT ! C:\WINDOWS\system32\nvctrl.exe PRESENT ! C:\WINDOWS\system32\ot.ico PRESENT ! C:\WINDOWS\system32\ts.ico PRESENT ! C:\WINDOWS\system32\zlbw.dll PRESENT ! C:\WINDOWS\system32\1024\ PRESENT! »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Hacker\Application Data C:\Documents and Settings\Hacker\Application Data\Install.dat PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant" "{C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D}"="NetWrap for Windows" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
  19. Jarlaxe
    Bonjours à tous voila je suis infecter pas spyserif, j'ai fais un premier netoyage en suivant le poste epingler et vois le raport HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 12:20:19, on 11/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\WINDOWS\SGFja2Vy\command.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Network Monitor\netmon.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\explorer.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\system32\nvctrl.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\acer\epm\epm-dm.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Hacker\Bureau\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe" F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp4F34.tmp O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1133511621375 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\k462lejo1hoc.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: Mixer - sndmixex.dl (file missing) O20 - Winlogon Notify: msctl32.dll - msctl32.dll (file missing) O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SGFja2Vy\command.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe voila j'espere que vous allez pouvoir m'aider merci par avance
×
×
  • Créer...