

MrPatate
Membres-
Compteur de contenus
6 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par MrPatate
-
[résolu]Rapport hijack
MrPatate a répondu à un(e) sujet de MrPatate dans Analyses et éradication malwares
Bonjour tout le monde Merci a tous pour le temps dont vous me faite Cadeau Ok je regarde pour installer la plupart des programmes dont tu me fais part Merci a tous et bon dimanche sous vos appplaudissements -
[résolu]Rapport hijack
MrPatate a répondu à un(e) sujet de MrPatate dans Analyses et éradication malwares
apres un scan 140 min soit un total de 1594 erreur qu il a corriger par compte j ai pas sauvegarder le log j ai fais le boulet dsl Mais dans tous les cas je te remercie sincerement Bruce Lee d avoir pris le temps d analyser et de me donner solution a mes logs Cordialement MrPatate -
[résolu]Rapport hijack
MrPatate a répondu à un(e) sujet de MrPatate dans Analyses et éradication malwares
rebonjour Voici 1 le rapport en option 1 de SmitfraudFix SmitFraudFix v2.16 Rapport fait à 17:04:07,07 le 04/02/2006 Executé à partir de C:\Documents and Settings\farid\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\ »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\farid\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport Maintenant le rapport de smitfraudfix en option 2 et mode sans echec SmitFraudFix v2.16 Rapport fait à 17:08:25,81 le 04/02/2006 Executé à partir de C:\Documents and Settings\farid\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport J ai fix les cle R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) Par contre la derniere (ci-dessous) avais disparu O4 - HKCU\..\Run: [spySheriff] C:\Program Files\SpySheriff\SpySheriff.exe les 2 dossiers a supprimé C:\Program Files\ SpySheriff C:\Program Files\ MyWebSearch n existait pas et voici le log hijackthis en mode normal Logfile of HijackThis v1.99.1 Scan saved at 17:17:43, on 04/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Norman\bin\ZANDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\NORMAN\Nvc\BIN\nvcoas.exe C:\NORMAN\Nvc\BIN\NVCSCHED.EXE C:\WINDOWS\Explorer.EXE C:\Norman\bin\NJEEVES.EXE C:\NORMAN\Nvc\BIN\nipsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\soundman.exe C:\Norman\bin\ZLH.EXE C:\WINDOWS\system32\LVComS.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\WINDOWS\system32\ctfmon.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\farid\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [soundMan] soundman.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVComS.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127496890003 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Merci encore Bruce Lee -
[résolu]Rapport hijack
MrPatate a répondu à un(e) sujet de MrPatate dans Analyses et éradication malwares
Oki bruce lee Merci du temps que tu passe pour mon probleme J ai fais ce que tu m as dis scan avec cwshredder.exe il a trouver nada (rien) Ajout suppression de programme pas de Mywebsearch J ai fix la clé que tu m as signaler Voici mon nouveau log sachant que j ai desinstaller du coup aussi la yahoo toolbar parce que j avais une fenetre DOS qui se lancait au demarrage un ppclean.exe et j aime pas trop se genre de fenetre J ai verifier mon msconfig parce que j avais modifier mon demarrage suite a une infection par spysherrif (une vrai merde ce truc) j ai donc reselectionner toute les clé Donc du coup j aurais un nouveau log a vous soumettre sachant que d apres ce que j ai compris des different tuto et post du forum faudrait que je supprime la 04-spysheriff pour pas qu il se lance ua demarrage ou plutot qu il essai pas de le lancer vu que je l ai supprime j attend vos confirmation merci encore par avance Mon nouveau log Logfile of HijackThis v1.99.1 Scan saved at 12:21:22, on 04/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Norman\bin\ZANDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\NORMAN\Nvc\BIN\nvcoas.exe C:\NORMAN\Nvc\BIN\NVCSCHED.EXE C:\WINDOWS\Explorer.EXE C:\Norman\bin\NJEEVES.EXE C:\NORMAN\Nvc\BIN\nipsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\soundman.exe C:\Norman\bin\ZLH.EXE C:\WINDOWS\system32\LVComS.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\WINDOWS\system32\ctfmon.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\farid\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [soundMan] soundman.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVComS.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spySheriff] C:\Program Files\SpySheriff\SpySheriff.exe O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127496890003 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -
[résolu]Rapport hijack
MrPatate a répondu à un(e) sujet de MrPatate dans Analyses et éradication malwares
re voici donc mon log antivir Creation date of the report file: vendredi 3 février 2006 22:57 AntiVir®/XP (2000 + NT) PersonalEdition Classic Build 1114 of 04.11.2005 Mainprogram 6.32.00.51 of 03.11.2005 VDF file 6.33.0.176 (0) of 30.01.2006 This program is for PERSONAL USE only. Any other use is PROHIBITED. Informations regarding commercial versions of AntiVir may be obtained from: www.hbedv.com. Scanning for 294471 virus strains and unwanted programs. Licensed for: AntiVir Personal Edition Serial number: 0000149991-WURGE-0001 Please enter the workstation and contact name with phone number in this form: Name ___________________________________________ Street ___________________________________________ Town ___________________________________________ Phone/Fax ___________________________________________ Email ___________________________________________ Platform: Windows NT Workstation Windows version: 5.1 Build 2600 (Service Pack 2) Username: farid Processor: Pentium Working memory: 785904 KB free Version information: AVWIN.DLL : 6.32.00.51 561192 04.11.2005 07:50:54 AVEWIN32.DLL : 6.33.0.81 1012224 26.01.2006 12:29:12 AVGNT.EXE : 6.32.00.02 180327 03.11.2005 17:06:56 AVGUARD.EXE : 6.32.00.12 208424 03.11.2005 17:06:58 GUARDMSG.DLL : 6.30.00.02 94248 01.02.2005 10:24:12 AVGCMSG.DLL : 6.32.00.01 295029 03.11.2005 17:06:58 AVGNTDW.SYS : 6.31.00.01 32896 29.04.2005 08:07:16 AVPACK32.DLL : 6.32.00.02 319528 03.11.2005 16:57:42 AVGETVER.DLL : 6.30.00.00 24576 28.01.2005 17:10:20 AVSHLEXT.DLL : 6.30.00.01 40960 28.01.2005 17:10:22 AVSched32.EXE : 6.32.00.01 110632 20.09.2005 14:16:26 AVSched32.DLL : 6.30.00.00 122880 01.02.2005 10:24:12 AVREG.DLL : 6.31.00.05 41000 07.09.2005 16:34:50 AVRep.DLL : 6.33.00.170 1654824 30.01.2006 09:39:26 INETUPD.EXE : 6.32.00.53 262203 04.11.2005 07:49:30 INETUPD.DLL : 6.32.00.53 143360 04.11.2005 07:49:30 CTL3D32.DLL : 2.31.000 27136 05.08.2004 13:00:00 MFC42.DLL : 6.02.4131.0 1028096 05.08.2004 13:00:00 MSVCRT.DLL : 7.0.2600.2180 (xpsp_sp2_rtm.0408 MSVCRT.DLL : 7.0.2600.2180 343040 05.08.2004 13:00:00 CTL3DV2.DLL : No information Configuration file: Name of configuration file: C:\Program Files\AVPersonal\AVWIN.INI Name of report file: C:\Program Files\AVPersonal\LOGFILES\AVWIN.LOG Start path: C:\Program Files\AVPersonal Command line: Start mode: unknown Mode of report file: [ ] Do not create report [X] Overwrite report [ ] Append new report Data in report file: [X] Infected files [ ] Infected files with paths [ ] All scanned files [ ] Full information Abridge report file: [ ] Abridge report file Warnings in report: [X] Access denied/file locked [X] Wrong file size in directory [X] Wrong creation time in directory [ ] COM file is too large [X] Invalid start address [X] Invalid EXE header [X] Possibly damaged Summary report: [X] Create summary report Output file: AVWIN.ACT Maximum number of entries: 100 Where to search: [X] Memory [X] Boot record of selected drives [ ] Report unknown boot sectors [X] All files [ ] Program files Response in case of a detection: [X] Repair with prompt [ ] Repair without prompt [ ] Delete with prompt [ ] Delete without prompt [ ] Write in report file only [X] Acoustic alarm Response in case of destroyed files: [X] Delete with prompt [ ] Delete without prompt [ ] Ignore Response in case of destroyed files: [X] No change [ ] Current system time [ ] Correct date Drag&drop settings: [X] Scan subdirectories Profile settings: [X] Scan subdirectories Archive options [X] Search archive [X] Archive types to leave out 1002 1001 1000 Miscellaneous options: Temporary path: %TEMP% -> C:\DOCUME~1\farid\LOCALS~1\Temp [X] Overwrite infected files [ ] Detect idle time [X] Allow interruptions of scan [ ] Load AVWin®/NT Guard on System start General settings: [X] Save options on exiting AntiVir Priority: medium Drives: A: Floppy drive C: Hard disk D: Hard disk E: Hard disk F: CD-ROM G: CD-ROM Start of scan: vendredi 3 février 2006 22:57 Memory test OK Master boot record of hard disk HD0 OK Boot record of drive C: OK Boot record of drive D: OK Boot record of drive E: OK Access denied! Error during file opening! Error code: 0x0002 C:\ WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\All Users\Documents\Mes images\Échantillons d'images WARNING! Access error/file locked! C:\Documents and Settings\farid ntuser.dat Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! NTUSER.DAT.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! C:\Documents and Settings\farid\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar archive.jar-13d25073-48fd5a07.zip [DETECTION] Contains signature of the Java virus JAVA/OpenConnecti.V WAS DELETED! archive.jar-55f323c9-282ce345.zip [DETECTION] Contains signature of the Java virus JAVA/Binny.a.4 WAS DELETED! java.jar-bae16f0-12bbc266.zip [DETECTION] Contains signature of the Java virus JAVA/OpenConnect.AK WAS DELETED! C:\Documents and Settings\farid\Local Settings\Application Data\Microsoft\Windows UsrClass.dat Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! UsrClass.dat.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes fichiers reçus WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\161204_noel hydretudes WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\2004-03-16-sulens WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\2004-03-17-soirée chez dd WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\2004-04-02-basket WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\2004-07-05-basket_match WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\2004-07-27_départ ddHYDRETUDES WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\2004-09-04-anni_maxime WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\2004-09-13-hydretudes WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\2004-10-02_cremaillere celine WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\2004-10-23_we à Morillon\photos aurélie WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\2004-10-23_we à Morillon\photos Delph WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\2004-11-25-Catherinette WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\2004-anni maxime_Camille\26ans_Maxime_Glappaz (09-2004) WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\2004-anni maxime_Maxime WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\2004-avril-hydrétudes WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\2004-juin-hydretudes WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\2004-mai-hydretudes WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\2004-novembre-hydrétudes WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\2005-01-27_terrain avec faf WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\2005-03-25_anni DD WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\Hydrétudes_soirée_Janv2004 WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\agraver\fafouniette\w-e_hydretudes_morillon_Mars2004 WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\anniv olivia_12_05 WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\farida WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\IM01IMAG WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\jenna bilou youn sab WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\mada WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\noel2005 WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\paris12_05 WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\Pocket Digital WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\Pocket Digital\030904 WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\Pocket Digital\111004 WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\Pocket Digital\25_6_04 WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\Pocket Digital\anniv farida WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\Pocket Digital\antalyaturkyie WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\Pocket Digital\maison WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\Pocket Digital\ski semnoz WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\Pocket Digital\skijejedede WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\Pocket Digital\vtt+rando WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\semnozfati_fad_12_05 WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\semnozsamiha WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Documents and Settings\farid\Mes documents\Mes images\smiley WARNING! Access error/file locked! C:\Documents and Settings\NetworkService NTUSER.DAT Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! ntuser.dat.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows UsrClass.dat Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! UsrClass.dat.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Program Files\CASIO\Photo Loader\Image Library\20051115 WARNING! Access error/file locked! Access denied! Error during file opening! Error code: 0x0002 C:\Program Files\CASIO\Photo Loader\Image Library\20051115\PREVIEW WARNING! Access error/file locked! C:\Program Files\WinRAR rarnew.dat ArchiveType: RAR NOTE! The archive is created by multiple volumes C:\Program Files\Yahoo!\YPSR\Quarantine 20051125173356.zip ArchiveType: ZIP NOTE! The whole archive is password protected Error! Could not change directory: System Volume Information C:\WINDOWS kl.exe [DETECTION] Is the Trojan horse TR/Spy.Small.DG.8 WAS DELETED! secure32.html [DETECTION] Contains signature of the SPR/Hoax.Renos.Y program WAS DELETED! C:\WINDOWS\system32\config default Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! default.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SAM Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SAM.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SECURITY Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SECURITY.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! software Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! software.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! system Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! system.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! Error! Could not change directory: System Volume Information Access denied! Error during file opening! Error code: 0x0002 E:\emule dl\Incoming WARNING! Access error/file locked! Error! Could not change directory: System Volume Information End of scan: samedi 4 février 2006 02:40 Time taken: 222:46 min 2920 directories were scanned 94167 files were scanned 69 warning messages were issued 5 files were deleted 0 files were repaired 5 detections Et now mon log hijackthis Logfile of HijackThis v1.99.1 Scan saved at 09:27:19, on 04/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Norman\bin\ZLH.EXE C:\WINDOWS\system32\LVComS.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\WINDOWS\system32\ctfmon.exe C:\Norman\bin\ZANDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\NORMAN\Nvc\BIN\nvcoas.exe C:\NORMAN\Nvc\BIN\NVCSCHED.EXE C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\farid\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [soundMan] soundman.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVComS.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program Files\Yahoo!\YPSR\ppclean.exe" "clean" "cws" "2" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127496890003 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Merci par avance a ceux qui vont ou on jeter un coup d oeil pour m aider -
Bonjour a tous et tout d abord merci de prendre le temps de me lire et regarder mon rapport Voici mon soucis j ai ete infecté par par un virus il a quelque temps et depuis je trouve que mon ordi rame un peu sans avoir specialement de nouveauté Voici donc mon rappport sachant que j ai un spyware nommé opistat que je desire garder car grace a lui j ai un anti virus pas trop mal legalement gratuit Je suis preneur de tout ce qui peu optimiser et securisé mon pc Merci encore j ai win xp sp2 maj Logfile of HijackThis v1.99.1 Scan saved at 16:48:06, on 03/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Norman\bin\ZLH.EXE C:\WINDOWS\system32\LVComS.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\WINDOWS\system32\ctfmon.exe C:\Norman\bin\ZANDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\NORMAN\Nvc\BIN\NVCSCHED.EXE C:\Norman\bin\NJEEVES.EXE C:\NORMAN\Nvc\BIN\nvcoas.exe C:\Norman\Nvc\bin\cclaw.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\farid\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [soundMan] soundman.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVComS.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program Files\Yahoo!\YPSR\ppclean.exe" "clean" "cws" "2" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127496890003 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe