antibugmanager

voilou SmitFraudFix v2.42 Scan done at 17:39:43.00, Thu 11/05/2006 Run from C:\SmitfraudFix OS: Microsoft Windows 2000 [Version 5.00.2195] »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32 C:\WINNT\system32\AdService.dll FOUND ! C:\WINNT\system32\dfrgsrv.exe FOUND ! C:\WINNT\system32\ld????.tmp FOUND ! C:\WINNT\system32\ncompat.tlb FOUND ! C:\WINNT\system32\ot.ico FOUND ! C:\WINNT\system32\ts.ico FOUND ! C:\WINNT\system32\1024\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sarah Holford\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SARAHH~1\FAVORI~1 C:\DOCUME~1\SARAHH~1\FAVORI~1\Antivirus Test Online.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}"="Prestige Software" [HKEY_CLASSES_ROOT\CLSID\{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}\InProcServer32] @="C:\WINNT\system32\ginuerep.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}\InProcServer32] @="C:\WINNT\system32\ginuerep.dll" »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

Merci de l'info je pensais ke antivir + Hijackthis était exhaustif mais c vrai que jai l'habitude de passer un coup d'adaware en plus et voici le rapport de panda : Incident Statut Analyse Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Sarah Holford\Application Data\Mozilla\Profiles\default\wocosb0n.slt\cookies.txt[.xiti.com/] Spyware:Cookie/Atwola No Désinfecté C:\Documents and Settings\Sarah Holford\Application Data\Mozilla\Profiles\default\wocosb0n.slt\cookies.txt[.atwola.com/] Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Sarah Holford\Application Data\Mozilla\Profiles\default\wocosb0n.slt\cookies.txt[.bluestreak.com/] Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Sarah Holford\Cookies\sarah holford@advertising[2].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Sarah Holford\Cookies\sarah holford@xiti[1].txt Adware:adware/securityerror No Désinfecté C:\Documents and Settings\Sarah Holford\Favorites\Antivirus Test Online.url Adware:Adware/Adservice No Désinfecté C:\WINNT\system32\AdService.dll Adware:Adware/SecurityError No Désinfecté C:\WINNT\system32\dfrgsrv.exe Adware:Adware/SecurityError No Désinfecté C:\WINNT\system32\ldA653.tmp PS : bon je vois bien que tout est en ordre si Hijackthis voit rien je trouve ca bizarre : bon la personne m'a dit qu'elle n'arrivait pas a supprimer un virus détecté mais on en détect plus aucun. Mis à part cela le System Idle process oscille entre 45 et 80% de charge CPU ce qui est bizard alors que rien ne tourne derriere et la commande msconfig ne marche pas..... Derniere précision c'est un Windows 2000 et en plus de la charge CPU la RAM est prise à 216 / 236 Mo sans rien faire vu que l'ordi n'est pas un avion ca lui fait mal d'avoir des caract de base comme celle ci j'ai rarement utilisé win2000 mais ca me parait excessif pour la ram (on dirais WinXP) et le CPU est encore plus inquietant : les vilain qui embete le CPU sont : -services.exe -System -wlancfg4 Des idées de début de solutions par hasard ?

oki cool ben le scan online ca ram sa race qd meme lol mais pour l'instant i la detecté 6 logiciel espion mais bon .... ca ve pas dire grd chose je post des ke c fini Mais dit moi pourkoi ce truc online tu pense ke c mieux ke antivir ? d'apré les test je métais laissé croire ke antivir etait assez performant et apre lavoir passé en mode sans echec je pensais que ca aller. Faut dire ke derriere la meuf avé deja pass un adaware un spybot et un anti trojan et Mc Caffe lol

Voila apres 5minutes de galere sur ce vieu PC ou la fallu pour je ne sais quelle rqison que je rentre ladresse ip en dur .....alors que jai numericable..... enfin voila le rapport demande : Logfile of HijackThis v1.99.1 Scan saved at 15:38:25, on 11/05/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\ati2evxx.exe C:\WINNT\system32\CAPRPCSK.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\PROGRA~1\Compaq\COMPAQ~1\hibserv.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\EXCLI32.EXE C:\WINNT\Explorer.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINNT\system32\Atiptaxx.exe C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe C:\Program Files\QuickTime\qttask.exe C:\WINNT\system32\internat.exe C:\Program Files\a-squared\a2guard.exe C:\Hijackthis\HijackThis.exe C:\WINNT\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\WINNT\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = F2 - REG:system.ini: UserInit=EXCLI32.EXE,C:\WINNT\system32\userinit.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [CAPON] C:\WINNT\system32\Spool\Drivers\w32x86\3\CAPONN.EXE O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe" O4 - Global Startup: Canon LBP-800 Status Window.LNK = C:\WINNT\system32\spool\drivers\w32x86\3\CAPPSWK.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx O20 - Winlogon Notify: ckpNotify - C:\WINNT\SYSTEM32\ckpNotify.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\ati2evxx.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~1\hibserv.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: NetOp Helper ver. 7.50 (2002289) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe PS : je fait le scan online tt de suite

oki je connecte le PC en question sur internet et je fais ca merci. PS: sorry c vrai que c'est bête d'avoir fait le scan en mode sans chec lol j'y avais pas pensé...... C'est ca le multitache version humanoide c moins performant

Bonjour, Voici ci-dessous un rapport Hijackthis d'un compaq ARMADA M700. J'ai au préalable installé et configuré antivir pour un scan en mode sans echec. Ensuite aprés avoir désinstallé antivir j'ai effectuer le scan Hijackthis. Merci d'avance pour vos éclaircicement au vu de ce rapport(jai essayé de comparer avec les bases de données online mais pour un non aguerri le travail est fastidieux) Logfile of HijackThis v1.99.1 Scan saved at 14:11:29, on 11/05/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\Hijackthis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = F2 - REG:system.ini: UserInit=EXCLI32.EXE,C:\WINNT\system32\userinit.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [CAPON] C:\WINNT\system32\Spool\Drivers\w32x86\3\CAPONN.EXE O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe" O4 - Global Startup: Canon LBP-800 Status Window.LNK = C:\WINNT\system32\spool\drivers\w32x86\3\CAPPSWK.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx O20 - Winlogon Notify: ckpNotify - C:\WINNT\SYSTEM32\ckpNotify.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\ati2evxx.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~1\hibserv.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: NetOp Helper ver. 7.50 (2002289) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe Merci de répondre au plus vite j'ai un délai à respecter et pas le droit de formater