Aller au contenu

kittyjolie

Membres
  • Compteur de contenus

    3
  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    francais, anglais, mandarin, khmer, hokkien

kittyjolie's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. smitfraudfix : SmitFraudFix v2.105 Rapport fait à 22:33:23,10, 05/10/2006 Executé à partir de C:\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\gimmygames.dat supprimé »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 23:29:44, on 05/10/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00013.exe" O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2EB9B0E8-AC5A-423D-9F55-1E4F050ADCAD} - C:\WINDOWS\System32\qomji.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\ssqnlml.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\System32\nreplofw.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NI.UWA6PV_0001_N91M2107] "C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe" -nag O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Global Startup: Spybot - Search & Destroy.lnk = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe O4 - Global Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O15 - Trusted Zone: http://locator.cdn.imageservr.com O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: O20 - Winlogon Notify: qomji - C:\WINDOWS\System32\qomji.dll (file missing) O20 - Winlogon Notify: ssqnlml - ssqnlml.dll (file missing) O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: HAL Security Control (HALSC) - Unknown owner - C:\WINDOWS\system32\hal.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing) O23 - Service: Microsoft Windows Protection (Windows Protection Service) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing) AVG anty spyware : --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 23:17:38 05/10/2006 + Résultat de l'analyse: HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Ignoré. C:\WINDOWS\Downloaded Program Files\CnsInst.dll/CnsMin.dll -> Adware.Cdn : Ignoré. HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Ignoré. HKLM\SOFTWARE\ClickSpring -> Adware.PurityScan : Ignoré. C:\WINDOWS\system32\byxxvtq.dll -> Adware.Virtumonde : Ignoré. C:\WINDOWS\system32\hgggedd.dll -> Adware.Virtumonde : Ignoré. C:\WINDOWS\system32\iifdawv.dll -> Adware.Virtumonde : Ignoré. C:\WINDOWS\system32\qomji.dll -> Adware.Virtumonde : Ignoré. C:\WINDOWS\system32\ssqnlml.dll -> Adware.Virtumonde : Ignoré. C:\WINDOWS\system32\vtutrpo.dll -> Adware.Virtumonde : Ignoré. [224] C:\WINDOWS\system32\ssqnlml.dll -> Adware.Virtumonde : Ignoré. [724] C:\WINDOWS\System32\ssqnlml.dll -> Adware.Virtumonde : Ignoré. C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignoré. :mozilla.20:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré. :mozilla.21:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré. :mozilla.22:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré. :mozilla.23:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré. :mozilla.157:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.2o7 : Ignoré. :mozilla.24:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.2o7 : Ignoré. :mozilla.25:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.2o7 : Ignoré. :mozilla.26:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.2o7 : Ignoré. :mozilla.68:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.2o7 : Ignoré. :mozilla.29:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Adbrite : Ignoré. :mozilla.30:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Adbrite : Ignoré. :mozilla.288:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Adjuggler : Ignoré. :mozilla.289:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Adjuggler : Ignoré. :mozilla.290:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Adjuggler : Ignoré. :mozilla.32:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Adtech : Ignoré. :mozilla.33:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Adtech : Ignoré. :mozilla.248:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Bridgetrack : Ignoré. :mozilla.249:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Bridgetrack : Ignoré. :mozilla.57:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Casalemedia : Ignoré. :mozilla.285:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Casinotropez : Ignoré. :mozilla.69:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Com : Ignoré. :mozilla.266:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Comclick : Ignoré. :mozilla.267:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Comclick : Ignoré. :mozilla.268:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Comclick : Ignoré. :mozilla.86:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Estat : Ignoré. :mozilla.46:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Falkag : Ignoré. :mozilla.292:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Liveperson : Ignoré. :mozilla.293:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Liveperson : Ignoré. :mozilla.294:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Liveperson : Ignoré. :mozilla.296:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Onestat : Ignoré. :mozilla.297:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Onestat : Ignoré. :mozilla.298:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Onestat : Ignoré. :mozilla.299:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Reliablestats : Ignoré. :mozilla.300:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Reliablestats : Ignoré. :mozilla.301:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Reliablestats : Ignoré. :mozilla.302:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Reliablestats : Ignoré. :mozilla.303:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Reliablestats : Ignoré. :mozilla.181:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Revenue : Ignoré. :mozilla.188:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré. :mozilla.189:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré. :mozilla.190:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré. :mozilla.191:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré. :mozilla.270:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Sitestat : Ignoré. :mozilla.271:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Sitestat : Ignoré. :mozilla.272:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Sitestat : Ignoré. :mozilla.16:C:\Documents and Settings\vbun\Application Data\Mozilla\Firefox\Profiles\900xg376.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré. :mozilla.342:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré. :mozilla.343:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré. :mozilla.344:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré. :mozilla.201:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Tacoda : Ignoré. :mozilla.202:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Tacoda : Ignoré. :mozilla.204:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré. :mozilla.205:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré. :mozilla.206:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré. :mozilla.207:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré. :mozilla.208:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré. :mozilla.209:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré. :mozilla.211:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignoré. :mozilla.12:C:\Documents and Settings\Puccachu\Application Data\Mozilla\Firefox\Profiles\o2qj3ibz.default\cookies.txt -> TrackingCookie.Weborama : Ignoré. :mozilla.213:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Weborama : Ignoré. :mozilla.6:C:\Documents and Settings\Puccachu\Application Data\Mozilla\Firefox\Profiles\o2qj3ibz.default\cookies.txt -> TrackingCookie.Webtrendslive : Ignoré. :mozilla.232:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré. :mozilla.233:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré. :mozilla.226:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Zedo : Ignoré. :mozilla.227:C:\Documents and Settings\bibouille\Application Data\Mozilla\Firefox\Profiles\9fdu9bf7.default\cookies.txt -> TrackingCookie.Zedo : Ignoré. Fin du rapport
  2. SmitFraudFix v2.105 Rapport fait à 22:22:02,89, 05/10/2006 Executé à partir de C:\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\gimmygames.dat PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\bibouille »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\bibouille\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  3. Logfile of HijackThis v1.99.1 Scan saved at 21:05:06, on 05/10/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\taskmgr.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00013.exe" O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [defender] C:\\dfndrad_5.exe O4 - HKLM\..\Run: [keyboard] C:\\kybrdad_5.exe O4 - HKLM\..\Run: [NI.UWA6PV_0001_N91M2107] "C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe" -nag O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Global Startup: Spybot - Search & Destroy.lnk = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe O4 - Global Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O15 - Trusted Zone: http://locator.cdn.imageservr.com O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: HAL Security Control (HALSC) - Unknown owner - C:\WINDOWS\system32\hal.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing) O23 - Service: Microsoft Windows Protection (Windows Protection Service) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing) antivir : AntiVir PersonalEdition Classic Report file date: jeudi 5 octobre 2006 18:49 Scanning for 522072 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 1) [5.1.2600] Username: bibouille Computer name: ROSE Version information: AVSCAN.EXE : 7.0.0.47 200744 15/09/2006 12:34:21 AVSCAN.DLL : 7.0.0.45 41000 15/09/2006 12:34:21 LUKE.DLL : 7.0.0.47 118824 15/09/2006 12:34:21 LUKERES.DLL : 7.0.0.47 9256 15/09/2006 12:34:21 ANTIVIR0.VDF : 6.35.0.1 7371264 31/05/2006 10:21:48 ANTIVIR1.VDF : 6.36.0.89 1745920 02/10/2006 16:32:43 ANTIVIR2.VDF : 6.36.0.90 2048 02/10/2006 16:32:43 ANTIVIR3.VDF : 6.36.0.95 54784 05/10/2006 16:37:40 AVEWIN32.DLL : 7.2.0.25 1860096 05/10/2006 16:37:40 AVPREF.DLL : 7.0.0.2 23592 15/09/2006 12:34:21 AVREP.DLL : 6.36.0.79 843816 05/10/2006 16:37:40 AVRPBASE.DLL : 7.0.0.0 2162728 06/05/2006 16:58:21 AVPACK32.DLL : 7.2.0.0 368680 15/09/2006 12:34:22 AVREG.DLL : 6.31.0.90 27688 28/07/2005 10:06:36 NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:50 NETNW.DLL : 7.0.0.0 9768 15/09/2006 12:34:21 RCIMAGE.DLL : 7.0.0.74 1642536 15/09/2006 12:34:07 RCTEXT.DLL : 7.0.1.4 77864 27/09/2006 18:58:13 Configuration settings for the scan: Jobname.......................: Local Drives Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp Boot sectors..................: C,E,G,A,D Scan memory...................: 1 Process scan..................: 1 Scan all files................: 1 Scan archives.................: 1 Recursion depth...............: 20 Smart extensions..............: 1 Macro heuristic...............: 1 File heuristic................: 3 Primary action................: 1 Secondary action..............: 0 Start of the scan: jeudi 5 octobre 2006 18:49 The scan of running processes will be started 4 Processes were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Boot sector 'G:\' [NOTE] No virus was found! Boot sector 'A:\' [NOTE] In the drive 'A:\' no data medium is inserted! Starting to scan the registry. C:\Program Files\Sygate\SPF\smc.exe [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was deleted! C:\Program Files\Sygate\SPF\smc.exe [DETECTION] Contains suspicious code HEUR/Malware C:\WINDOWS\system32\LVCOMSX.EXE [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '45683810.qua'! C:\WINDOWS\system32\LVCOMSX.EXE [DETECTION] Contains suspicious code HEUR/Malware C:\Program Files\Logitech\Video\ISStart.exe [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '45783810.qua'! C:\Program Files\Logitech\Video\ISStart.exe [DETECTION] Contains suspicious code HEUR/Malware C:\Program Files\Logitech\Video\LogiTray.exe [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '458c382d.qua'! C:\Program Files\Logitech\Video\LogiTray.exe [DETECTION] Contains suspicious code HEUR/Malware C:\Program Files\MessengerPlus! 3\MsgPlus.exe [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '458c3832.qua'! C:\Program Files\MessengerPlus! 3\MsgPlus.exe [DETECTION] Contains suspicious code HEUR/Malware C:\Program Files\QuickTime\qttask.exe [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '45993837.qua'! C:\Program Files\QuickTime\qttask.exe [DETECTION] Contains suspicious code HEUR/Malware C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '459f3835.qua'! C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [DETECTION] Contains suspicious code HEUR/Malware The registry was scanned ( 17 files ). Starting the file scan: C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\QuickTime\Installer.log [WARNING] The file could not be opened! C:\Documents and Settings\bibouille\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\bibouille\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\bibouille\Bureau\Hive_Bejeweled_2_Deluxe_Cracked_exe.zip [0] Archive type: ZIP --> bejeweled2.exe [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was deleted! C:\Documents and Settings\bibouille\Bureau\Hive_Bejeweled_2_Deluxe_Cracked_exe\bejeweled2.exe [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was deleted! C:\Documents and Settings\bibouille\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\bibouille\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\WINDOWS\LastGood\System32\ctfmon.exe [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was deleted! C:\WINDOWS\system32\caumrjsy.exe [DETECTION] Contains signature of the SPR/Dldr.WinFixer.I.101 program [iNFO] The file was deleted! C:\WINDOWS\system32\luvlenuc.exe [DETECTION] Contains signature of the SPR/Dldr.WinFixer.I.101 program [iNFO] The file was deleted! C:\WINDOWS\system32\nreplofw.dll [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was deleted! C:\WINDOWS\system32\TFTP2708 [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/MEW). Please verify the origin of the file [iNFO] The file was deleted! C:\WINDOWS\system32\TFTP808 [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/MEW). Please verify the origin of the file [iNFO] The file was deleted! C:\WINDOWS\system32\uanpalmv.exe [DETECTION] Contains signature of the SPR/Dldr.WinFixer.I.102 program [iNFO] The file was deleted! C:\WINDOWS\system32\yqmtfudw.dll [DETECTION] Is the Trojan horse TR/Spy.VBStat.E.1 [iNFO] The file was deleted! C:\WINDOWS\system32\config\default [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! C:\WINDOWS\Temp\Altnet\dmfiles.cab [0] Archive type: CAB (Microsoft) --> asmend.exe [DETECTION] Contains signature of the SPR/Altnet program [iNFO] The file was deleted! The path A:\ could not be found! Le périphérique n'est pas prêt. The path D:\ could not be found! Le périphérique n'est pas prêt. End of the scan: jeudi 5 octobre 2006 21:02 Used time: 2:13:22 min The scan has been done completely. 2892 Scanning directories 344175 Files were scanned 18 viruses and/or unwanted programs were found 12 files were deleted 0 files were repaired 6 files were moved to quarantine 0 files were renamed 1463 Archives were scanned 17 Warnings 0 Notes
×
×
  • Créer...