Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

trojan

coincoinzecanard
 Partager

Messages recommandés

coincoinzecanard Member

coincoinzecanard

Posté(e)
  • Auteur
Posté(e)

Re, :P

Voila j'ai fais ce que tu m'a demandé:

 

superutilbar et

²Æ¸»Í¨ n'etaient pas present dans ajouter/suppr de prgm

 

je n'ai pas trouvé C:\WINDOWS\system32\ atsldr.dll<== le fichier

 

J'ai bien rennomer C:\WINDOWS\System32\drivers\ttp.exe en .old (cependant il s'appelait ttp.exe~, juste un detail comme je sais pas ce que signfie ~ alors je l'ai enlevé)

 

Voici les rapports AVG et Hijackthis

 

PS: à la fin de la proccedure de nettoyage précise moi les programme que je doit garder ce que je dois desinstaller, les réglages que je doit reinitialiser.

 

---------------------------------------------------------

AVG Anti-Spyware - Rapport d'analyse

---------------------------------------------------------

 

+ Créé à: 13:29:46 18/02/2007

 

+ Résultat de l'analyse:

 

 

 

C:\System Volume Information\_restore{CE96B181-23B0-4810-8526-E2884235E148}\RP251\A0308955.dll -> Adware.Maxifiles : Nettoyé.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3M4OUKC4\122[1].net -> Adware.Softomate : Nettoyé.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\HTPG0PE3\130[1].net -> Adware.Softomate : Nettoyé.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\RATIXW9Y\131[1].net -> Adware.Softomate : Nettoyé.

C:\System Volume Information\_restore{CE96B181-23B0-4810-8526-E2884235E148}\RP251\A0308782.dll -> Adware.Softomate : Nettoyé.

C:\System Volume Information\_restore{CE96B181-23B0-4810-8526-E2884235E148}\RP251\A0308777.DLL -> Backdoor.Agent.ahj : Nettoyé.

C:\System Volume Information\_restore{CE96B181-23B0-4810-8526-E2884235E148}\RP251\A0308796.EXE -> Backdoor.Agent.ahj : Nettoyé.

C:\Program Files\Fichiers communs\{5433AEA7-07DA-1036-0708-050923050021}\Update.exe -> Downloader.Agent : Nettoyé.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\RATIXW9Y\auto18[1].exe -> Downloader.Agent.bgg : Nettoyé.

C:\System Volume Information\_restore{CE96B181-23B0-4810-8526-E2884235E148}\RP251\A0308798.exe -> Downloader.Agent.bgg : Nettoyé.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3M4OUKC4\stat[1].htm -> Downloader.AQM : Nettoyé.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\HTPG0PE3\stat[1].htm -> Downloader.AQM : Nettoyé.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3M4OUKC4\1976[1].htm -> Downloader.IstBar.ai : Nettoyé.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\DT7C2FSX\popup_code[1].php -> Downloader.IstBar.ai : Nettoyé.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\E3MY35SC\popup_code[3].php -> Downloader.IstBar.ai : Nettoyé.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\HTPG0PE3\1976[1].htm -> Downloader.IstBar.ai : Nettoyé.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\RATIXW9Y\1976[1].htm -> Downloader.IstBar.ai : Nettoyé.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\RATIXW9Y\popup_code[1].php -> Downloader.IstBar.ai : Nettoyé.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\WDGNCK17\popup_code[1].php -> Downloader.IstBar.ai : Nettoyé.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\WDGNCK17\popup_code[3].php -> Downloader.IstBar.ai : Nettoyé.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\YQIMAB7S\popupjs[1].htm -> Downloader.IstBar.ai : Nettoyé.

C:\System Volume Information\_restore{CE96B181-23B0-4810-8526-E2884235E148}\RP251\A0308795.exe -> Downloader.Small.ecr : Nettoyé.

C:\WINDOWS\system32\drivers\Reg.exe -> Downloader.Zlob : Nettoyé.

C:\System Volume Information\_restore{CE96B181-23B0-4810-8526-E2884235E148}\RP251\A0308799.dll -> Logger.Agent.pn : Nettoyé.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\YQIMAB7S\obrmuab[1].txt -> Proxy.Dlena.ca : Nettoyé.

C:\System Volume Information\_restore{CE96B181-23B0-4810-8526-E2884235E148}\RP251\A0308783.dll -> Proxy.Dlena.ca : Nettoyé.

:mozilla.130:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.

:mozilla.131:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.

:mozilla.132:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.

:mozilla.133:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.

:mozilla.118:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.134:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.135:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.136:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.137:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.138:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.139:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.140:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.141:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.142:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.143:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.144:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.145:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.146:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.147:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.148:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.149:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.150:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.151:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.152:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.153:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.734:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

C:\Documents and Settings\Administrateur\Cookies\administrateur@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.177:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.

:mozilla.178:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.

:mozilla.179:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.

:mozilla.180:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.

:mozilla.98:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.

:mozilla.99:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.

:mozilla.10:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.

:mozilla.19:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.

:mozilla.8:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.

:mozilla.9:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.

:mozilla.54:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.

:mozilla.102:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.

:mozilla.897:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Clickhype : Nettoyé.

:mozilla.373:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé.

:mozilla.374:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé.

:mozilla.304:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Com : Nettoyé.

:mozilla.911:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.

:mozilla.912:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.

:mozilla.913:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.

C:\Documents and Settings\Administrateur\Cookies\administrateur@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.

:mozilla.439:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.

:mozilla.233:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.

:mozilla.936:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.

:mozilla.915:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Masterstats : Nettoyé.

:mozilla.725:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.

:mozilla.726:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.

:mozilla.741:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.

:mozilla.737:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Paycounter : Nettoyé.

:mozilla.185:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.

:mozilla.186:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.

:mozilla.187:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.

:mozilla.188:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.

C:\Documents and Settings\Administrateur\Cookies\administrateur@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.

:mozilla.764:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.

:mozilla.765:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.

:mozilla.265:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.792:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.793:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.794:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.795:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.796:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

C:\Documents and Settings\Administrateur\Cookies\administrateur@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.

C:\Documents and Settings\Administrateur\Cookies\administrateur@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.319:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.320:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.321:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.322:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.323:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.324:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.325:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.326:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.327:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.328:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.329:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.330:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.331:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.332:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.333:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.334:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.335:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.336:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.337:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.338:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.339:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.340:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.341:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.342:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.343:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.344:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.345:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.346:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.347:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.348:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.349:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.350:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.351:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.352:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.353:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.354:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.355:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.356:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.357:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.358:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.359:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.360:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.361:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.362:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.363:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.364:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.365:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.366:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.367:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.368:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.

:mozilla.112:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.

:mozilla.113:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.

:mozilla.114:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.

:mozilla.115:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.

:mozilla.116:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.

C:\Documents and Settings\Administrateur\Cookies\administrateur@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.

:mozilla.820:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.

:mozilla.821:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.

:mozilla.822:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.

:mozilla.47:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.

:mozilla.48:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.

:mozilla.829:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Trafic : Nettoyé.

:mozilla.836:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.

:mozilla.860:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.

:mozilla.861:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.

:mozilla.862:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.

C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.

:mozilla.893:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

:mozilla.894:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

:mozilla.895:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

:mozilla.896:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rwnlhfjo.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

C:\Documents and Settings\Administrateur\Mes documents\Downloads\daemon.exe -> Trojan.Small : Nettoyé.

 

 

Fin du rapport

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:35:43, on 18/02/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\PROGRA~1\Wanadoo\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"

O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163844207998

O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecampus.com/bin/tol9inst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C6EE6C3D-0CFB-4741-AB6B-1B8527FC1F57}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{E06A1A5B-A948-470E-A1E9-F86AB276C340}: NameServer = 192.168.0.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: cryptimg - C:\WINDOWS\SYSTEM32\cryptimg.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Gateway\wlancfg.exe (file missing)

 

 

@+ :P

bruce lee Devil Member !

bruce lee

Posté(e)
Posté(e)

Bonjour coincoinzecanard,

 

Avec hijackthis, as tu bien cocher et fixer cette ligne:

 

O20 - Winlogon Notify: cryptimg - C:\WINDOWS\SYSTEM32\cryptimg.dll

 

Veirife si ce fichier cryptimg.dll est encore présent sur ton disque dur s'il te plait et dis moi ce qu'il en est.

coincoinzecanard Member

coincoinzecanard

Posté(e)
  • Auteur
Posté(e)

J'ai redemaré en mode ss echec, j'ai lancé Hijackthis j'ai coché la case qui pose problème.

 

J'ai ensuite fais Fix checked sans succès.

 

Le fichier se trouve toujours à son emplacement initial C:\WINDOWS\SYSTEM32\cryptimg.dll :P

bruce lee Devil Member !

bruce lee

Posté(e)
Posté(e)

re,

 

avec hijackthis coche et fixe la ligne puis supprime le fichier (le tout en mode sans echec)

 

redemarre en mode normal et poste un nouveau rapport hijackthis puis dis moi si tu as réussi a supprimer le fichier.

coincoinzecanard Member

coincoinzecanard

Posté(e)
  • Auteur
Posté(e)

Voila j'ai fais la manip mais ce fichier a l'air corriace !!!

 

Logfile of HijackThis v1.99.1

Scan saved at 16:24:29, on 18/02/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\PROGRA~1\Wanadoo\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Wanadoo\Watch.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"

O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163844207998

O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecampus.com/bin/tol9inst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C6EE6C3D-0CFB-4741-AB6B-1B8527FC1F57}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{E06A1A5B-A948-470E-A1E9-F86AB276C340}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{EEDC4E66-A8D1-4630-8645-60331563AD7D}: NameServer = 80.10.246.130 80.10.246.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: cryptimg - C:\WINDOWS\SYSTEM32\cryptimg.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Gateway\wlancfg.exe (file missing)

bruce lee Devil Member !

bruce lee

Posté(e)
Posté(e)

re,

 

-Télécharge la dernière version de Killbox ici=>

 

http://www.killbox.net/downloads/KillBox.exe

 

-Redémarre en mode sans échec pour ne pas être gêné par un résident.

 

 

lance hijackthis en cliquant sur do a scan system only et coche cette ligne:

 

O20 - Winlogon Notify: cryptimg - C:\WINDOWS\SYSTEM32\cryptimg.dll

 

Ferme toutes les fenêtres ouvertes sauf Hijackthis et clique sur fix checked

 

 

-Lance Pocketkillbox,choisis l'option Delete on reboot

 

Copie le chemin de fichier entier, en gras ci-bas, et colle le dans la boîte Full Path of File to Delete :

 

C:\WINDOWS\SYSTEM32\cryptimg.dll

 

coche ensuite la case devant Unregister .dll Before Deleting

 

-Cliquer sur la croix blanche sur fond rouge:

 

« File will be Deleted on Next Reboot » répondre OUI

« File will be Removed on Reboot, Do you want to reboot now ? » répondre OUI

 

Si le message "PendingFileRenameOperations Registry Data has been removed by external process!" s'affiche et que l'ordinateur ne redémarre pas, redémarre le manuellement

 

rend toi ici: C:\!KillBox\logs

 

ouvre le dossier logs puis ouvre le fichier texte qui s'y trouve et fait un copier coller de tout son contenu.

 

Poste un nouveau rapport hijackthis.

coincoinzecanard Member

coincoinzecanard

Posté(e)
  • Auteur
Posté(e)

Voila le rapport killbox et le rapport Hijackthis :

 

Pocket Killbox version 2.0.0.881

Running on Windows XP as Administrateur(Administrator)

was started @ dimanche, février 18, 2007, 4:39 PM

 

Killbox Closed(Exit) @ 4:39:05 PM

__________________________________________________

 

Pocket Killbox version 2.0.0.881

Running on Windows XP as Administrateur(Administrator)

was started @ dimanche, février 18, 2007, 4:41 PM

 

# 1 [Delete on Reboot]

Path = C:\WINDOWS\system32\cryptimg.dll

 

 

I Rebooted @ 4:49:00 PM

Killbox Closed(Exit) @ 4:49:00 PM

__________________________________________________

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 16:59:03, on 18/02/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\PROGRA~1\Wanadoo\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\Watch.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"

O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163844207998

O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecampus.com/bin/tol9inst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C6EE6C3D-0CFB-4741-AB6B-1B8527FC1F57}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{E06A1A5B-A948-470E-A1E9-F86AB276C340}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{EEDC4E66-A8D1-4630-8645-60331563AD7D}: NameServer = 80.10.246.130 80.10.246.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)

O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Gateway\wlancfg.exe (file missing)

 

 

petite parenthèse jai ce message d'erreur qui s'affiche au démarage du pc

 

j'arrive pas à inserer l'image du coup jecrit le message:

 

RUNDLL

 

(croix blanche sur fond rouge) Erreur de chargement de C:\WINDOWS\system32\uvgj_i.dll

 

Le module spécifié est introuvable

bruce lee Devil Member !

bruce lee

Posté(e)
Posté(e)

re,

 

Avec hijackthis, coche et fixe cette ligne:

 

O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)

 

Reposte ensuite un nouveau rapport hijackthis.

 

RUNDLL

 

(croix blanche sur fond rouge) Erreur de chargement de C:\WINDOWS\system32\uvgj_i.dll

 

 

Menu Demarrer,rechercher,clique sur tous les fichiers et tout les dossiers, clique sur les deux petites fleches a cotes de options avancées

et coche rechercher dans les fichiers et dossiers cachés.

 

recherche (demarrer/rechercher) ce fichier:

 

uvgj_i.dll

 

Si tu le trouves dit le moi.

 

1/telecharge silent runners http://www.silentrunners.org/Silent%20Runners.vbs

(fait clique droit sur le lien, puis enregistrer la cible sous)

 

2/déconnecte toi du net et ferme toutes les applications en cours.

 

3/lance silent runners laisse le travailler quand il aura finit de scanner tu en sauras averti par un message et un nouveau fichier texte sera crée ouvre ce fichier texte et colle la totalité du rapport.

coincoinzecanard Member

coincoinzecanard

Posté(e)
  • Auteur
Posté(e)

Re

 

Voila le rapport Hijackthis ainsi que le rapport silent runner.

 

GL :P

 

 

Logfile of HijackThis v1.99.1

Scan saved at 18:51:18, on 18/02/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\PROGRA~1\Wanadoo\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\Watch.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"

O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163844207998

O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecampus.com/bin/tol9inst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C6EE6C3D-0CFB-4741-AB6B-1B8527FC1F57}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{E06A1A5B-A948-470E-A1E9-F86AB276C340}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{EEDC4E66-A8D1-4630-8645-60331563AD7D}: NameServer = 80.10.246.130 80.10.246.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)

O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Gateway\wlancfg.exe (file missing)

 

 

 

 

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]

"WOOKIT" = "C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=" [empty string]

"Steam" = ""c:\program files\valve\steam\steam.exe" -silent" ["Valve Corporation"]

"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]

"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]

"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]

"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON"]

"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]

"WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" ["France Télécom R&D"]

"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

"NeroFilterCheck" = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" ["Nero AG"]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]

"amd_dc_opt" = ""C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"" [null data]

"kav" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"" ["Kaspersky Lab"]

"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]

 

HKLM\Software\Microsoft\Active Setup\Installed Components\

{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)

\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Alcohol Toolbar Helper"

\InProcServer32\(Default) = "C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll" [null data]

{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = (no title provided)

-> {HKLM...CLSID} = "ST"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll" [MS]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)

-> {HKLM...CLSID} = "MSNToolBandBHO"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll" [MS]

{FFFFFEF0-5B30-21D4-945D-000000000000}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\STARDO~1\SDIEInt.dll" [null data]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"

-> {HKLM...CLSID} = "SimpleShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Mes dossiers de partage"

\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus"

-> {HKLM...CLSID} = "Web Anti-Virus"

\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

<<!>> cryptimg\DLLName = "cryptimg.dll" [file not found]

<<!>> klogon\DLLName = "C:\WINDOWS\System32\klogon.dll" ["Kaspersky Lab"]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "%APPDATA%\Mozilla\Firefox\Fond d'écran.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Fond d'écran.bmp"

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

 

 

Enabled Scheduled Tasks:

------------------------

 

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 26

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"

-> {HKLM...CLSID} = "MSN"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll" [MS]

"{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}"

-> {HKLM...CLSID} = "Alcohol Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll" [null data]

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"

-> {HKLM...CLSID} = "MSN"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll" [MS]

"{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}" = "Alcohol Toolbar"

-> {HKLM...CLSID} = "Alcohol Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll" [null data]

 

Explorer Bars

 

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

 

HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]

 

HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]

 

HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]

 

HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Web Anti-Virus"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKCU\Software\Microsoft\Internet Explorer\Extensions\

{1462651F-F4BA-4C76-A001-C4284D0FE16E}\

"ButtonText" = "Wanadoo"

"Exec" = "http://www.wanadoo.fr" [file not found]

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Console Java (Sun)"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

 

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\

"ButtonText" = "Web Anti-Virus"

 

 

Miscellaneous IE Hijack Points

------------------------------

 

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

 

Added lines (compared with English-language version):

[strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

 

Missing lines (compared with English-language version):

[strings]: 1 line

 

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)

-> {HKLM...CLSID} = "Search Class"

\InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]

iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]

Kaspersky Anti-Virus 6.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r" ["Kaspersky Lab"]

LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]

Service Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\System32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}

StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

 

 

----------

<<!>>: Suspicious data at a malware launch point.

<<H>>: Suspicious data at a browser hijack point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 1056 seconds, including 8 seconds for message boxes)

bruce lee Devil Member !

bruce lee

Posté(e)
Posté(e)

Re,

 

tu ne m'as pas dit, en faisant la recherche sur le fichier l'as tu trouvé?

 

En mode sans echec coche et fixe cette ligne avec hijackthis:

 

O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)

 

 

Redemarre en mode normal et poste un nouveau log hijackthis

 

@+

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...