Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Analyse hijackthis S.V.P

shernice

Par shernice
dans Analyses et éradication malwares

 Partager

Messages recommandés

shernice Junior Member

shernice

Posté(e)
Posté(e)

Bonjour

Mon PC est infecte depuis quelques jours.

j'ai essaye plusieurs anti virus mais des dossiers infectes reviennent a chaque fois

voici le hijackthis fait apres un scan avec Antivir en safe mode comme indique sur le sticky de Megataupe.

il y a t'il quelque chose a faire? Merci

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:15:18 PM, on 9/15/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

c:\Program Files\Norton Personal Firewall\ccPxySvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\system32\UMonit2K.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\hwshell.exe

C:\Program Files\Kingsoft\Powerword 2006\xdict.exe

C:\Program Files\UltimateZip\uzqkst.exe

C:\Program Files\Kingsoft\Powerword 2006\update.exe

C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: ó?ò?°é??(&V) - {4647E382-520B-11D2-A0D0-004033D0645D} - C:\Program Files\InfoQuick\VoiceMate\Plugin\MyBands.dll

O3 - Toolbar: NewStar Band - {56C8C49B-7340-4D2F-988B-77416E8B97A5} - C:\Program Files\Chinese New Star\WordPlugin\IEPhonetic.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe

O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB002" /M "Stylus CX4100"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HANWANG Shell.lnk = %ProgramFiles%\hwshell.exe

O4 - Global Startup: Norton Personal Firewall.lnk = C:\Program Files\Norton Personal Firewall\nisfirst.exe

O4 - Global Startup: 金山词霸 2006.lnk = C:\Program Files\Kingsoft\Powerword 2006\xdict.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://vivoptz.dyndns.biz:101/VatDec.cab

O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://vivoptz.dyndns.biz/RtspVaPgDec.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://202.172.177.20/ActiveX/mgaxctrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118749390641

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://mocca.com/MediaCorp/ImageUploader4.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE

O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\System32\ntsokele.exe (file missing)

 

--

End of file - 8723 bytes

eclypse Extrem Member

eclypse

Posté(e)
Posté(e) (modifié)

Salut

 

Les majs windows ....

 

Reouvre hijackthis et coche

O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)

Inconnu

O3 - Toolbar: NewStar Band - {56C8C49B-7340-4D2F-988B-77416E8B97A5} - C:\Program Files\Chinese New Star\WordPlugin\IEPhonetic.dll

O4 - Global Startup: HANWANG Shell.lnk = %ProgramFiles%\hwshell.exe

Inconnu

O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://vivoptz.dyndns.biz:101/VatDec.cab

Inconnu

O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://vivoptz.dyndns.biz/RtspVaPgDec.cab

 

Clique sur fix checked

 

 

flechepourwindowslf4.jpg Windows NT (Désactiver un service)

 

Cette procédure permet de désactiver un service sur un poste Windows NT.

  • Clique sur Démarrer puis sur Exécuter
  • Dans l'éditeur, tape la commande services.msc
  • Cherche le service Rasautol
  • Double clique dessus,
    • Dans le champs Status du service, sélectionne arrêté
       
    • Dans le champs Type de démarrage, sélectionne désactivé
       
    • Clique sur Appliquer puis sur ok

    [*]Quitte les services.

Reouvre hijackthis et coche

O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\System32\ntsokele.exe (file missing)

 

Clique sur fix checked

 

Procedure :

 

 

logopostedetravailar2.jpg SmitFraudFix (S!Ri)

 

Télécharge SmitFraudFix de "S!Ri"

  • Décompresse la totalité de l'archive sur ton bureau.
  • Double-clique sur smitfraudfix.cmd
  • Sélectionne "1" dans le menu pour créer un rapport des fichiers responsables de l'infection.
  • Sauvegarde ce rapport et postes-le

analyseql0.png AVG AntiSpyware)

 

Télécharges AVG AS

  • Mets-le à jour.
  • Ferme AVG AS. Ne le lance pas tout de suite.
    si tu n'y arrives pas, consultes le tutoriel de Malekal
    ...
  • Lance AVG AS et cliques sur Analyse
  • Puis sur l'onglets Puis l'onglet Paramètres, pour Comment réagir ? sélectionne Actions recommandées puis Quarantaine
  • Reviens a l'onglet Analyse et clique sur Analyse complète du système, le scan démarre
  • Si un fichier infecté a été détecté, en fin d'analyse clique sur Appliquer toutes les actions
  • Clique sur Enregistrer le rapport et pour finir Enregistrer le rapport sous, enregistre sur le Bureau
  • Redémarre en mode normal et poste :
    • le rapport AVG AS
    • un nouveau log hijackthis

analyseql0.png Kaspersky

  • Assure toi que les contrôles activeX soient bien configurés dans les options internet comme décrit sur ce lien
  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur bouton-scann1.jpg
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Configurer le contrôle des ActiveX

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

 

analyseql0.png OTMoveIt (Old_Timer)

 

Télécharge OTMoveIt de Old_Timer sur ton Bureau.

  • Double-clique sur OTMoveIt.exe pour le lancer.
  • Assure toi que Unregister Dll's and Ocx's soit coché.
  • Copie-colle dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved

C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\

C:\Program Files\Chinese New Star\

  • Clique sur MoveIt! pour lancer la suppression.
  • Le résultat apparaitra dans le cadre Results. Copie le résultat.
  • Clique sur Exit pour fermer.
  • Colle le résultat dans ta prochain réponse.

Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas acceptes par Yes. Et poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous le nom [nombres_nombres].log

 

 

@+

Modifié par eclypse
shernice Junior Member

shernice

Posté(e)
  • Auteur
Posté(e)

Merci pour ton aide Eclypse!

 

J'ai fait les mises a jour windows

avec hijackthis je n'ai pas réussi a virer: O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)

ca revient toujours

 

pour:

O3 - Toolbar: NewStar Band - {56C8C49B-7340-4D2F-988B-77416E8B97A5} - C:\Program Files\Chinese New Star\WordPlugin\IEPhonetic.dll

O4 - Global Startup: HANWANG Shell.lnk = %ProgramFiles%\hwshell.exe

 

je les ai laisses car ces noms correspondent a des programmes pour l'apprentissage du mandarin avec une tablette graphique que j'ai installes il y a quelques temps deja. Mais si tu me conseille de les enlever pas de pbm

sinon voici les rapports:

SmitFraudFix v2.225

 

Scan done at 11:48:19.78, 09/16/2007 Sun

Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

换换换换换换换换换换换换 Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

c:\Program Files\Norton Personal Firewall\ccPxySvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\system32\UMonit2K.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\hwshell.exe

C:\Program Files\Kingsoft\Powerword 2006\xdict.exe

C:\Program Files\UltimateZip\uzqkst.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\cmd.exe

C:\WINDOWS\System32\conime.exe

C:\WINDOWS\System32\cmd.exe

 

换换换换换换换换换换换换 hosts

 

 

换换换换换换换换换换换换 C:\

 

 

换换换换换换换换换换换换 C:\WINDOWS

 

 

换换换换换换换换换换换换 C:\WINDOWS\system

 

 

换换换换换换换换换换换换 C:\WINDOWS\Web

 

 

换换换换换换换换换换换换 C:\WINDOWS\system32

 

 

换换换换换换换换换换换换 C:\Documents and Settings\Owner

 

 

换换换换换换换换换换换换 C:\Documents and Settings\Owner\Application Data

 

 

换换换换换换换换换换换换 Start Menu

 

 

换换换换换换换换换换换换 C:\DOCUME~1\Owner\FAVORI~1

 

 

换换换换换换换换换换换换 Desktop

 

 

换换换换换换换换换换换换 C:\Program Files

 

 

换换换换换换换换换换换换 Corrupted keys

 

 

换换换换换换换换换换换换 Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

 

 

换换换换换换换换换换换换 Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

换换换换换换换换换换换换 AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

 

 

换换换换换换换换换换换换 Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

换换换换换换换换换换换换 Rustock

 

 

 

换换换换换换换换换换换换 DNS

 

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport

DNS Server Search Order: 202.73.37.3

DNS Server Search Order: 165.21.83.88

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{24CBCDEF-5785-4487-8986-F352D130096C}: DhcpNameServer=202.73.37.3 165.21.83.88

HKLM\SYSTEM\CS1\Services\Tcpip\..\{24CBCDEF-5785-4487-8986-F352D130096C}: DhcpNameServer=192.169.34.181 203.120.90.40

HKLM\SYSTEM\CS2\Services\Tcpip\..\{24CBCDEF-5785-4487-8986-F352D130096C}: DhcpNameServer=202.73.37.3 165.21.83.88

HKLM\SYSTEM\CS3\Services\Tcpip\..\{24CBCDEF-5785-4487-8986-F352D130096C}: DhcpNameServer=202.73.37.3 165.21.83.88

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=202.73.37.3 165.21.83.88

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.169.34.181 203.120.90.40

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=202.73.37.3 165.21.83.88

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=202.73.37.3 165.21.83.88

 

 

换换换换换换换换换换换换 Scanning for wininet.dll infection

 

 

换换换换换换换换换换换换 End

 

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 10:48:58 PM 9/16/2007

 

+ Scan result:

 

 

 

:mozilla.637:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.

:mozilla.452:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.453:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.504:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.865:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.

:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.

:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.

:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.

:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.

:mozilla.570:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.455:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.

:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.215:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Estat : Cleaned.

:mozilla.576:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.851:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.

:mozilla.310:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.337:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.721:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.723:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.732:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.765:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.360:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.

:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.

:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.

:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Real : Cleaned.

:mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Real : Cleaned.

:mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Real : Cleaned.

:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Real : Cleaned.

:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.

:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.

:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.

:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.

:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.

:mozilla.303:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.304:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.305:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.243:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.

:mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.

:mozilla.531:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.716:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.

:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.

:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.

:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.

:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.

:mozilla.731:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.

:mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

 

 

::Report end

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:11:29 PM, on 9/16/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

c:\Program Files\Norton Personal Firewall\ccPxySvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\system32\UMonit2K.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\hwshell.exe

C:\Program Files\Kingsoft\Powerword 2006\xdict.exe

C:\Program Files\UltimateZip\uzqkst.exe

C:\WINDOWS\System32\conime.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: ó?ò?°é??(&V) - {4647E382-520B-11D2-A0D0-004033D0645D} - C:\Program Files\InfoQuick\VoiceMate\Plugin\MyBands.dll

O3 - Toolbar: NewStar Band - {56C8C49B-7340-4D2F-988B-77416E8B97A5} - C:\Program Files\Chinese New Star\WordPlugin\IEPhonetic.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe

O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB002" /M "Stylus CX4100"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-21-1003193338-2640079429-974192258-1009\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet (User 'Shernice')

O4 - HKUS\S-1-5-21-1003193338-2640079429-974192258-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Shernice')

O4 - HKUS\S-1-5-21-1003193338-2640079429-974192258-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Shernice')

O4 - HKUS\S-1-5-21-1003193338-2640079429-974192258-1009\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Shernice')

O4 - HKUS\S-1-5-21-1003193338-2640079429-974192258-1009\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Shernice')

O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HANWANG Shell.lnk = %ProgramFiles%\hwshell.exe

O4 - Global Startup: Norton Personal Firewall.lnk = C:\Program Files\Norton Personal Firewall\nisfirst.exe

O4 - Global Startup: 金山词霸 2006.lnk = C:\Program Files\Kingsoft\Powerword 2006\xdict.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://202.172.177.20/ActiveX/mgaxctrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189909975093

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://mocca.com/MediaCorp/ImageUploader4.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE

 

--

End of file - 9450 bytes

shernice Junior Member

shernice

Posté(e)
  • Auteur
Posté(e)

Et voici le reste:

 

C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools moved successfully.

 

Created on 09/17/2007 07:48:02

 

 

KASPERSKY ONLINE SCANNER REPORT

Monday, September 17, 2007 7:38:26 AM

Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)

Kaspersky Online Scanner version: 5.0.93.1

Kaspersky Anti-Virus database last update: 16/09/2007

Kaspersky Anti-Virus database records: 393762

Scan Settings

Scan using the following antivirus database standard

Scan Archives true

Scan Mail Bases true

Scan Target My Computer

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

Scan Statistics

Total number of scanned objects 98643

Number of viruses found 0

Number of infected objects 0

Number of suspicious objects 0

Duration of the scan process 01:56:52

 

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Confdntl.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Content.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Privacy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Restrict.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Spam.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\WebHist.log Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cert8.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\history.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\key3.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\parent.lock Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007091620070917\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_928.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped

C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Shernice\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Shernice\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Shernice\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Shernice\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Shernice\Local Settings\History\History.IE5\MSHist012007091720070918\index.dat Object is locked skipped

C:\Documents and Settings\Shernice\Local Settings\Temp\~DF76D.tmp Object is locked skipped

C:\Documents and Settings\Shernice\Local Settings\Temp\~DFA4A7.tmp Object is locked skipped

C:\Documents and Settings\Shernice\Local Settings\Temp\~DFFB10.tmp Object is locked skipped

C:\Documents and Settings\Shernice\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Shernice\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Shernice\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SymNeti1000.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SymNeti1001.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SymNeti1002.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SymNeti1003.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SymNeti1004.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SymNeti1005.log Object is locked skipped

C:\Program Files\Norton Personal Firewall\nisum.dat Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{48AD5744-EEE8-4ABD-838D-81C9BC274856}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\pn4rokf391.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\j47kkb1vkb.dll Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_4e8.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

F:\property\2 Rental\Giacomo\2 bdrm.xls Object is locked skipped

F:\property\2 Rental\Giacomo\the regalia.xls Object is locked skipped

F:\property\2 Rental\Giacomo\d3.xls Object is locked skipped

Scan process completed.

Invité JoK

Invité JoK

Posté(e)
Posté(e)

Bonsoir.

 

Pourriez vous faire analyser ce fichier s'il vous plait ?

 

C:\ WINDOWS\ system32\ => j47kkb1vkb.dll

 

VirusTotal

 

Cliquer sur parcourir sur la page web, puis emmener l'explorateur vers ce fichier, le sélectionner puis ouvrir. Cliquer sur Envoyer, et patienter jusqu'à la fin du scan.

 

Donnez simplement le résultat s'il vous plait.

 

Merci

eclypse Extrem Member

eclypse

Posté(e)
Posté(e)

Salut

 

Peux tu reposter un log hijackthis stp

 

Comment se comporte le pc

 

@+

shernice Junior Member

shernice

Posté(e)
  • Auteur
Posté(e)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:34:20 PM, on 9/17/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

c:\Program Files\Norton Personal Firewall\ccPxySvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\system32\UMonit2K.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\hwshell.exe

C:\Program Files\Kingsoft\Powerword 2006\xdict.exe

C:\Program Files\UltimateZip\uzqkst.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: ó?ò?°é??(&V) - {4647E382-520B-11D2-A0D0-004033D0645D} - C:\Program Files\InfoQuick\VoiceMate\Plugin\MyBands.dll

O3 - Toolbar: NewStar Band - {56C8C49B-7340-4D2F-988B-77416E8B97A5} - C:\Program Files\Chinese New Star\WordPlugin\IEPhonetic.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe

O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB002" /M "Stylus CX4100"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HANWANG Shell.lnk = %ProgramFiles%\hwshell.exe

O4 - Global Startup: Norton Personal Firewall.lnk = C:\Program Files\Norton Personal Firewall\nisfirst.exe

O4 - Global Startup: 金山词霸 2006.lnk = C:\Program Files\Kingsoft\Powerword 2006\xdict.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://202.172.177.20/ActiveX/mgaxctrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189909975093

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://mocca.com/MediaCorp/ImageUploader4.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE

 

--

End of file - 8807 bytes

eclypse Extrem Member

eclypse

Posté(e)
Posté(e)

Genere moi un rapport en suivant cette procedure

 

 

analyseql0.png DiagHelp (Malekal_morte)

 

Télécharge DiagHelp.zip de Malekal_morte sur ton bureau.

  • Décompresse le, sur ton bureau par exemple.
  • Un nouveau dossier chercher va être créé DiagHelp.
  • Ouvre le et double-clique sur go.cmd (le .cmd peut ne pas apparaître)
  • Une fenêtre va s'ouvrir, choisis l'option 1
  • L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
  • Copie/colle le contenu du bloc-note qui s'ouvre et joins le à ta prochaine réponse.

 

N'oublie pas à l'ecran rouge il te demandera d'appuyer sur entrée

 

@+

shernice Junior Member

shernice

Posté(e)
  • Auteur
Posté(e) (modifié)

D'abord merci pour votre aide.

Le pc fonctionne bien, surtout avec AVG comme antivirus. Antivir decouvre des virus tout le temps et bloque des programes comme firefox.

Al_Ctl_del ne fonctionne pas j'ai seulement la barre du cpu.

Quand je clique sur sur une des partitions dans hard disk drive j'ai: Windows cannot find 'auto.exe'

on ne peut pas faire apparaitre les dossier cachés dans la session de l'autre utilisateur en cochant la case prevue

le téléchargement des programmes sur internet commence avant que je clique ok dans la boite prevue.

 

 

sinon quant j'ai rentre C:\ WINDOWS\ system32\ => j47kkb1vkb.dll dans virus total ca c'est arrêté et j'ai eu le desktop. j'ai réessayais et c'était ok

Modifié par shernice

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...