Zlob.dnschanger

[Plocploc]

Hello cher tous,

 

je viens vers vous car je n'arrive pas a me debarasser de zlob. Spybot me le detecte comme des DNS dans la base de registres, j'ai beau supprimer ces valeurs IP, a chaque redemarrage il revient. Voici mon rapport hijack this. Est-il possible de l'eradiquer completement? Merci d'avance pour votre reponse

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:54:11, on 08/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

D:\Applis\Multimedia\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

D:\Applis\Utils\No-IP\DUC20.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

D:\Applis\Multimedia\PowerCinema\Kernel\TV\CLSched.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\rundll32.exe

D:\Applis\Utils\System\DAEMON Tools\daemon.exe

C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe

C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE

C:\PROGRA~1\SYMANT~1\VPTray.exe

D:\Applis\Utils\System\TrueImage Home\TrueImageMonitor.exe

D:\Applis\Chat\ICQ\ICQ.exe

D:\Applis\Utils\System\TrueImage Home\TimounterMonitor.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

D:\Applis\Multimedia\SBAudigy4\DVDAudio\CTDVDDET.EXE

D:\Applis\Multimedia\SBAudigy4\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\CTHELPER.EXE

D:\Applis\Utils\System\LooknStop\looknstop.exe

C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE

D:\Applis\Chat\Skype\Skype.exe

D:\Applis\Utils\System\FreeMem\FMEMPRO.EXE

D:\Applis\Utils\DeeEnEs.exe

D:\Applis\FileSharing\PeerGuardian2\pg2.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

D:\Applis\Utils\System\Spybot - Search & Destroy\TeaTimer.exe

D:\APPLIS\UTILS\SYSTEM\ADSL Autoconnect\ADSL Autoconnect.exe

D:\Applis\Utils\System\Samurize\Client.exe

D:\Applis\FileSharing\Hotline\Server\Hotline Server 1.8.5.exe

D:\Applis\FileSharing\HotlineNetStrangler v3.0rc5\HotlineNetStrangler.exe

D:\Applis\Utils\Divers\Outclock\OutClock.exe

D:\Applis\Utils\System\SpeedFan\speedfan.exe

D:\Applis\Utils\System\NetGraph2.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\Applis\Utils\System\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Applis\Acrobat Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Applis\Utils\System\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar

O4 - HKLM\..\Run: [Mirabilis ICQ] D:\Applis\Chat\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [DAEMON Tools] "D:\Applis\Utils\System\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe

O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce

O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE" /auto

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Applis\Utils\System\TrueImage Home\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Applis\Utils\System\TrueImage Home\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [CTDVDDET] D:\Applis\Multimedia\SBAudigy4\DVDAudio\CTDVDDET.EXE

O4 - HKLM\..\Run: [CTSysVol] D:\Applis\Multimedia\SBAudigy4\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [Look 'n' Stop] "D:\Applis\Utils\System\LooknStop\looknstop.exe" -auto

O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKCU\..\Run: [skype] "D:\Applis\Chat\Skype\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [FreeMem Pro] "D:\Applis\Utils\System\FreeMem\FMEMPRO.EXE" Startup

O4 - HKCU\..\Run: [DeeEnEs] D:\Applis\Utils\DeeEnEs.exe

O4 - HKCU\..\Run: [PeerGuardian] D:\Applis\FileSharing\PeerGuardian2\pg2.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Applis\Utils\System\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: NetGraph2.lnk = D:\Applis\Utils\System\NetGraph2.exe

O4 - Global Startup: Client Default.lnk = D:\Applis\Utils\System\Samurize\Client.exe

O4 - Global Startup: HL Server.lnk = D:\Applis\FileSharing\Hotline\Server\Hotline Server 1.8.5.exe

O4 - Global Startup: HotlineNetStrangler.lnk = D:\Applis\FileSharing\HotlineNetStrangler v3.0rc5\HotlineNetStrangler.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Applis\MSOffice\Office\OSA9.EXE

O4 - Global Startup: OutClock.lnk = D:\Applis\Utils\Divers\Outclock\OutClock.exe

O4 - Global Startup: SpeedFan.lnk = D:\Applis\Utils\System\SpeedFan\speedfan.exe

O8 - Extra context menu item: + &Mass Downloader: download this file - D:\Applis\Multimedia\Mass Downloader\Add_Url.htm

O8 - Extra context menu item: + Mass Downloader: download &All files - D:\Applis\Multimedia\Mass Downloader\Add_All.htm

O8 - Extra context menu item: Sothink SWF Decompiler - D:\Applis\Utils\Divers\SWF Decompiler\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - D:\Applis\Multimedia\Mass Downloader\massdown.exe

O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - D:\Applis\Multimedia\Mass Downloader\massdown.exe

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Applis\Utils\Divers\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Applis\Utils\Divers\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Applis\Chat\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Applis\Chat\ICQ\ICQ.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Applis\Utils\System\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Applis\Utils\System\SPYBOT~1\SDHelper.dll

O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Applis\Utils\Divers\SWF Decompiler\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Applis\Utils\Divers\SWF Decompiler\InternetExplorer.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{70A6A36A-D819-47BD-9512-8A029FC0BAE6}: NameServer = 80.118.192.100,80.118.196.36

O17 - HKLM\System\CCS\Services\Tcpip\..\{E6FB2677-B8E4-4132-BB31-86940C1F886F}: NameServer = 85.255.116.165 85.255.112.141

O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: ADSLAutoconnect - Unknown owner - D:\APPLIS\UTILS\SYSTEM\ADSL Autoconnect\ADSL Autoconnect.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - D:\Applis\Multimedia\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - D:\Applis\Multimedia\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: NoIPDUCService - Vitalwerks LLC - D:\Applis\Utils\No-IP\DUC20.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

--

End of file - 11399 bytes

[angelique]

'jour

 

• Télécharge le FixWareout sur le bureau:

 

http://downloads.subratam.org/Fixwareout.exe

 

 

Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.

Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

 

Quand ton système aura redémarré, suis les invites des messages. Ensuite lance hijackthis en cliquant sur do a scan system only coche cette ligne:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - Global Startup: Microsoft Office.lnk = D:\Applis\MSOffice\Office\OSA9.EXE

O17 - HKLM\System\CCS\Services\Tcpip\..\{E6FB2677-B8E4-4132-BB31-86940C1F886F}: NameServer = 85.255.116.165 85.255.112.141

 

• * Fais un scan en ligne Kaspersky

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

* Clique sur Accept

* Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.

* clique une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patiente un moment

* Clique sur Next.

* Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

 

tuto >> http://www.malekal.com/scan_Av_en_ligne.php#mozTocId291566

 

poste le rapport avec un nouveau rapport HJT et le rapport , son contenu là C:\fixwareout\report.txt

[Plocploc]

Bonjour,

 

Voila les 3 rapports demandes.

 

Kaspersky

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Sunday, March 09, 2008 1:46:02 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 9/03/2008

Kaspersky Anti-Virus database records: 560682

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: false

Scan Mail Bases: false

 

Scan Target - Folders:

C:\

 

Scan Statistics:

Total number of scanned objects: 50991

Number of viruses found: 12

Number of infected objects: 20

Number of suspicious objects: 0

Duration of the scan process: 00:22:48

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01900000\45F1FFCC.VBN Infected: Trojan-Downloader.Win32.Small.on skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E00000\47E4ECB5.VBN Infected: Trojan-Downloader.JS.IESlice.l skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02880000.VBN Infected: P2P-Worm.Win32.VB.dz skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02880001.VBN Infected: P2P-Worm.Win32.VB.dz skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02880002.VBN Infected: Trojan-Clicker.Win32.Bitdefener skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02880004.VBN Infected: Backdoor.Win32.IRCBot.py skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02880005.VBN Infected: Backdoor.Win32.IRCBot.py skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02880006.VBN Infected: Backdoor.Win32.IRCBot.py skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\090C0000\4F0CAF52.VBN Infected: Trojan-Downloader.JS.Agent.hv skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\090C0001\4F0CAF9E.VBN Infected: Exploit.Win32.IMG-WMF.v skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\090C0002\4F0CAFB2.VBN Infected: Exploit.JS.ADODB.Stream.ac skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A740000\4EFFDD32.VBN Infected: Trojan-Clicker.Win32.Bitdefener skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E580000\4E7D73A2.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E580001\4E5822D5.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E580002\4E5822E0.VBN Infected: Trojan-Downloader.Win32.Ani.c skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E580003\4E5822EA.VBN Infected: Trojan-Downloader.Win32.Ani.c skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E580004\4E5822F7.VBN Infected: Trojan-Downloader.Win32.Ani.c skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F200000\4FB112AF.VBN Infected: Exploit.HTML.IESlice.c skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FE00001\4FFCD1A6.VBN Infected: Exploit.HTML.IESlice.d skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FE00003\4FFE3357.VBN Infected: Exploit.HTML.IESlice.d skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Application Data\Skype\darthaudreyvan\call256.dbb Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Application Data\Skype\darthaudreyvan\chat256.dbb Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Application Data\Skype\darthaudreyvan\chat512.dbb Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Application Data\Skype\darthaudreyvan\chatmsg1024.dbb Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Application Data\Skype\darthaudreyvan\chatmsg2048.dbb Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Application Data\Skype\darthaudreyvan\chatmsg256.dbb Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Application Data\Skype\darthaudreyvan\chatmsg4096.dbb Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Application Data\Skype\darthaudreyvan\chatmsg512.dbb Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Application Data\Skype\darthaudreyvan\chatmsg8192.dbb Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Application Data\Skype\darthaudreyvan\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Application Data\Skype\darthaudreyvan\index2.dat Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Application Data\Skype\darthaudreyvan\profile4096.dbb Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Application Data\Skype\darthaudreyvan\transfer256.dbb Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Application Data\Skype\darthaudreyvan\transfer512.dbb Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Application Data\Skype\darthaudreyvan\user1024.dbb Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Application Data\Skype\darthaudreyvan\user16384.dbb Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Application Data\Skype\darthaudreyvan\user4096.dbb Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Application Data\Skype\darthaudreyvan\voicemail256.dbb Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Application Data\Microsoft\Messenger\genghisk_@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Application Data\Microsoft\Messenger\genghisk_@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Application Data\Microsoft\Messenger\genghisk_@hotmail.com\SharingMetadata\Working\database_28B8_2867_B828_362A\dfsr.db Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Application Data\Microsoft\Messenger\genghisk_@hotmail.com\SharingMetadata\Working\database_28B8_2867_B828_362A\fsr.log Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Application Data\Microsoft\Messenger\genghisk_@hotmail.com\SharingMetadata\Working\database_28B8_2867_B828_362A\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Application Data\Microsoft\Messenger\genghisk_@hotmail.com\SharingMetadata\Working\database_28B8_2867_B828_362A\tmp.edb Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Application Data\Microsoft\Windows Live Contacts\GenghisK_@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Application Data\Microsoft\Windows Live Contacts\GenghisK_@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Temp\hsperfdata_Darth Revan\3212 Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Temp\Perflib_Perfdata_234.dat Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Temp\Perflib_Perfdata_c24.dat Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Temp\Perflib_Perfdata_ef8.dat Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Temp\~DF4509.tmp Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Temp\~DF4539.tmp Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Temp\~DFAE38.tmp Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Temp\~DFAE47.tmp Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Temp\~DFECD2.tmp Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Temp\~DFEEBE.tmp Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Mes documents\My Chat Logs\mars 2008\atahualpa2005@hotmail.fr.txt Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\Mes documents\My Chat Logs\mars 2008\nialaudrey@wanadoo.fr.txt Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Darth Revan.STARFORGE\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService.AUTORITE NT\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temp\Perflib_Perfdata_3f0.dat Object is locked skipped

C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService.AUTORITE NT\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService.AUTORITE NT\ntuser.dat.LOG Object is locked skipped

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AGENT_LOG1.txt Object is locked skipped

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db Object is locked skipped

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db-journal Object is locked skipped

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BINARY\CLML.db Object is locked skipped

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db Object is locked skipped

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db-journal Object is locked skipped

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db Object is locked skipped

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db-journal Object is locked skipped

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db Object is locked skipped

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db-journal Object is locked skipped

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db-journal Object is locked skipped

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db Object is locked skipped

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db-journal Object is locked skipped

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db Object is locked skipped

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db-journal Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0148NAV~.TMP Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0417NAV~.TMP Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{74558B5F-E37D-4995-9C78-250313D9C144}\RP744\change.log Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd2813.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000008-10211102}.CDF Object is locked skipped

 

Scan process completed.

 

 

Fixwareout

Username "Darth Revan" - 09/03/2008 12:34:15 [Fixwareout edited 9/01/2007]

 

~~~~~ Prerun check

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E6FB2677-B8E4-4132-BB31-86940C1F886F}

"nameserver"="85.255.116.165" <Value cleared.

 

Cache de résolution DNS vidé.

 

 

System was rebooted successfully.

 

~~~~~ Postrun check

HKLM\SOFTWARE\~\Winlogon\ "System"=""

....

....

~~~~~ Misc files.

....

~~~~~ Checking for older varients.

....

 

~~~~~ Current runs (hklm hkcu "run" Keys Only)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""

"AdslTaskBar"="rundll32.exe stmctrl.dll,TaskBar"

"Mirabilis ICQ"="D:\\Applis\\Chat\\ICQ\\ICQNet.exe"

"DAEMON Tools"="\"D:\\Applis\\Utils\\System\\DAEMON Tools\\daemon.exe\" -lang 1033"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"MDDiskProtect.exe"="C:\\Program Files\\Mediafour\\MacDrive\\MDDiskProtect.exe"

"MediafourGettingStartedWithMacDrive6"="\"C:\\Program Files\\Mediafour\\MacDrive\\MacDrive.exe\" /runonce"

"Mediafour Mac Volume Notifications"="\"C:\\Program Files\\Fichiers communs\\Mediafour\\MACVNTFY.EXE\" /auto"

"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"TrueImageMonitor.exe"="D:\\Applis\\Utils\\System\\TrueImage Home\\TrueImageMonitor.exe"

"AcronisTimounterMonitor"="D:\\Applis\\Utils\\System\\TrueImage Home\\TimounterMonitor.exe"

"Acronis Scheduler2 Service"="\"C:\\Program Files\\Fichiers communs\\Acronis\\Schedule2\\schedhlp.exe\""

"CTDVDDET"="D:\\Applis\\Multimedia\\SBAudigy4\\DVDAudio\\CTDVDDET.EXE"

"CTSysVol"="D:\\Applis\\Multimedia\\SBAudigy4\\Surround Mixer\\CTSysVol.exe /r"

"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""

"CTHelper"="CTHELPER.EXE"

"Look 'n' Stop"="\"D:\\Applis\\Utils\\System\\LooknStop\\looknstop.exe\" -auto"

"ATIPTA"="C:\\PROGRAM FILES\\ATI TECHNOLOGIES\\ATI CONTROL PANEL\\ATIPTAXX.EXE"

"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="\"D:\\Applis\\Chat\\Skype\\Skype.exe\" /nosplash /minimized"

"FreeMem Pro"="\"D:\\Applis\\Utils\\System\\FreeMem\\FMEMPRO.EXE\" Startup"

"DeeEnEs"="D:\\Applis\\Utils\\DeeEnEs.exe"

"PeerGuardian"="D:\\Applis\\FileSharing\\PeerGuardian2\\pg2.exe"

"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

"SpybotSD TeaTimer"="D:\\Applis\\Utils\\System\\Spybot - Search & Destroy\\TeaTimer.exe"

....

Hosts file was reset, If you use a custom hosts file please replace it...

~~~~~ End report ~~~~~

 

Rapport Hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:52:25, on 09/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

D:\Applis\Multimedia\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

D:\Applis\Utils\No-IP\DUC20.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

D:\Applis\Multimedia\PowerCinema\Kernel\TV\CLSched.exe

D:\APPLIS\UTILS\SYSTEM\ADSL Autoconnect\ADSL Autoconnect.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\rundll32.exe

D:\Applis\Utils\System\DAEMON Tools\daemon.exe

C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe

C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE

C:\PROGRA~1\SYMANT~1\VPTray.exe

D:\Applis\Utils\System\TrueImage Home\TrueImageMonitor.exe

D:\Applis\Utils\System\TrueImage Home\TimounterMonitor.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

D:\Applis\Multimedia\SBAudigy4\DVDAudio\CTDVDDET.EXE

D:\Applis\Multimedia\SBAudigy4\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\CTHELPER.EXE

D:\Applis\Utils\System\LooknStop\looknstop.exe

C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE

D:\Applis\Chat\ICQ\ICQ.exe

D:\Applis\Chat\Skype\Skype.exe

D:\Applis\Utils\System\FreeMem\FMEMPRO.EXE

D:\Applis\Utils\DeeEnEs.exe

D:\Applis\FileSharing\PeerGuardian2\pg2.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

D:\Applis\Utils\System\Spybot - Search & Destroy\TeaTimer.exe

D:\Applis\Utils\System\Samurize\Client.exe

D:\Applis\FileSharing\Hotline\Server\Hotline Server 1.8.5.exe

D:\Applis\FileSharing\HotlineNetStrangler v3.0rc5\HotlineNetStrangler.exe

D:\Applis\Utils\Divers\Outclock\OutClock.exe

D:\Applis\Utils\System\SpeedFan\speedfan.exe

D:\Applis\Utils\System\NetGraph2.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\Applis\Utils\System\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Applis\Acrobat Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Applis\Utils\System\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar

O4 - HKLM\..\Run: [Mirabilis ICQ] D:\Applis\Chat\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [DAEMON Tools] "D:\Applis\Utils\System\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe

O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce

O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE" /auto

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Applis\Utils\System\TrueImage Home\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Applis\Utils\System\TrueImage Home\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [CTDVDDET] D:\Applis\Multimedia\SBAudigy4\DVDAudio\CTDVDDET.EXE

O4 - HKLM\..\Run: [CTSysVol] D:\Applis\Multimedia\SBAudigy4\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [Look 'n' Stop] "D:\Applis\Utils\System\LooknStop\looknstop.exe" -auto

O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKCU\..\Run: [skype] "D:\Applis\Chat\Skype\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [FreeMem Pro] "D:\Applis\Utils\System\FreeMem\FMEMPRO.EXE" Startup

O4 - HKCU\..\Run: [DeeEnEs] D:\Applis\Utils\DeeEnEs.exe

O4 - HKCU\..\Run: [PeerGuardian] D:\Applis\FileSharing\PeerGuardian2\pg2.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Applis\Utils\System\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: NetGraph2.lnk = D:\Applis\Utils\System\NetGraph2.exe

O4 - Global Startup: Client Default.lnk = D:\Applis\Utils\System\Samurize\Client.exe

O4 - Global Startup: HL Server.lnk = D:\Applis\FileSharing\Hotline\Server\Hotline Server 1.8.5.exe

O4 - Global Startup: HotlineNetStrangler.lnk = D:\Applis\FileSharing\HotlineNetStrangler v3.0rc5\HotlineNetStrangler.exe

O4 - Global Startup: OutClock.lnk = D:\Applis\Utils\Divers\Outclock\OutClock.exe

O4 - Global Startup: SpeedFan.lnk = D:\Applis\Utils\System\SpeedFan\speedfan.exe

O8 - Extra context menu item: + &Mass Downloader: download this file - D:\Applis\Multimedia\Mass Downloader\Add_Url.htm

O8 - Extra context menu item: + Mass Downloader: download &All files - D:\Applis\Multimedia\Mass Downloader\Add_All.htm

O8 - Extra context menu item: Sothink SWF Decompiler - D:\Applis\Utils\Divers\SWF Decompiler\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - D:\Applis\Multimedia\Mass Downloader\massdown.exe

O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - D:\Applis\Multimedia\Mass Downloader\massdown.exe

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Applis\Utils\Divers\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Applis\Utils\Divers\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Applis\Chat\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Applis\Chat\ICQ\ICQ.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Applis\Utils\System\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Applis\Utils\System\SPYBOT~1\SDHelper.dll

O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Applis\Utils\Divers\SWF Decompiler\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Applis\Utils\Divers\SWF Decompiler\InternetExplorer.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{70A6A36A-D819-47BD-9512-8A029FC0BAE6}: NameServer = 80.118.192.100,80.118.196.36

O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: ADSLAutoconnect - Unknown owner - D:\APPLIS\UTILS\SYSTEM\ADSL Autoconnect\ADSL Autoconnect.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - D:\Applis\Multimedia\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - D:\Applis\Multimedia\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: NoIPDUCService - Vitalwerks LLC - D:\Applis\Utils\No-IP\DUC20.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

--

End of file - 11049 bytes

 

 

Merci

[angelique]

Tu as juste à vider ta quarantaine de symantec et à desinstaller Kaspersky Online via ajout\supp de programmes , sinon c'est ok.

[Plocploc]

Merci beaucoup pour ton aide et la promptitude des reponses

Juste une petite question par curiosite, c'est dangereux les 3 items "downloaders" lockes qui apparaissent en debut de rapport Kaspersky?

[angelique]

A mon avis c'est légitime à microsoft ^^

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

 

Ces deux fichiers sont utilisés par le service "Service de transfert intelligent en arrière-plan" et ce service est démarré sur votre ordinateur. Le nom de ce service est BITS

[Plocploc]

Raaaah je desespere,

 

Je viens de faire un controle spybot juste comme ca et il me detecte toujours zlob

 

Zlob.DNSChanger: [sBI $041D1396] TCP/IP Settings #1 (Undefined) (Modification du registre, nothing done)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E6FB2677-B8E4-4132-BB31-86940C1F886F}\NameServer=208.67.220.220,208.67.222.222

 

 

 

 

 

Rapport Hijack

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:03:51, on 16/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

D:\Applis\Multimedia\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

D:\Applis\Utils\No-IP\DUC20.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

D:\Applis\Multimedia\PowerCinema\Kernel\TV\CLSched.exe

D:\APPLIS\UTILS\SYSTEM\ADSL Autoconnect\ADSL Autoconnect.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\rundll32.exe

D:\Applis\Utils\System\DAEMON Tools\daemon.exe

C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe

C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE

C:\PROGRA~1\SYMANT~1\VPTray.exe

D:\Applis\Utils\System\TrueImage Home\TrueImageMonitor.exe

D:\Applis\Utils\System\TrueImage Home\TimounterMonitor.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

D:\Applis\Multimedia\SBAudigy4\DVDAudio\CTDVDDET.EXE

D:\Applis\Multimedia\SBAudigy4\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

D:\Applis\Utils\System\LooknStop\looknstop.exe

C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE

D:\Applis\Chat\Skype\Skype.exe

D:\Applis\Chat\ICQ\ICQ.exe

D:\Applis\Utils\System\FreeMem\FMEMPRO.EXE

D:\Applis\Utils\DeeEnEs.exe

D:\Applis\FileSharing\PeerGuardian2\pg2.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

D:\Applis\Utils\System\Spybot - Search & Destroy\TeaTimer.exe

D:\Applis\Utils\System\Samurize\Client.exe

D:\Applis\FileSharing\Hotline\Server\Hotline Server 1.8.5.exe

D:\Applis\FileSharing\HotlineNetStrangler v3.0rc5\HotlineNetStrangler.exe

D:\Applis\Utils\Divers\Outclock\OutClock.exe

D:\Applis\Utils\System\SpeedFan\speedfan.exe

D:\Applis\Utils\System\NetGraph2.exe

C:\Program Files\MSN Messenger\usnsvc.exe

D:\Applis\Utils\System\Spybot - Search & Destroy\SpybotSD.exe

D:\Applis\Utils\System\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Applis\Acrobat Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Applis\Utils\System\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar

O4 - HKLM\..\Run: [Mirabilis ICQ] D:\Applis\Chat\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [DAEMON Tools] "D:\Applis\Utils\System\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe

O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce

O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE" /auto

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Applis\Utils\System\TrueImage Home\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Applis\Utils\System\TrueImage Home\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [CTDVDDET] D:\Applis\Multimedia\SBAudigy4\DVDAudio\CTDVDDET.EXE

O4 - HKLM\..\Run: [CTSysVol] D:\Applis\Multimedia\SBAudigy4\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [Look 'n' Stop] "D:\Applis\Utils\System\LooknStop\looknstop.exe" -auto

O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKCU\..\Run: [skype] "D:\Applis\Chat\Skype\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [FreeMem Pro] "D:\Applis\Utils\System\FreeMem\FMEMPRO.EXE" Startup

O4 - HKCU\..\Run: [DeeEnEs] D:\Applis\Utils\DeeEnEs.exe

O4 - HKCU\..\Run: [PeerGuardian] D:\Applis\FileSharing\PeerGuardian2\pg2.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Applis\Utils\System\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: NetGraph2.lnk = D:\Applis\Utils\System\NetGraph2.exe

O4 - Global Startup: Client Default.lnk = D:\Applis\Utils\System\Samurize\Client.exe

O4 - Global Startup: HL Server.lnk = D:\Applis\FileSharing\Hotline\Server\Hotline Server 1.8.5.exe

O4 - Global Startup: HotlineNetStrangler.lnk = D:\Applis\FileSharing\HotlineNetStrangler v3.0rc5\HotlineNetStrangler.exe

O4 - Global Startup: OutClock.lnk = D:\Applis\Utils\Divers\Outclock\OutClock.exe

O4 - Global Startup: SpeedFan.lnk = D:\Applis\Utils\System\SpeedFan\speedfan.exe

O8 - Extra context menu item: + &Mass Downloader: download this file - D:\Applis\Multimedia\Mass Downloader\Add_Url.htm

O8 - Extra context menu item: + Mass Downloader: download &All files - D:\Applis\Multimedia\Mass Downloader\Add_All.htm

O8 - Extra context menu item: Sothink SWF Decompiler - D:\Applis\Utils\Divers\SWF Decompiler\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - D:\Applis\Multimedia\Mass Downloader\massdown.exe

O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - D:\Applis\Multimedia\Mass Downloader\massdown.exe

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Applis\Utils\Divers\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Applis\Utils\Divers\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Applis\Chat\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Applis\Chat\ICQ\ICQ.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Applis\Utils\System\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Applis\Utils\System\SPYBOT~1\SDHelper.dll

O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Applis\Utils\Divers\SWF Decompiler\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Applis\Utils\Divers\SWF Decompiler\InternetExplorer.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{70A6A36A-D819-47BD-9512-8A029FC0BAE6}: NameServer = 80.118.192.100,80.118.196.36

O17 - HKLM\System\CCS\Services\Tcpip\..\{E6FB2677-B8E4-4132-BB31-86940C1F886F}: NameServer = 85.255.116.165 85.255.112.141

O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: ADSLAutoconnect - Unknown owner - D:\APPLIS\UTILS\SYSTEM\ADSL Autoconnect\ADSL Autoconnect.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - D:\Applis\Multimedia\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - D:\Applis\Multimedia\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: NoIPDUCService - Vitalwerks LLC - D:\Applis\Utils\No-IP\DUC20.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

--

End of file - 11191 bytes

 

Help SVP

[angelique]

meme manip avec Fixwareout que precedemment.

[Plocploc]

Merci. Et pour hijack faut-il que je coche des cases check fixed?

[angelique]

celle ci si presente apres le passage de fixwareout:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O17 - HKLM\System\CCS\Services\Tcpip\..\{E6FB2677-B8E4-4132-BB31-86940C1F886F}: NameServer = 85.255.116.165 85.255.112.141