7 réponses
zakary
Messages postés
6
Date d'inscription
jeudi 11 novembre 2004
Statut
Membre
Dernière intervention
11 novembre 2004
11 nov. 2004 à 13:35
11 nov. 2004 à 13:35
Salut Wael,
mon log file ne s'est pas affiché, je le joins pendant que je télécharge spychecker.
Merci
Logfile of HijackThis v1.98.2
Scan saved at 1:34:16 , on 11/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Adobe\Acrobat 5.0\SealedMedia\sealmon.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\lexpps.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\WinDVD4PR\WinScheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ACT\SideACT.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Telefonica\Kit ADSL USB\dslmon.exe
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\WINDOWS\Fonts\mcip.exe
C:\WINDOWS\System32\taskmgr.exe
C:\DOCUME~1\SMALKA~1.000\LOCALS~1\Temp\bkinst.exe
C:\WINDOWS\repair\wininfo.exe
C:\Documents and Settings\smalka.W1-RESEARCH.000\My Documents\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.wanadoo.es&nack=www.wanadoo.es' target='_blank'>http://www.eresmas.com/i2r/login2?to=www.wanadoo.es&nack=www.wanadoo.es
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.welcomehomes.co.uk/lista.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ya.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by W1 research
O1 - Hosts: 81.16.238.101 voxco.w1-research.com
O2 - BHO: CATLEvents Object - {55E301E5-BA44-4095-BB0B-14E0123CCF71} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cmniw.dat
O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:\DOCUME~1\SMALKA~1.000\LOCALS~1\Temp\4dpUswodniW.dat
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CATLEvents Object - {ED5ABC42-8E4F-4C39-9972-F0CF619D672F} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\yalpcca.dat
O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\DOCUME~1\SMALKA~1.000\LOCALS~1\Temp\4dpUswodniW.dat
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sealmon] C:\Program Files\Adobe\Acrobat 5.0\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\WindowsUpd4.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [*WindowsUpd4] C:\WINDOWS\WindowsUpd4.exe
O4 - HKLM\..\Run: [*drvsvc] C:\WINDOWS\Config\drvsvc.exe
O4 - HKLM\..\Run: [*wwms] C:\WINDOWS\Tasks\wwms.exe
O4 - HKLM\..\Run: [*taskdvd] C:\WINDOWS\Driver Cache\taskdvd.exe
O4 - HKLM\..\Run: [*dvdvss] C:\WINDOWS\AppPatch\dvdvss.exe
O4 - HKLM\..\Run: [*infoinet] C:\WINDOWS\Config\infoinet.exe
O4 - HKLM\..\Run: [*logdrv] C:\WINDOWS\Fonts\logdrv.exe
O4 - HKLM\..\Run: [*winmc] C:\WINDOWS\Config\winmc.exe
O4 - HKLM\..\Run: [*wininfo] C:\WINDOWS\Web\wininfo.exe
O4 - HKLM\..\Run: [*apnet] C:\WINDOWS\Driver Cache\apnet.exe
O4 - HKLM\..\Run: [*accplay] C:\WINDOWS\Cursors\accplay.exe
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\System32\lexpps.exe
O4 - HKLM\..\RunOnce: [*winmc] C:\WINDOWS\Config\winmc.exe rerun
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\RunOnce: [*WinLogon] C:\DOCUME~1\SMALKA~1.000\LOCALS~1\Temp\bkinst.exe ren time:1100174571
O4 - HKCU\..\RunOnce: [*wininfo] C:\WINDOWS\repair\wininfo.exe rerun
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\WinDVD4PR\WinScheduler.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Consola KIT ADSL.lnk = ?
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.ya.com
O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} (ddm_download.ddm_control) - http://bins.dynamicdesktopmedia.com/cab/ddm_control.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4FCFF034-6F56-4D65-8C31-70D98C475428} (ddm_download.ddm_control) - http://bins.dynamicdesktopmedia.com/cab/crack.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = w1-research.com
O17 - HKLM\Software\..\Telephony: DomainName = w1-research.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{92994AE8-C603-4F9B-840F-4E44DE1D53BD}: NameServer = 10.15.10.3,10.15.10.2,10.15.10.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = w1-research.com,w2.w1-research.com
mon log file ne s'est pas affiché, je le joins pendant que je télécharge spychecker.
Merci
Logfile of HijackThis v1.98.2
Scan saved at 1:34:16 , on 11/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Adobe\Acrobat 5.0\SealedMedia\sealmon.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\lexpps.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\WinDVD4PR\WinScheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ACT\SideACT.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Telefonica\Kit ADSL USB\dslmon.exe
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\WINDOWS\Fonts\mcip.exe
C:\WINDOWS\System32\taskmgr.exe
C:\DOCUME~1\SMALKA~1.000\LOCALS~1\Temp\bkinst.exe
C:\WINDOWS\repair\wininfo.exe
C:\Documents and Settings\smalka.W1-RESEARCH.000\My Documents\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.wanadoo.es&nack=www.wanadoo.es' target='_blank'>http://www.eresmas.com/i2r/login2?to=www.wanadoo.es&nack=www.wanadoo.es
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.welcomehomes.co.uk/lista.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ya.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by W1 research
O1 - Hosts: 81.16.238.101 voxco.w1-research.com
O2 - BHO: CATLEvents Object - {55E301E5-BA44-4095-BB0B-14E0123CCF71} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cmniw.dat
O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:\DOCUME~1\SMALKA~1.000\LOCALS~1\Temp\4dpUswodniW.dat
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CATLEvents Object - {ED5ABC42-8E4F-4C39-9972-F0CF619D672F} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\yalpcca.dat
O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\DOCUME~1\SMALKA~1.000\LOCALS~1\Temp\4dpUswodniW.dat
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sealmon] C:\Program Files\Adobe\Acrobat 5.0\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\WindowsUpd4.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [*WindowsUpd4] C:\WINDOWS\WindowsUpd4.exe
O4 - HKLM\..\Run: [*drvsvc] C:\WINDOWS\Config\drvsvc.exe
O4 - HKLM\..\Run: [*wwms] C:\WINDOWS\Tasks\wwms.exe
O4 - HKLM\..\Run: [*taskdvd] C:\WINDOWS\Driver Cache\taskdvd.exe
O4 - HKLM\..\Run: [*dvdvss] C:\WINDOWS\AppPatch\dvdvss.exe
O4 - HKLM\..\Run: [*infoinet] C:\WINDOWS\Config\infoinet.exe
O4 - HKLM\..\Run: [*logdrv] C:\WINDOWS\Fonts\logdrv.exe
O4 - HKLM\..\Run: [*winmc] C:\WINDOWS\Config\winmc.exe
O4 - HKLM\..\Run: [*wininfo] C:\WINDOWS\Web\wininfo.exe
O4 - HKLM\..\Run: [*apnet] C:\WINDOWS\Driver Cache\apnet.exe
O4 - HKLM\..\Run: [*accplay] C:\WINDOWS\Cursors\accplay.exe
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\System32\lexpps.exe
O4 - HKLM\..\RunOnce: [*winmc] C:\WINDOWS\Config\winmc.exe rerun
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\RunOnce: [*WinLogon] C:\DOCUME~1\SMALKA~1.000\LOCALS~1\Temp\bkinst.exe ren time:1100174571
O4 - HKCU\..\RunOnce: [*wininfo] C:\WINDOWS\repair\wininfo.exe rerun
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\WinDVD4PR\WinScheduler.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Consola KIT ADSL.lnk = ?
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.ya.com
O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} (ddm_download.ddm_control) - http://bins.dynamicdesktopmedia.com/cab/ddm_control.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4FCFF034-6F56-4D65-8C31-70D98C475428} (ddm_download.ddm_control) - http://bins.dynamicdesktopmedia.com/cab/crack.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = w1-research.com
O17 - HKLM\Software\..\Telephony: DomainName = w1-research.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{92994AE8-C603-4F9B-840F-4E44DE1D53BD}: NameServer = 10.15.10.3,10.15.10.2,10.15.10.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = w1-research.com,w2.w1-research.com
Utilisateur anonyme
11 nov. 2004 à 13:37
11 nov. 2004 à 13:37
Ok mais scan avec cws en mode sans echec de preference......
zakary
Messages postés
6
Date d'inscription
jeudi 11 novembre 2004
Statut
Membre
Dernière intervention
11 novembre 2004
11 nov. 2004 à 13:40
11 nov. 2004 à 13:40
Wael,
en mode sans échec ? comment ? (désolé pour la question de base)
en mode sans échec ? comment ? (désolé pour la question de base)
zakary
Messages postés
6
Date d'inscription
jeudi 11 novembre 2004
Statut
Membre
Dernière intervention
11 novembre 2004
11 nov. 2004 à 13:47
11 nov. 2004 à 13:47
OK
cws me répond :"coolwebsearch not found on your system"...
donc c'est autre chose ? non ?
qq'un a déjà vu ce winmc.exe ? dans son gestionnaire de tâches ?
cws me répond :"coolwebsearch not found on your system"...
donc c'est autre chose ? non ?
qq'un a déjà vu ce winmc.exe ? dans son gestionnaire de tâches ?
Utilisateur anonyme
11 nov. 2004 à 13:50
11 nov. 2004 à 13:50
redemarres le pc en pressant en meme temps F8mode sans echec
puis rescan avec HJ et coches/fixes ces lignes
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.wanadoo.es&nack=www.wanadoo.es' target='_blank'>www.wanadoo.es&nack=www.wanadoo.es' target='_blank'>http://www.eresmas.com/i2r/login2?to=www.wanadoo.es&nack=www.wanadoo.es
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.welcomehomes.co.uk/lista.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ya.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by W1 research
O1 - Hosts: 81.16.238.101 voxco.w1-research.com
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
ces deux la a fixer et supprimer les fichiers O4 - HKCU\..\RunOnce: [*wininfo] C:\WINDOWS\repair\wininfo.exe rerun
O4 - HKLM\..\RunOnce: [*winmc] C:\WINDOWS\Config\winmc.exe rerun
O4 - HKLM\..\Run: [*wininfo] C:\WINDOWS\Web\wininfo.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ya.com
O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} (ddm_download.ddm_control) - http://bins.dynamicdesktopmedia.com/cab/ddm_control.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = w1-research.com
O17 - HKLM\Software\..\Telephony: DomainName = w1-research.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = w1-research.com,w2.w1-research.com
puis rescan avec HJ et coches/fixes ces lignes
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.wanadoo.es&nack=www.wanadoo.es' target='_blank'>www.wanadoo.es&nack=www.wanadoo.es' target='_blank'>http://www.eresmas.com/i2r/login2?to=www.wanadoo.es&nack=www.wanadoo.es
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.welcomehomes.co.uk/lista.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ya.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by W1 research
O1 - Hosts: 81.16.238.101 voxco.w1-research.com
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
ces deux la a fixer et supprimer les fichiers O4 - HKCU\..\RunOnce: [*wininfo] C:\WINDOWS\repair\wininfo.exe rerun
O4 - HKLM\..\RunOnce: [*winmc] C:\WINDOWS\Config\winmc.exe rerun
O4 - HKLM\..\Run: [*wininfo] C:\WINDOWS\Web\wininfo.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ya.com
O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} (ddm_download.ddm_control) - http://bins.dynamicdesktopmedia.com/cab/ddm_control.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = w1-research.com
O17 - HKLM\Software\..\Telephony: DomainName = w1-research.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = w1-research.com,w2.w1-research.com
zakary
Messages postés
6
Date d'inscription
jeudi 11 novembre 2004
Statut
Membre
Dernière intervention
11 novembre 2004
11 nov. 2004 à 13:57
11 nov. 2004 à 13:57
j'essaie de suite,
merci wael.
merci wael.
zakary
Messages postés
6
Date d'inscription
jeudi 11 novembre 2004
Statut
Membre
Dernière intervention
11 novembre 2004
11 nov. 2004 à 14:21
11 nov. 2004 à 14:21
Bad News,
j'ai redémarré en Safe Mode,
puis fait tourné Hijack, et fixed/removed les lignes en questions.
En redémarrant, je suis toujours aussi lent, et winmc est toujours dans mon gestionnaire de tâches.
Hmmm ? Comment s'appelle mon pb ? un Hijacker, Trojan, Spyware ?
et surtout comment le neutraliser définitivement ?
merci à tous (à Wael en particulier)
zak
j'ai redémarré en Safe Mode,
puis fait tourné Hijack, et fixed/removed les lignes en questions.
En redémarrant, je suis toujours aussi lent, et winmc est toujours dans mon gestionnaire de tâches.
Hmmm ? Comment s'appelle mon pb ? un Hijacker, Trojan, Spyware ?
et surtout comment le neutraliser définitivement ?
merci à tous (à Wael en particulier)
zak
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
11 nov. 2004 à 14:27
11 nov. 2004 à 14:27
termines le processus puis supprimes le fichier winmc ,rehijack et recolles le log ici
zakary
Messages postés
6
Date d'inscription
jeudi 11 novembre 2004
Statut
Membre
Dernière intervention
11 novembre 2004
11 nov. 2004 à 15:07
11 nov. 2004 à 15:07
Ecoute Wael,
j'ai redémarré une nouvelle fois, il y a du mieux.
Je ne vois plus winmc...il se pourrait que tu ais gagné la partie.
Je recolle le log au cas ou !
Dis-moi un truc, comment me protéger à l'avenir contre l'invasion de ces bestioles, et quel antivirus devrai-je faire tourner selon toi ?
Merci encore pour ton aide, et ta patience.
Je pense qu'on est presque bon...
Logfile of HijackThis v1.98.2
Scan saved at 2:55:21 , on 11/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Adobe\Acrobat 5.0\SealedMedia\sealmon.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\WinDVD4PR\WinScheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ACT\SideACT.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Telefonica\Kit ADSL USB\dslmon.exe
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\WINDOWS\repair\asmain.exe
C:\DOCUME~1\SMALKA~1.000\LOCALS~1\Temp\bkinst.exe
C:\WINDOWS\Config\bakdll.exe
C:\Documents and Settings\smalka.W1-RESEARCH.000\My Documents\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.wanadoo.es&nack=www.wanadoo.es' target='_blank'>http://www.eresmas.com/i2r/login2?to=www.wanadoo.es&nack=www.wanadoo.es
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.welcomehomes.co.uk/lista.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by W1 research
O1 - Hosts: 81.16.238.101 voxco.w1-research.com
O2 - BHO: CATLEvents Object - {55E301E5-BA44-4095-BB0B-14E0123CCF71} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cmniw.dat
O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:\DOCUME~1\SMALKA~1.000\LOCALS~1\Temp\4dpUswodniW.dat
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CATLEvents Object - {ED5ABC42-8E4F-4C39-9972-F0CF619D672F} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\yalpcca.dat
O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\DOCUME~1\SMALKA~1.000\LOCALS~1\Temp\4dpUswodniW.dat
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sealmon] C:\Program Files\Adobe\Acrobat 5.0\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\WindowsUpd4.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [*WindowsUpd4] C:\WINDOWS\WindowsUpd4.exe
O4 - HKLM\..\Run: [*drvsvc] C:\WINDOWS\Config\drvsvc.exe
O4 - HKLM\..\Run: [*wwms] C:\WINDOWS\Tasks\wwms.exe
O4 - HKLM\..\Run: [*taskdvd] C:\WINDOWS\Driver Cache\taskdvd.exe
O4 - HKLM\..\Run: [*dvdvss] C:\WINDOWS\AppPatch\dvdvss.exe
O4 - HKLM\..\Run: [*infoinet] C:\WINDOWS\Config\infoinet.exe
O4 - HKLM\..\Run: [*logdrv] C:\WINDOWS\Fonts\logdrv.exe
O4 - HKLM\..\Run: [*apnet] C:\WINDOWS\Driver Cache\apnet.exe
O4 - HKLM\..\RunOnce: [*winmc] C:\WINDOWS\Config\winmc.exe rerun
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\RunOnce: [*WinLogon] C:\DOCUME~1\SMALKA~1.000\LOCALS~1\Temp\bkinst.exe ren time:1100181024
O4 - HKCU\..\RunOnce: [*bakdll] C:\WINDOWS\Config\bakdll.exe rerun
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\WinDVD4PR\WinScheduler.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Consola KIT ADSL.lnk = ?
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4FCFF034-6F56-4D65-8C31-70D98C475428} (ddm_download.ddm_control) - http://bins.dynamicdesktopmedia.com/cab/crack.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = w1-research.com
O17 - HKLM\Software\..\Telephony: DomainName = w1-research.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{92994AE8-C603-4F9B-840F-4E44DE1D53BD}: NameServer = 10.15.10.3,10.15.10.2,10.15.10.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = w1-research.com,w2.w1-research.com
j'ai redémarré une nouvelle fois, il y a du mieux.
Je ne vois plus winmc...il se pourrait que tu ais gagné la partie.
Je recolle le log au cas ou !
Dis-moi un truc, comment me protéger à l'avenir contre l'invasion de ces bestioles, et quel antivirus devrai-je faire tourner selon toi ?
Merci encore pour ton aide, et ta patience.
Je pense qu'on est presque bon...
Logfile of HijackThis v1.98.2
Scan saved at 2:55:21 , on 11/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Adobe\Acrobat 5.0\SealedMedia\sealmon.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\WinDVD4PR\WinScheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ACT\SideACT.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Telefonica\Kit ADSL USB\dslmon.exe
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\WINDOWS\repair\asmain.exe
C:\DOCUME~1\SMALKA~1.000\LOCALS~1\Temp\bkinst.exe
C:\WINDOWS\Config\bakdll.exe
C:\Documents and Settings\smalka.W1-RESEARCH.000\My Documents\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.wanadoo.es&nack=www.wanadoo.es' target='_blank'>http://www.eresmas.com/i2r/login2?to=www.wanadoo.es&nack=www.wanadoo.es
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.welcomehomes.co.uk/lista.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by W1 research
O1 - Hosts: 81.16.238.101 voxco.w1-research.com
O2 - BHO: CATLEvents Object - {55E301E5-BA44-4095-BB0B-14E0123CCF71} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cmniw.dat
O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:\DOCUME~1\SMALKA~1.000\LOCALS~1\Temp\4dpUswodniW.dat
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CATLEvents Object - {ED5ABC42-8E4F-4C39-9972-F0CF619D672F} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\yalpcca.dat
O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\DOCUME~1\SMALKA~1.000\LOCALS~1\Temp\4dpUswodniW.dat
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sealmon] C:\Program Files\Adobe\Acrobat 5.0\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\WindowsUpd4.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [*WindowsUpd4] C:\WINDOWS\WindowsUpd4.exe
O4 - HKLM\..\Run: [*drvsvc] C:\WINDOWS\Config\drvsvc.exe
O4 - HKLM\..\Run: [*wwms] C:\WINDOWS\Tasks\wwms.exe
O4 - HKLM\..\Run: [*taskdvd] C:\WINDOWS\Driver Cache\taskdvd.exe
O4 - HKLM\..\Run: [*dvdvss] C:\WINDOWS\AppPatch\dvdvss.exe
O4 - HKLM\..\Run: [*infoinet] C:\WINDOWS\Config\infoinet.exe
O4 - HKLM\..\Run: [*logdrv] C:\WINDOWS\Fonts\logdrv.exe
O4 - HKLM\..\Run: [*apnet] C:\WINDOWS\Driver Cache\apnet.exe
O4 - HKLM\..\RunOnce: [*winmc] C:\WINDOWS\Config\winmc.exe rerun
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\RunOnce: [*WinLogon] C:\DOCUME~1\SMALKA~1.000\LOCALS~1\Temp\bkinst.exe ren time:1100181024
O4 - HKCU\..\RunOnce: [*bakdll] C:\WINDOWS\Config\bakdll.exe rerun
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\WinDVD4PR\WinScheduler.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Consola KIT ADSL.lnk = ?
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar_en_2.0.111-deleon.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4FCFF034-6F56-4D65-8C31-70D98C475428} (ddm_download.ddm_control) - http://bins.dynamicdesktopmedia.com/cab/crack.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = w1-research.com
O17 - HKLM\Software\..\Telephony: DomainName = w1-research.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{92994AE8-C603-4F9B-840F-4E44DE1D53BD}: NameServer = 10.15.10.3,10.15.10.2,10.15.10.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = w1-research.com,w2.w1-research.com
Utilisateur anonyme
11 nov. 2004 à 15:22
11 nov. 2004 à 15:22
refixes ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.wanadoo.es&nack=www.wanadoo.es' target='_blank'>http://www.eresmas.com/i2r/login2?to=www.wanadoo.es&nack=www.wanadoo.es
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.welcomehomes.co.uk/lista.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by W1 research
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = w1-research.com,w2.w1-research.com
et refais un scan de verif ici http://www.pandasoftware.com/activescan/fr/activescan_principal.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.wanadoo.es&nack=www.wanadoo.es' target='_blank'>http://www.eresmas.com/i2r/login2?to=www.wanadoo.es&nack=www.wanadoo.es
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.welcomehomes.co.uk/lista.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by W1 research
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = w1-research.com,w2.w1-research.com
et refais un scan de verif ici http://www.pandasoftware.com/activescan/fr/activescan_principal.htm