Quelqu'un pr analyser mon rapport Hijack This
Megan
-
DW -
DW -
salut!
voici mon rapport, merci mille fois a celui ou celle qui voudra bien me l'analyser et m'aider a faire le ménage!
Meg
Logfile of HijackThis v1.97.7
Scan saved at 11:49:50, on 25/11/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\EMULE\EMULE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\MES DOCUMENTS\TéLéCHARGEMENTS NET\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://adsl.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
voici mon rapport, merci mille fois a celui ou celle qui voudra bien me l'analyser et m'aider a faire le ménage!
Meg
Logfile of HijackThis v1.97.7
Scan saved at 11:49:50, on 25/11/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\EMULE\EMULE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\MES DOCUMENTS\TéLéCHARGEMENTS NET\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://adsl.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
A voir également:
- Quelqu'un pr analyser mon rapport Hijack This
- Hijack this - Télécharger - Antivirus & Antimalwares
- Plan rapport de stage - Guide
- Analyser disque dur externe - Guide
- Analyser clé usb - Guide
- Image analyser - Télécharger - Photo & Graphisme
42 réponses
oui salut teddy
j ai passer un petit moment dessus
mais c est pas gagner si il ne respecte pas stictement se que j ai mis lol
j ai passer un petit moment dessus
mais c est pas gagner si il ne respecte pas stictement se que j ai mis lol
Re Balltrap
Apparement nous pouvons vraiement conseiller :
http://www.adwareaway.com/
Pour les probleme de type SEARChWEB,ABOUTBLANK...etc.....les premiere remontés sont positives
Apparement nous pouvons vraiement conseiller :
http://www.adwareaway.com/
Pour les probleme de type SEARChWEB,ABOUTBLANK...etc.....les premiere remontés sont positives
Merci balltrapp34, je m'y mets mais avec un peu d'apprehension étant vraiment neophite.
Syboot et adware je les avait déja , je cmmence par telecharger les autres,
A plus encore merci.
Syboot et adware je les avait déja , je cmmence par telecharger les autres,
A plus encore merci.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Je viens de tout faire, à priori dans le bon ordre.
Tu es une genie...
Je n'ai plus de fenetres intemestive's pour l'instant, j'ai refait un hijackthis, il reste encore deux nouvelels lignes 015 et la premiere ligne 023 Ati HotKey Poller qui ne me dit rien.
Qu'en penses tu ?
Logfile of HijackThis v1.99.0
Scan saved at 16:48:51, on 28/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\cdman.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\DW\Mes documents\Unzipped\hijackthis\HijackThis.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [cdman.exe] "C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\cdman.exe" /startup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GW Port Controller] C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: IAA Event Monitor - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: MSSQL$MICROSOFTBCM - Unknown - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Tu es une genie...
Je n'ai plus de fenetres intemestive's pour l'instant, j'ai refait un hijackthis, il reste encore deux nouvelels lignes 015 et la premiere ligne 023 Ati HotKey Poller qui ne me dit rien.
Qu'en penses tu ?
Logfile of HijackThis v1.99.0
Scan saved at 16:48:51, on 28/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\cdman.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\DW\Mes documents\Unzipped\hijackthis\HijackThis.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [cdman.exe] "C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\cdman.exe" /startup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GW Port Controller] C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: IAA Event Monitor - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: MSSQL$MICROSOFTBCM - Unknown - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
la 023 tu laisse
relance hijack
coche les 015
et ensuite repasse ceci
http://mvps.org/winhelp2002/DelDomains.inf
tu fait clik droit dessus et executer
cela devrait remettre comme il faut la zone de securite
la redemarre et nouvele hj pour voir
relance hijack
coche les 015
et ensuite repasse ceci
http://mvps.org/winhelp2002/DelDomains.inf
tu fait clik droit dessus et executer
cela devrait remettre comme il faut la zone de securite
la redemarre et nouvele hj pour voir
J'avais deja cliqué sur ce lien mais ca me donne seulement un fichier texte et pas un programme. Encore merci.
DelDomains.inf
; Created by: Mike Burgess Microsoft MVP
; http://mvps.org/winhelp2002/
;
; Warning: Deletes all entries in the Restricted & Trusted Zone list
;
; To execute this file: in Explorer - right-click (this file)
; Select Install from the Menu.
[version]
signature="$CHICAGO$"
[DefaultInstall]
DelReg=DelTemps
AddReg=AddTemps
[DelTemps]
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
; Recreate the keys to avoid a restart
[AddTemps]
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
DelDomains.inf
; Created by: Mike Burgess Microsoft MVP
; http://mvps.org/winhelp2002/
;
; Warning: Deletes all entries in the Restricted & Trusted Zone list
;
; To execute this file: in Explorer - right-click (this file)
; Select Install from the Menu.
[version]
signature="$CHICAGO$"
[DefaultInstall]
DelReg=DelTemps
AddReg=AddTemps
[DelTemps]
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
; Recreate the keys to avoid a restart
[AddTemps]
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
en utilisant le lien que vous m'avez donné , j'ai juste telechargé
un fichier bloc note de 2 ko intitulé informations de configurations, en faisant un clic droit et cliquant sur insatller il ne se passe
strictement rien.
un fichier bloc note de 2 ko intitulé informations de configurations, en faisant un clic droit et cliquant sur insatller il ne se passe
strictement rien.
c'est normal, si tu as bien cliquer sur installer les ligne 015 ne devraient plus apparaitre dans hijackthis, tu as vérifié?
Je viens de verifier, il n'y a plus aucune ligne 015 pour l'instant.
La seule chose qui reste c'est les favoris"sites about" et autres dans le meme gennre, je les supprime et ils reviennenet à chauqe fois
La seule chose qui reste c'est les favoris"sites about" et autres dans le meme gennre, je les supprime et ils reviennenet à chauqe fois
salut
telecharge:
- CWShredder:
http://cwshredder.net/bin/CWShredder.exe
Mettre a jour (update), puis fermer tout les programmes(surtout IE) en cours et clic sur FIX
ensuite fais un scan ici et poste le resutat:
http://www.ravantivirus.com/scan/
a+
telecharge:
- CWShredder:
http://cwshredder.net/bin/CWShredder.exe
Mettre a jour (update), puis fermer tout les programmes(surtout IE) en cours et clic sur FIX
ensuite fais un scan ici et poste le resutat:
http://www.ravantivirus.com/scan/
a+
Encore merci.
J'ai suivi tes instructions. voila le scan avec ravantivirus.
J'attends tes instructions.
Scan started at 01/03/2003 18:33:40
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-421ef8d2-5d787e2c.class - Trojan:Java/ClassLoader.D -> Infected
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1048df4e-3d5883d9.zip->Beyond.class - TrojanDownloader:Java/OpenConnection.F -> Infected
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-22f4b7fa-16530c63.zip->Beyond.class - TrojanDownloader:Java/OpenConnection.F -> Infected
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0000001.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0000024.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0000027.INF->ADS:lqihat - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP16\A0000420.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP17\A0000429.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP3\A0000139.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\AWMODEM.INF->ADS:lqihat - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\bktdp.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\COMSETUP.LOG->ADS:apxjb - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\IIS6.LOG->ADS:eqabl - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\KB817611.log->ADS:bwgwbz - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\KB835732.log->ADS:slobwo - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\mmgmg.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\nsreg.dat->ADS:bhkusm - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\n_mipelw.txt->ADS:sttjdx - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\OEWABLog.txt->ADS:btrjgx - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\Q811789.LOG->ADS:vwgkvx - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\Q813862.LOG->ADS:npbdwu - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\Q828026.LOG->ADS:btbbya - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SchedLgU.Txt->ADS:gnroqg - Backdoor:Win32/Small.AB -> Infected
C:\WINDOWS\SETUPACT.LOG->ADS:zokbsj - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\smscfg.ini->ADS:mgghbp - Backdoor:Win32/Small.AB -> Infected
C:\WINDOWS\vripo.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\zfcns.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\_DEFAULT.PIF->ADS:nxdfec - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\_DEFAULT.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\gblnu.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\LDPvcoCAP.dll - Trojan:Win32/Startpage.SC -> Infected
C:\WINDOWS\SYSTEM32\lknpx.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\lucbo.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\sbflk.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\ujcdw.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\vdrbw.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
Scanned
============================
Objects: 39588
Directories: 3458
Archives: 2809
Size(Kb): 982816
Infected files: 11
Found
============================
Viruses found: 5
Suspicious files: 25
Disinfected files: 0
Mail files: 49
J'ai suivi tes instructions. voila le scan avec ravantivirus.
J'attends tes instructions.
Scan started at 01/03/2003 18:33:40
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-421ef8d2-5d787e2c.class - Trojan:Java/ClassLoader.D -> Infected
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1048df4e-3d5883d9.zip->Beyond.class - TrojanDownloader:Java/OpenConnection.F -> Infected
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-22f4b7fa-16530c63.zip->Beyond.class - TrojanDownloader:Java/OpenConnection.F -> Infected
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0000001.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0000024.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0000027.INF->ADS:lqihat - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP16\A0000420.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP17\A0000429.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP3\A0000139.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\AWMODEM.INF->ADS:lqihat - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\bktdp.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\COMSETUP.LOG->ADS:apxjb - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\IIS6.LOG->ADS:eqabl - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\KB817611.log->ADS:bwgwbz - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\KB835732.log->ADS:slobwo - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\mmgmg.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\nsreg.dat->ADS:bhkusm - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\n_mipelw.txt->ADS:sttjdx - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\OEWABLog.txt->ADS:btrjgx - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\Q811789.LOG->ADS:vwgkvx - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\Q813862.LOG->ADS:npbdwu - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\Q828026.LOG->ADS:btbbya - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SchedLgU.Txt->ADS:gnroqg - Backdoor:Win32/Small.AB -> Infected
C:\WINDOWS\SETUPACT.LOG->ADS:zokbsj - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\smscfg.ini->ADS:mgghbp - Backdoor:Win32/Small.AB -> Infected
C:\WINDOWS\vripo.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\zfcns.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\_DEFAULT.PIF->ADS:nxdfec - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\_DEFAULT.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\gblnu.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\LDPvcoCAP.dll - Trojan:Win32/Startpage.SC -> Infected
C:\WINDOWS\SYSTEM32\lknpx.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\lucbo.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\sbflk.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\ujcdw.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\vdrbw.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
Scanned
============================
Objects: 39588
Directories: 3458
Archives: 2809
Size(Kb): 982816
Infected files: 11
Found
============================
Viruses found: 5
Suspicious files: 25
Disinfected files: 0
Mail files: 49
Logfile of HijackThis v1.99.1
Scan saved at 16:50:51, on 01/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\program files\altnet\points manager\points manager.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\All Users\Office\OSA.EXE
C:\Documents and Settings\All Users\Office\FINDFAST.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\All Users\Office\FINDFAST.EXE
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50007
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50007
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50007
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - (no file)
O2 - BHO: (no name) - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)
O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {827B464D-9D0B-7CBE-3ADD-A29117EE2311} - (no file)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll (file missing)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E4E71345-67F2-0019-C3C5-D0AB90344351} - (no file)
O2 - BHO: (no name) - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - (no file)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {071A98E7-E154-66D2-DF82-629AD7241FB6} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [shhost] C:\Program Files\OutLaster\shhost.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [I/O Controllers] svcnet.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [ADMINMP3LIESONCE] C:\Documents and Settings\All Users\Application Data\Peak Size Admin Mp3\corn mfcd.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.6.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [wbazqh] C:\WINDOWS\wbazqh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [SearchEnhancement] "C:\Program Files\scbar\v9\scbar.exe" /H
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [rwd] C:\WINDOWS\rwd.exe
O4 - HKLM\..\Run: [PZCMX] C:\WINDOWS\PZCMX.exe
O4 - HKLM\..\Run: [pwt] C:\WINDOWS\pwt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Tray] C:\My Downloads\Pokemon Advance ROM.exe
O4 - HKLM\..\Run: [Logo Hide] C:\PROGRA~1\ChicDefy\armymess.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Démarrage d'Office.lnk = C:\Documents and Settings\All Users\Office\OSA.EXE
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Documents and Settings\All Users\Office\FINDFAST.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_pep.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} - http://images.goa.com/v3/InstallGoaIT/Itpp/V2,0,1,6/npwwg.cab
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bargain-buddy.net/download/bargain_buddy/cab/installer_MEDIAWHIZ5.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/GamesUnlimited/ie/bridge-c7.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,76/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} - http://esb.alcena.com/ESBAdultInstaller.ocx
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/nike/nikefz4/install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://205.177.28.163/access/download/1018823.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4364/mcfscan.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} - http://www.sponsoradulto.com/fr/SysWebTelecom.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - http://by20fd.bay20.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/v3/InstallGoaIT/ChatAx/V4,0,5,4/npaxchat.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common files\WinTools\WToolsS.exe
voici mon rapport hijack this et je voudrais savoir si quelqu'un pourrait me l'analyser car j'y comprend rien merci pour votre aide
Scan saved at 16:50:51, on 01/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\program files\altnet\points manager\points manager.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\All Users\Office\OSA.EXE
C:\Documents and Settings\All Users\Office\FINDFAST.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\All Users\Office\FINDFAST.EXE
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50007
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50007
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50007
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - (no file)
O2 - BHO: (no name) - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)
O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {827B464D-9D0B-7CBE-3ADD-A29117EE2311} - (no file)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll (file missing)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E4E71345-67F2-0019-C3C5-D0AB90344351} - (no file)
O2 - BHO: (no name) - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - (no file)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {071A98E7-E154-66D2-DF82-629AD7241FB6} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [shhost] C:\Program Files\OutLaster\shhost.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [I/O Controllers] svcnet.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [ADMINMP3LIESONCE] C:\Documents and Settings\All Users\Application Data\Peak Size Admin Mp3\corn mfcd.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.6.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [wbazqh] C:\WINDOWS\wbazqh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [SearchEnhancement] "C:\Program Files\scbar\v9\scbar.exe" /H
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [rwd] C:\WINDOWS\rwd.exe
O4 - HKLM\..\Run: [PZCMX] C:\WINDOWS\PZCMX.exe
O4 - HKLM\..\Run: [pwt] C:\WINDOWS\pwt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Tray] C:\My Downloads\Pokemon Advance ROM.exe
O4 - HKLM\..\Run: [Logo Hide] C:\PROGRA~1\ChicDefy\armymess.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Démarrage d'Office.lnk = C:\Documents and Settings\All Users\Office\OSA.EXE
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Documents and Settings\All Users\Office\FINDFAST.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_pep.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} - http://images.goa.com/v3/InstallGoaIT/Itpp/V2,0,1,6/npwwg.cab
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bargain-buddy.net/download/bargain_buddy/cab/installer_MEDIAWHIZ5.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/GamesUnlimited/ie/bridge-c7.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,76/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} - http://esb.alcena.com/ESBAdultInstaller.ocx
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/nike/nikefz4/install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://205.177.28.163/access/download/1018823.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4364/mcfscan.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} - http://www.sponsoradulto.com/fr/SysWebTelecom.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - http://by20fd.bay20.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/v3/InstallGoaIT/ChatAx/V4,0,5,4/npaxchat.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common files\WinTools\WToolsS.exe
voici mon rapport hijack this et je voudrais savoir si quelqu'un pourrait me l'analyser car j'y comprend rien merci pour votre aide
MESSAGE POUR MOE
Encore merci.
J'ai suivi tes instructions. voila le scan avec ravantivirus.
J'attends tes instructions.
Scan started at 01/03/2003 18:33:40
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-421ef8d2-5d787e2c.class - Trojan:Java/ClassLoader.D -> Infected
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1048df4e-3d5883d9.zip->Beyond.class - TrojanDownloader:Java/OpenConnection.F -> Infected
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-22f4b7fa-16530c63.zip->Beyond.class - TrojanDownloader:Java/OpenConnection.F -> Infected
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0000001.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0000024.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0000027.INF->ADS:lqihat - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP16\A0000420.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP17\A0000429.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP3\A0000139.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\AWMODEM.INF->ADS:lqihat - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\bktdp.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\COMSETUP.LOG->ADS:apxjb - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\IIS6.LOG->ADS:eqabl - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\KB817611.log->ADS:bwgwbz - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\KB835732.log->ADS:slobwo - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\mmgmg.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\nsreg.dat->ADS:bhkusm - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\n_mipelw.txt->ADS:sttjdx - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\OEWABLog.txt->ADS:btrjgx - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\Q811789.LOG->ADS:vwgkvx - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\Q813862.LOG->ADS:npbdwu - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\Q828026.LOG->ADS:btbbya - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SchedLgU.Txt->ADS:gnroqg - Backdoor:Win32/Small.AB -> Infected
C:\WINDOWS\SETUPACT.LOG->ADS:zokbsj - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\smscfg.ini->ADS:mgghbp - Backdoor:Win32/Small.AB -> Infected
C:\WINDOWS\vripo.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\zfcns.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\_DEFAULT.PIF->ADS:nxdfec - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\_DEFAULT.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\gblnu.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\LDPvcoCAP.dll - Trojan:Win32/Startpage.SC -> Infected
C:\WINDOWS\SYSTEM32\lknpx.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\lucbo.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\sbflk.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\ujcdw.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\vdrbw.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
Scanned
============================
Objects: 39588
Directories: 3458
Archives: 2809
Size(Kb): 982816
Infected files: 11
Found
============================
Viruses found: 5
Suspicious files: 25
Disinfected files: 0
Mail files: 49
Encore merci.
J'ai suivi tes instructions. voila le scan avec ravantivirus.
J'attends tes instructions.
Scan started at 01/03/2003 18:33:40
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-421ef8d2-5d787e2c.class - Trojan:Java/ClassLoader.D -> Infected
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1048df4e-3d5883d9.zip->Beyond.class - TrojanDownloader:Java/OpenConnection.F -> Infected
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-22f4b7fa-16530c63.zip->Beyond.class - TrojanDownloader:Java/OpenConnection.F -> Infected
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0000001.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0000024.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0000027.INF->ADS:lqihat - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP16\A0000420.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP17\A0000429.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP3\A0000139.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\AWMODEM.INF->ADS:lqihat - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\bktdp.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\COMSETUP.LOG->ADS:apxjb - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\IIS6.LOG->ADS:eqabl - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\KB817611.log->ADS:bwgwbz - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\KB835732.log->ADS:slobwo - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\mmgmg.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\nsreg.dat->ADS:bhkusm - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\n_mipelw.txt->ADS:sttjdx - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\OEWABLog.txt->ADS:btrjgx - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\Q811789.LOG->ADS:vwgkvx - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\Q813862.LOG->ADS:npbdwu - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\Q828026.LOG->ADS:btbbya - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SchedLgU.Txt->ADS:gnroqg - Backdoor:Win32/Small.AB -> Infected
C:\WINDOWS\SETUPACT.LOG->ADS:zokbsj - TrojanDownloader:Win32/Small.AAG -> Infected
C:\WINDOWS\smscfg.ini->ADS:mgghbp - Backdoor:Win32/Small.AB -> Infected
C:\WINDOWS\vripo.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\zfcns.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\_DEFAULT.PIF->ADS:nxdfec - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\_DEFAULT.PIF->ADS:frptad - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\gblnu.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\LDPvcoCAP.dll - Trojan:Win32/Startpage.SC -> Infected
C:\WINDOWS\SYSTEM32\lknpx.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\lucbo.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\sbflk.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\ujcdw.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\vdrbw.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
Scanned
============================
Objects: 39588
Directories: 3458
Archives: 2809
Size(Kb): 982816
Infected files: 11
Found
============================
Viruses found: 5
Suspicious files: 25
Disinfected files: 0
Mail files: 49
salut
Va falloir nettoyer tout ca !!
- désactive la restauration systéme:
Clic droit sur poste de travail > propriétés > onglet restauration système puis cocher "désactiver la restauration système".
- Redémarre en mode sans échec en appuyant sur la touche F8 au démarrage de ton PC(apres l'ecran du bios)
- Afficher les dossiers cachés et fichiers système:
panneau de configuration > options des dossiers > onglet affichage
cocher " afficher les fichiers et dossiers cachés "
décocher " masquer les extentions des fichiers dont le type est connu
décocher " masquer les fichiers protégés du système"
Recherche et supprime les fichiers en gras:
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-421ef8d2-5d787e2c.class
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1048df4e-3d5883d9.zipC:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-22f4b7fa-16530c63.zip
C:\WINDOWS\AWMODEM.INF
C:\WINDOWS\bktdp.dll
C:\WINDOWS\COMSETUP.LOG
C:\WINDOWS\IIS6.LOGC:\WINDOWS\KB817611.log
C:\WINDOWS\KB835732.log
C:\WINDOWS\mmgmg.dll
C:\WINDOWS\nsreg.dat
C:\WINDOWS\n_mipelw.txt
C:\WINDOWS\OEWABLog.txt
C:\WINDOWS\Q811789.LOG
C:\WINDOWS\Q813862.LOG
C:\WINDOWS\Q828026.LOG
C:\WINDOWS\SchedLgU.Txt
C:\WINDOWS\SETUPACT.LOG
C:\WINDOWS\smscfg.ini
C:\WINDOWS\vripo.dll
C:\WINDOWS\zfcns.dll
C:\WINDOWS\_DEFAULT.PIF
C:\WINDOWS\_DEFAULT.PIF
C:\WINDOWS\SYSTEM32\gblnu.dll
C:\WINDOWS\SYSTEM32\LDPvcoCAP.dll
C:\WINDOWS\SYSTEM32\lknpx.dll
C:\WINDOWS\SYSTEM32\lucbo.dll C:\WINDOWS\SYSTEM32\sbflk.dll
C:\WINDOWS\SYSTEM32\ujcdw.dll
C:\WINDOWS\SYSTEM32\vdrbw.dll
Ceux situes dans C:\System Volume Information seront automatiquement éffacés lorsque tu désactivera la restauration systeme.
Une fois supprimes refait un scan chez RAVantivirus pour vérifier
a+ et bonne chasse lol
Va falloir nettoyer tout ca !!
- désactive la restauration systéme:
Clic droit sur poste de travail > propriétés > onglet restauration système puis cocher "désactiver la restauration système".
- Redémarre en mode sans échec en appuyant sur la touche F8 au démarrage de ton PC(apres l'ecran du bios)
- Afficher les dossiers cachés et fichiers système:
panneau de configuration > options des dossiers > onglet affichage
cocher " afficher les fichiers et dossiers cachés "
décocher " masquer les extentions des fichiers dont le type est connu
décocher " masquer les fichiers protégés du système"
Recherche et supprime les fichiers en gras:
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-421ef8d2-5d787e2c.class
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1048df4e-3d5883d9.zipC:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-22f4b7fa-16530c63.zip
C:\WINDOWS\AWMODEM.INF
C:\WINDOWS\bktdp.dll
C:\WINDOWS\COMSETUP.LOG
C:\WINDOWS\IIS6.LOGC:\WINDOWS\KB817611.log
C:\WINDOWS\KB835732.log
C:\WINDOWS\mmgmg.dll
C:\WINDOWS\nsreg.dat
C:\WINDOWS\n_mipelw.txt
C:\WINDOWS\OEWABLog.txt
C:\WINDOWS\Q811789.LOG
C:\WINDOWS\Q813862.LOG
C:\WINDOWS\Q828026.LOG
C:\WINDOWS\SchedLgU.Txt
C:\WINDOWS\SETUPACT.LOG
C:\WINDOWS\smscfg.ini
C:\WINDOWS\vripo.dll
C:\WINDOWS\zfcns.dll
C:\WINDOWS\_DEFAULT.PIF
C:\WINDOWS\_DEFAULT.PIF
C:\WINDOWS\SYSTEM32\gblnu.dll
C:\WINDOWS\SYSTEM32\LDPvcoCAP.dll
C:\WINDOWS\SYSTEM32\lknpx.dll
C:\WINDOWS\SYSTEM32\lucbo.dll C:\WINDOWS\SYSTEM32\sbflk.dll
C:\WINDOWS\SYSTEM32\ujcdw.dll
C:\WINDOWS\SYSTEM32\vdrbw.dll
Ceux situes dans C:\System Volume Information seront automatiquement éffacés lorsque tu désactivera la restauration systeme.
Une fois supprimes refait un scan chez RAVantivirus pour vérifier
a+ et bonne chasse lol
Rebonjour,
J'ai suivi tes instructions, il reste encore tout ca :
Scan started at 02/03/2005 11:23:33
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-34d1332c-251b968d.zip->Beyond.class - TrojanDownloader:Java/OpenConnection.F -> Infected
C:\WINDOWS\SSDEF16.INI->ADS:vdvikp - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\TSOC.LOG->ADS:auumba - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\wininit.ini->ADS:eelikz - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\xcnyt.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\ywiik.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\zokbs.log->ADS:tlxrws - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\adtny.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\fmgqr.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\mmpdd.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\oohtx.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\pliix.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
Scanned
============================
Objects: 38420
Directories: 3373
Archives: 2808
Size(Kb): -866869
Infected files: 1
Found
============================
Viruses found: 1
Suspicious files: 11
Disinfected files: 0
Mail files: 47
J'ai suivi tes instructions, il reste encore tout ca :
Scan started at 02/03/2005 11:23:33
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-34d1332c-251b968d.zip->Beyond.class - TrojanDownloader:Java/OpenConnection.F -> Infected
C:\WINDOWS\SSDEF16.INI->ADS:vdvikp - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\TSOC.LOG->ADS:auumba - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\wininit.ini->ADS:eelikz - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\xcnyt.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\ywiik.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\zokbs.log->ADS:tlxrws - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\adtny.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\fmgqr.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\mmpdd.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\oohtx.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\pliix.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
Scanned
============================
Objects: 38420
Directories: 3373
Archives: 2808
Size(Kb): -866869
Infected files: 1
Found
============================
Viruses found: 1
Suspicious files: 11
Disinfected files: 0
Mail files: 47
salut dw
Ben, il en reste encore..
Toujours pareil:
- désactive la restauration systéme:
Clic droit sur poste de travail > propriétés > onglet restauration système puis cocher "désactiver la restauration système".
- Redémarre en mode sans échec en appuyant sur la touche F8 au démarrage de ton PC(apres l'ecran du bios)
- Afficher les dossiers cachés et fichiers système:
panneau de configuration > options des dossiers > onglet affichage
cocher " afficher les fichiers et dossiers cachés "
décocher " masquer les extentions des fichiers dont le type est connu
décocher " masquer les fichiers protégés du système"
Recherche et supprime les fichiers en gras
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar <= supprime tout se qui est a l'interieur
C:\WINDOWS\SSDEF16.INI
C:\WINDOWS\TSOC.LOG
C:\WINDOWS\wininit.ini
C:\WINDOWS\xcnyt.dll
C:\WINDOWS\ywiik.dll
C:\WINDOWS\zokbs.log
C:\WINDOWS\SYSTEM32\adtny.dll
C:\WINDOWS\SYSTEM32\fmgqr.dll
C:\WINDOWS\SYSTEM32\mmpdd.dll
C:\WINDOWS\SYSTEM32\oohtx.dll
C:\WINDOWS\SYSTEM32\pliix.dll
Vide la poubelle
Une fois que tu as tout supprimé refait un scan chez RAVantivirus pour vérifier
Ben, il en reste encore..
Toujours pareil:
- désactive la restauration systéme:
Clic droit sur poste de travail > propriétés > onglet restauration système puis cocher "désactiver la restauration système".
- Redémarre en mode sans échec en appuyant sur la touche F8 au démarrage de ton PC(apres l'ecran du bios)
- Afficher les dossiers cachés et fichiers système:
panneau de configuration > options des dossiers > onglet affichage
cocher " afficher les fichiers et dossiers cachés "
décocher " masquer les extentions des fichiers dont le type est connu
décocher " masquer les fichiers protégés du système"
Recherche et supprime les fichiers en gras
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar <= supprime tout se qui est a l'interieur
C:\WINDOWS\SSDEF16.INI
C:\WINDOWS\TSOC.LOG
C:\WINDOWS\wininit.ini
C:\WINDOWS\xcnyt.dll
C:\WINDOWS\ywiik.dll
C:\WINDOWS\zokbs.log
C:\WINDOWS\SYSTEM32\adtny.dll
C:\WINDOWS\SYSTEM32\fmgqr.dll
C:\WINDOWS\SYSTEM32\mmpdd.dll
C:\WINDOWS\SYSTEM32\oohtx.dll
C:\WINDOWS\SYSTEM32\pliix.dll
Vide la poubelle
Une fois que tu as tout supprimé refait un scan chez RAVantivirus pour vérifier
J'ai tout refait et il reste encore ca
Scan started at 03/03/2005 10:04:02
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-16240bfa-664667c5.zip->Beyond.class - TrojanDownloader:Java/OpenConnection.F -> Infected
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-34d1332c-251b968d.zip->Beyond.class - TrojanDownloader:Java/OpenConnection.F -> Infected
C:\WINDOWS\xcnyt.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\adtny.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
Scanned
============================
Objects: 38545
Directories: 3380
Archives: 2809
Size(Kb): -1304107
Infected files: 2
Found
============================
Viruses found: 1
Suspicious files: 2
Disinfected files: 0
Mail files: 51
Scan started at 03/03/2005 10:04:02
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-16240bfa-664667c5.zip->Beyond.class - TrojanDownloader:Java/OpenConnection.F -> Infected
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-34d1332c-251b968d.zip->Beyond.class - TrojanDownloader:Java/OpenConnection.F -> Infected
C:\WINDOWS\xcnyt.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\SYSTEM32\adtny.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
Scanned
============================
Objects: 38545
Directories: 3380
Archives: 2809
Size(Kb): -1304107
Infected files: 2
Found
============================
Viruses found: 1
Suspicious files: 2
Disinfected files: 0
Mail files: 51
salut DW
Un peu moins ce coup ci mais c'est pas encore ca lol
rend visible les fichiers cachés et systeme dans les options des dossiers.
puis supprime:
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache <=Vide tout le contenu(fichiers et dossiers)
C:\WINDOWS\xcnyt.dll
C:\WINDOWS\SYSTEM32\adtny.dll
vide ta poubelle
Ensuite, scan chez rav pour s'assurer que tout est ok
a+
Un peu moins ce coup ci mais c'est pas encore ca lol
rend visible les fichiers cachés et systeme dans les options des dossiers.
puis supprime:
C:\Documents and Settings\DW\Application Data\Sun\Java\Deployment\cache <=Vide tout le contenu(fichiers et dossiers)
C:\WINDOWS\xcnyt.dll
C:\WINDOWS\SYSTEM32\adtny.dll
vide ta poubelle
Ensuite, scan chez rav pour s'assurer que tout est ok
a+
