Kelk1 connai ldpinch.bj??
laurent
-
Laurent -
Laurent -
slt a tous jai chopé une merde qui sapel crss.exe
mon anti virus panda me le trouve sous le nom
de ldpinch.bj et jai u bo tt fair!!il ne part pa!!
jai fait!!adaware,spybot,Geant jai meme fait
une dizaine d'anti vérole en ligue en vain plus
mise a jour de tt mon systeme!!!!
je décourage un peu surtout que panda me dit
quil a désinfécté le virus mai il revient tt le temp au
démmarage!!
pour info;jai essayé de désactivé la restauration du systeme fair
un scan en mode ss echecs en vain...!si kelk1 aurai une ptite idée!!!
merci!!!
mon anti virus panda me le trouve sous le nom
de ldpinch.bj et jai u bo tt fair!!il ne part pa!!
jai fait!!adaware,spybot,Geant jai meme fait
une dizaine d'anti vérole en ligue en vain plus
mise a jour de tt mon systeme!!!!
je décourage un peu surtout que panda me dit
quil a désinfécté le virus mai il revient tt le temp au
démmarage!!
pour info;jai essayé de désactivé la restauration du systeme fair
un scan en mode ss echecs en vain...!si kelk1 aurai une ptite idée!!!
merci!!!
13 réponses
re'
Télécharge HijackThis ici:
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/29061.html
Poste un log (rapport) ici.
Télécharge HijackThis ici:
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/29061.html
Poste un log (rapport) ici.
En cherchant sur le net je t'ai trouve un site ou il est reference (malheureusement site espagnol) a l adresse suivante
http://alerta-antivirus.red.es/virus/detalle_virus.html?cod=3483
Un bon Troyen est un Troyen M O R T
http://alerta-antivirus.red.es/virus/detalle_virus.html?cod=3483
Un bon Troyen est un Troyen M O R T
salut
donne nous le chemin que t indique ton anti virus afin de savoir
ou il est planquer ton virus
mercie
donne nous le chemin que t indique ton anti virus afin de savoir
ou il est planquer ton virus
mercie
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
là c'est en Fr : http://www.sophos.fr/virusinfo/analyses/trojldpincha.html
mais ils ne disent comment le virer !
le chemin ?
" c:\Documents and Settings\"
mais ils ne disent comment le virer !
le chemin ?
" c:\Documents and Settings\"
La version us/en de sophos donne la solution:
http://www.sophos.com/virusinfo/analyses/trojldpincha.html
http://www.sophos.com/virusinfo/analyses/trojldpincha.html
voila mon log avec spyware remover 8.2 a jour!
Le balayage est en cours d'initialisation 15/01/2005 01:30:53
=================================================
Le balayage de mémoire a commencé
====================
Processus actuellement en cours
#:1 (smss.exe)
Path:\SystemRoot\System32\smss.exe
BasePriority:NORMAL
#:2 (winlogon.exe)
Path:\??\C:\WINDOWS\SYSTEM32\winlogon.exe
BasePriority:HIGH
Build :
OS :-
Description :
Version :
Product Name:
#:3 (services.exe)
Path:C:\WINDOWS\system32\services.exe
BasePriority:NORMAL
FileSize :99 kb
Last accessed :28/08/2001 12:00:00
Build :5.1.2600.0
OS :NT-Win32-Executable
Description :Applications Services et Contrôleur
Version :5.1.2600.0
Product Name:Système d'exploitation Microsoft® Windows®
Path:
Filename: services.exe
Directory: C:\WINDOWS\system32\
Full Path: C:\WINDOWS\system32\services.exe
Date:
Creation Date: mardi, août 28 2001 12:00:00
Modify Date: mardi, août 28 2001 12:00:00
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: Applications Services et Contrôleur
File Version: 5.1.2600.0 (xpclient.010817-1148)
Internal Name: services.exe
Original Filename: services.exe
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.0
Legal Copyright: © Microsoft Corporation. Tous droits réservés.
Misc.:
File Size: 100 KB (101 888 bytes)
File Type: Application
Version: 5.1.0
#:4 (lsass.exe)
Path:C:\WINDOWS\system32\lsass.exe
BasePriority:NORMAL
FileSize :11 kb
Last accessed :29/08/2002 09:45:10
Build :5.1.2600.1106
OS :NT-Win32-DLL
Description :LSA Shell (Export Version)
Version :5.1.2600.1106
Product Name:Microsoft® Windows® Operating System
Path:
Filename: lsass.exe
Directory: C:\WINDOWS\system32\
Full Path: C:\WINDOWS\system32\lsass.exe
Date:
Creation Date: jeudi, août 29 2002 9:45:10
Modify Date: jeudi, août 29 2002 9:45:10
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: LSA Shell (Export Version)
File Version: 5.1.2600.1106 (xpsp1.020828-1920)
Internal Name: lsass.exe
Original Filename: lsass.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.1106
Legal Copyright: © Microsoft Corporation. All rights reserved.
Misc.:
File Size: 12 KB (11 776 bytes)
File Type: DLL Library
Version: 5.1.1106
#:5 (svchost.exe)
Path:C:\WINDOWS\system32\svchost.exe
BasePriority:NORMAL
FileSize :12 kb
Last accessed :28/08/2001 12:00:00
Build :5.1.2600.0
OS :NT-Win32-Executable
Description :Generic Host Process for Win32 Services
Version :5.1.2600.0
Product Name:Microsoft® Windows® Operating System
Path:
Filename: svchost.exe
Directory: C:\WINDOWS\system32\
Full Path: C:\WINDOWS\system32\svchost.exe
Date:
Creation Date: mardi, août 28 2001 12:00:00
Modify Date: mardi, août 28 2001 12:00:00
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.0 (xpclient.010817-1148)
Internal Name: svchost.exe
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.0
Legal Copyright: © Microsoft Corporation. All rights reserved.
Misc.:
File Size: 13 KB (12 800 bytes)
File Type: Application
Version: 5.1.0
#:6 (svchost.exe)
Path:C:\WINDOWS\system32\svchost.exe
BasePriority:NORMAL
FileSize :12 kb
Last accessed :28/08/2001 12:00:00
Build :5.1.2600.0
OS :NT-Win32-Executable
Description :Generic Host Process for Win32 Services
Version :5.1.2600.0
Product Name:Microsoft® Windows® Operating System
Path:
Filename: svchost.exe
Directory: C:\WINDOWS\system32\
Full Path: C:\WINDOWS\system32\svchost.exe
Date:
Creation Date: mardi, août 28 2001 12:00:00
Modify Date: mardi, août 28 2001 12:00:00
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.0 (xpclient.010817-1148)
Internal Name: svchost.exe
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.0
Legal Copyright: © Microsoft Corporation. All rights reserved.
Misc.:
File Size: 13 KB (12 800 bytes)
File Type: Application
Version: 5.1.0
#:7 (Explorer.EXE)
Path:C:\WINDOWS\Explorer.EXE
BasePriority:NORMAL
FileSize :984 kb
Last accessed :29/08/2002 09:45:10
Build :6.0.2800.1106
OS :NT-Win32-Executable
Description :Explorateur Windows
Version :6.0.2800.1106
Product Name:Système d'exploitation Microsoft® Windows®
Path:
Filename: Explorer.EXE
Directory: C:\WINDOWS\
Full Path: C:\WINDOWS\Explorer.EXE
Date:
Creation Date: jeudi, août 29 2002 9:45:10
Modify Date: jeudi, août 29 2002 9:45:10
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: Explorateur Windows
File Version: 6.00.2800.1106 (xpsp1.020828-1920)
Internal Name: explorer
Original Filename: EXPLORER.EXE
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 6.00.2800.1106
Legal Copyright: © Microsoft Corporation. Tous droits réservés.
Misc.:
File Size: 985 KB (1 008 128 bytes)
File Type: Application
Version: 6.0.1106
#:8 (devldr32.exe)
Path:C:\WINDOWS\System32\devldr32.exe
BasePriority:NORMAL
FileSize :25 kb
Last accessed :05/04/2002 08:32:20
Build :1.0.0.25
OS :NT-Win32-Executable
Description :DevLdr32
Version :1.0.0.25
Product Name:Creative Ring3 NT Inteface
Path:
Filename: devldr32.exe
Directory: C:\WINDOWS\System32\
Full Path: C:\WINDOWS\System32\devldr32.exe
Date:
Creation Date: mardi, nov 01 2005 11:10:33
Modify Date: samedi, mai 04 2002 8:32:20
Access Date: samedi, janv 15 2005
Attributes:
Archive: False
Compressed: False
Directory: False
Hidden: False
Normal: True
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Creative Technology Ltd.
File Description: DevLdr32
File Version: 1, 0, 0, 25
Internal Name: DevLdr
Original Filename: DevLdr32.exe
Product Name: Creative Ring3 NT Inteface
Product Version: 1, 0, 0, 25
Legal Copyright: Copyright © 1997-2001 Creative Technology Ltd.
Misc.:
File Size: 26 KB (26 112 bytes)
File Type: Application
Version: 1.0.25
#:9 (Spyware.exe)
Path:C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
BasePriority:NORMAL
FileSize :978 kb
Last accessed :31/03/2004 13:31:54
Build :8.2.0.8
OS :NT-Win32-Executable
Description :BPS Spyware and Adware Remover
Version :8.2.0.8
Product Name:BPS Spyware and Adware Remover
Path:
Filename: Spyware.exe
Directory: C:\Program Files\BulletProofSoft.com\SpywareRemover\
Full Path: C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
Date:
Creation Date: mardi, janv 27 2004 9:03:37
Modify Date: mercredi, mars 31 2004 1:31:54
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: BulletProofSoft.com
File Description: BPS Spyware and Adware Remover
File Version: 8.02.0008
Internal Name: Spyware
Original Filename: Spyware.exe
Product Name: BPS Spyware and Adware Remover
Product Version: 8.02.0008
Legal Copyright: BulletProofSoft.com
Misc.:
File Size: 978 KB (1 001 693 bytes)
File Type: Application
Version: 8.2.8
#:10 (BFDE3D79.DLL)
Path:C:\Program Files\BulletProofSoft.com\SpywareRemover\BFDE3D79.DLL
BasePriority:NORMAL
FileSize :2348 kb
Last accessed :15/01/2005 01:30:38
Build :8.2.0.8
OS :NT-Win32-Executable
Description :BPS Spyware and Adware Remover
Version :8.2.0.8
Product Name:BPS Spyware and Adware Remover
Path:
Filename: BFDE3D79.DLL
Directory: C:\Program Files\BulletProofSoft.com\SpywareRemover\
Full Path: C:\Program Files\BulletProofSoft.com\SpywareRemover\BFDE3D79.DLL
Date:
Creation Date: samedi, janv 15 2005 1:30:36
Modify Date: samedi, janv 15 2005 1:30:38
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: BulletProofSoft.com
File Description: BPS Spyware and Adware Remover
File Version: 8.02.0008
Internal Name: Spyware
Original Filename: Spyware.exe
Product Name: BPS Spyware and Adware Remover
Product Version: 8.02.0008
Legal Copyright: BulletProofSoft.com
Misc.:
File Size: 2 348 KB (2 404 352 bytes)
File Type: Application
Version: 8.2.8
Résultat du balayage de la mémoire :
Total des modules trouvés :11
Modules suspects trouvés :
Balayage terminé
Le balayage du registre a commencé
====================
Registry Key Value Type = Alexa Toolbar:
[HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\]
"{c95fe080-8f5d-11d2-a20b-00aa003c157a}"=dword:00002000
Registry Key Value Type = Alexa:
[HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\]
"{c95fe080-8f5d-11d2-a20b-00aa003c157a}"=dword:00002000
Registry Key Value Type = Alexa:
[HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\]
"{c95fe080-8f5d-11d2-a20b-00aa003c157a}"=dword:00002000
Résultat du balayage du registre :
Clefs suspectes trouvées :5
Balayage terminé
Balayage de témoin a commencé
====================
Résultats de balayage de témoin:
Des témoins suspects trouvés:7
Balayage terminé
Le balayage du dossier a commencé
====================
Résultat du balayage du dossier :
Dossiers suspects trouvés :0
Le balayage du fichier a commencé
====================
Sexfiles Dialers file:C:\films\film coneries\xxx.avi
FileSize :754104 kb
Last accessed :12/06/2004 18:28:38
Build :
OS :-
Path:
Filename: xxx.avi
Directory: C:\films\film coneries\
Full Path: C:\films\film coneries\xxx.avi
Date:
Creation Date: mardi, juin 22 2004 5:18:14
Modify Date: lundi, déc 06 2004 6:28:38
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name:
File Description:
File Version:
Internal Name:
Original Filename:
Product Name:
Product Version:
Legal Copyright:
Misc.:
File Size: 754 104 KB (772 202 496 bytes)
Zestyfind Desktop Links file:C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\MBO9VE85\favicon[1].ico
FileSize :2 kb
Last accessed :09/01/2005 22:37:48
Build :
OS :-
Path:
Filename: favicon[1].ico
Directory: C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\MBO9VE85\
Full Path: C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\MBO9VE85\favicon[1].ico
Date:
Creation Date: jeudi, sept 01 2005 10:37:47
Modify Date: jeudi, sept 01 2005 10:37:48
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name:
File Description:
File Version:
Internal Name:
Original Filename:
Product Name:
Product Version:
Legal Copyright:
Misc.:
File Size: 2 KB (2 238 bytes)
Zestyfind Desktop Links file:C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\NORIMHK2\favicon[1].ico
FileSize :1 kb
Last accessed :09/01/2005 21:01:26
Build :
OS :-
Path:
Filename: favicon[1].ico
Directory: C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\NORIMHK2\
Full Path: C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\NORIMHK2\favicon[1].ico
Date:
Creation Date: jeudi, sept 01 2005 9:01:24
Modify Date: jeudi, sept 01 2005 9:01:26
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name:
File Description:
File Version:
Internal Name:
Original Filename:
Product Name:
Product Version:
Legal Copyright:
Misc.:
File Size: 1 KB (1 406 bytes)
Sexfiles Dialers file:C:\Documents and Settings\lolo1\Recent\xxx.lnk
FileSize :0 kb
Last accessed :11/01/2005 18:44:56
Build :
OS :-
Path:
Filename: xxx.lnk
Directory: C:\Documents and Settings\lolo1\Recent\
Full Path: C:\Documents and Settings\lolo1\Recent\xxx.lnk
Date:
Creation Date: mardi, mars 01 2005 3:59:03
Modify Date: mardi, nov 01 2005 6:44:56
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name:
File Description:
File Version:
Internal Name:
Original Filename:
Product Name:
Product Version:
Legal Copyright:
Misc.:
File Size: 1 KB (517 bytes)
Résultat du balayage du fichier :
Fichiers suspects trouvés :11
Balayage terminé
==========================================================
Total des composants d'espiogiciels trouvés : 16
==========================================================
Tâche en cours d'achèvement 01:41:32
Achevée
==========================================================
Application Version: 8.2.8
==========================================================
Major Version: 5
Minor Version: 1
Build Number Version: 2600
Platform ID: 2
Service Pack Major: 1
Service Pack Minor: 0
Suite Mask: 256
Platform: Windows XP
Platform Version: Windows XP v5.1, Build 2600
OS Product Name: NT Workstation
CSD Version: Service Pack 1
Is Windows XP: True
Is Windows 2K: True
Is Windows NT: True
Is Windows 9x: False
Is Windows 95: False
Is Windows 98: False
Is Windows Me: False
Le balayage est en cours d'initialisation 15/01/2005 01:30:53
=================================================
Le balayage de mémoire a commencé
====================
Processus actuellement en cours
#:1 (smss.exe)
Path:\SystemRoot\System32\smss.exe
BasePriority:NORMAL
#:2 (winlogon.exe)
Path:\??\C:\WINDOWS\SYSTEM32\winlogon.exe
BasePriority:HIGH
Build :
OS :-
Description :
Version :
Product Name:
#:3 (services.exe)
Path:C:\WINDOWS\system32\services.exe
BasePriority:NORMAL
FileSize :99 kb
Last accessed :28/08/2001 12:00:00
Build :5.1.2600.0
OS :NT-Win32-Executable
Description :Applications Services et Contrôleur
Version :5.1.2600.0
Product Name:Système d'exploitation Microsoft® Windows®
Path:
Filename: services.exe
Directory: C:\WINDOWS\system32\
Full Path: C:\WINDOWS\system32\services.exe
Date:
Creation Date: mardi, août 28 2001 12:00:00
Modify Date: mardi, août 28 2001 12:00:00
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: Applications Services et Contrôleur
File Version: 5.1.2600.0 (xpclient.010817-1148)
Internal Name: services.exe
Original Filename: services.exe
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.0
Legal Copyright: © Microsoft Corporation. Tous droits réservés.
Misc.:
File Size: 100 KB (101 888 bytes)
File Type: Application
Version: 5.1.0
#:4 (lsass.exe)
Path:C:\WINDOWS\system32\lsass.exe
BasePriority:NORMAL
FileSize :11 kb
Last accessed :29/08/2002 09:45:10
Build :5.1.2600.1106
OS :NT-Win32-DLL
Description :LSA Shell (Export Version)
Version :5.1.2600.1106
Product Name:Microsoft® Windows® Operating System
Path:
Filename: lsass.exe
Directory: C:\WINDOWS\system32\
Full Path: C:\WINDOWS\system32\lsass.exe
Date:
Creation Date: jeudi, août 29 2002 9:45:10
Modify Date: jeudi, août 29 2002 9:45:10
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: LSA Shell (Export Version)
File Version: 5.1.2600.1106 (xpsp1.020828-1920)
Internal Name: lsass.exe
Original Filename: lsass.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.1106
Legal Copyright: © Microsoft Corporation. All rights reserved.
Misc.:
File Size: 12 KB (11 776 bytes)
File Type: DLL Library
Version: 5.1.1106
#:5 (svchost.exe)
Path:C:\WINDOWS\system32\svchost.exe
BasePriority:NORMAL
FileSize :12 kb
Last accessed :28/08/2001 12:00:00
Build :5.1.2600.0
OS :NT-Win32-Executable
Description :Generic Host Process for Win32 Services
Version :5.1.2600.0
Product Name:Microsoft® Windows® Operating System
Path:
Filename: svchost.exe
Directory: C:\WINDOWS\system32\
Full Path: C:\WINDOWS\system32\svchost.exe
Date:
Creation Date: mardi, août 28 2001 12:00:00
Modify Date: mardi, août 28 2001 12:00:00
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.0 (xpclient.010817-1148)
Internal Name: svchost.exe
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.0
Legal Copyright: © Microsoft Corporation. All rights reserved.
Misc.:
File Size: 13 KB (12 800 bytes)
File Type: Application
Version: 5.1.0
#:6 (svchost.exe)
Path:C:\WINDOWS\system32\svchost.exe
BasePriority:NORMAL
FileSize :12 kb
Last accessed :28/08/2001 12:00:00
Build :5.1.2600.0
OS :NT-Win32-Executable
Description :Generic Host Process for Win32 Services
Version :5.1.2600.0
Product Name:Microsoft® Windows® Operating System
Path:
Filename: svchost.exe
Directory: C:\WINDOWS\system32\
Full Path: C:\WINDOWS\system32\svchost.exe
Date:
Creation Date: mardi, août 28 2001 12:00:00
Modify Date: mardi, août 28 2001 12:00:00
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.0 (xpclient.010817-1148)
Internal Name: svchost.exe
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.0
Legal Copyright: © Microsoft Corporation. All rights reserved.
Misc.:
File Size: 13 KB (12 800 bytes)
File Type: Application
Version: 5.1.0
#:7 (Explorer.EXE)
Path:C:\WINDOWS\Explorer.EXE
BasePriority:NORMAL
FileSize :984 kb
Last accessed :29/08/2002 09:45:10
Build :6.0.2800.1106
OS :NT-Win32-Executable
Description :Explorateur Windows
Version :6.0.2800.1106
Product Name:Système d'exploitation Microsoft® Windows®
Path:
Filename: Explorer.EXE
Directory: C:\WINDOWS\
Full Path: C:\WINDOWS\Explorer.EXE
Date:
Creation Date: jeudi, août 29 2002 9:45:10
Modify Date: jeudi, août 29 2002 9:45:10
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: Explorateur Windows
File Version: 6.00.2800.1106 (xpsp1.020828-1920)
Internal Name: explorer
Original Filename: EXPLORER.EXE
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 6.00.2800.1106
Legal Copyright: © Microsoft Corporation. Tous droits réservés.
Misc.:
File Size: 985 KB (1 008 128 bytes)
File Type: Application
Version: 6.0.1106
#:8 (devldr32.exe)
Path:C:\WINDOWS\System32\devldr32.exe
BasePriority:NORMAL
FileSize :25 kb
Last accessed :05/04/2002 08:32:20
Build :1.0.0.25
OS :NT-Win32-Executable
Description :DevLdr32
Version :1.0.0.25
Product Name:Creative Ring3 NT Inteface
Path:
Filename: devldr32.exe
Directory: C:\WINDOWS\System32\
Full Path: C:\WINDOWS\System32\devldr32.exe
Date:
Creation Date: mardi, nov 01 2005 11:10:33
Modify Date: samedi, mai 04 2002 8:32:20
Access Date: samedi, janv 15 2005
Attributes:
Archive: False
Compressed: False
Directory: False
Hidden: False
Normal: True
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Creative Technology Ltd.
File Description: DevLdr32
File Version: 1, 0, 0, 25
Internal Name: DevLdr
Original Filename: DevLdr32.exe
Product Name: Creative Ring3 NT Inteface
Product Version: 1, 0, 0, 25
Legal Copyright: Copyright © 1997-2001 Creative Technology Ltd.
Misc.:
File Size: 26 KB (26 112 bytes)
File Type: Application
Version: 1.0.25
#:9 (Spyware.exe)
Path:C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
BasePriority:NORMAL
FileSize :978 kb
Last accessed :31/03/2004 13:31:54
Build :8.2.0.8
OS :NT-Win32-Executable
Description :BPS Spyware and Adware Remover
Version :8.2.0.8
Product Name:BPS Spyware and Adware Remover
Path:
Filename: Spyware.exe
Directory: C:\Program Files\BulletProofSoft.com\SpywareRemover\
Full Path: C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
Date:
Creation Date: mardi, janv 27 2004 9:03:37
Modify Date: mercredi, mars 31 2004 1:31:54
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: BulletProofSoft.com
File Description: BPS Spyware and Adware Remover
File Version: 8.02.0008
Internal Name: Spyware
Original Filename: Spyware.exe
Product Name: BPS Spyware and Adware Remover
Product Version: 8.02.0008
Legal Copyright: BulletProofSoft.com
Misc.:
File Size: 978 KB (1 001 693 bytes)
File Type: Application
Version: 8.2.8
#:10 (BFDE3D79.DLL)
Path:C:\Program Files\BulletProofSoft.com\SpywareRemover\BFDE3D79.DLL
BasePriority:NORMAL
FileSize :2348 kb
Last accessed :15/01/2005 01:30:38
Build :8.2.0.8
OS :NT-Win32-Executable
Description :BPS Spyware and Adware Remover
Version :8.2.0.8
Product Name:BPS Spyware and Adware Remover
Path:
Filename: BFDE3D79.DLL
Directory: C:\Program Files\BulletProofSoft.com\SpywareRemover\
Full Path: C:\Program Files\BulletProofSoft.com\SpywareRemover\BFDE3D79.DLL
Date:
Creation Date: samedi, janv 15 2005 1:30:36
Modify Date: samedi, janv 15 2005 1:30:38
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: BulletProofSoft.com
File Description: BPS Spyware and Adware Remover
File Version: 8.02.0008
Internal Name: Spyware
Original Filename: Spyware.exe
Product Name: BPS Spyware and Adware Remover
Product Version: 8.02.0008
Legal Copyright: BulletProofSoft.com
Misc.:
File Size: 2 348 KB (2 404 352 bytes)
File Type: Application
Version: 8.2.8
Résultat du balayage de la mémoire :
Total des modules trouvés :11
Modules suspects trouvés :
Balayage terminé
Le balayage du registre a commencé
====================
Registry Key Value Type = Alexa Toolbar:
[HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\]
"{c95fe080-8f5d-11d2-a20b-00aa003c157a}"=dword:00002000
Registry Key Value Type = Alexa:
[HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\]
"{c95fe080-8f5d-11d2-a20b-00aa003c157a}"=dword:00002000
Registry Key Value Type = Alexa:
[HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\]
"{c95fe080-8f5d-11d2-a20b-00aa003c157a}"=dword:00002000
Résultat du balayage du registre :
Clefs suspectes trouvées :5
Balayage terminé
Balayage de témoin a commencé
====================
Résultats de balayage de témoin:
Des témoins suspects trouvés:7
Balayage terminé
Le balayage du dossier a commencé
====================
Résultat du balayage du dossier :
Dossiers suspects trouvés :0
Le balayage du fichier a commencé
====================
Sexfiles Dialers file:C:\films\film coneries\xxx.avi
FileSize :754104 kb
Last accessed :12/06/2004 18:28:38
Build :
OS :-
Path:
Filename: xxx.avi
Directory: C:\films\film coneries\
Full Path: C:\films\film coneries\xxx.avi
Date:
Creation Date: mardi, juin 22 2004 5:18:14
Modify Date: lundi, déc 06 2004 6:28:38
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name:
File Description:
File Version:
Internal Name:
Original Filename:
Product Name:
Product Version:
Legal Copyright:
Misc.:
File Size: 754 104 KB (772 202 496 bytes)
Zestyfind Desktop Links file:C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\MBO9VE85\favicon[1].ico
FileSize :2 kb
Last accessed :09/01/2005 22:37:48
Build :
OS :-
Path:
Filename: favicon[1].ico
Directory: C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\MBO9VE85\
Full Path: C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\MBO9VE85\favicon[1].ico
Date:
Creation Date: jeudi, sept 01 2005 10:37:47
Modify Date: jeudi, sept 01 2005 10:37:48
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name:
File Description:
File Version:
Internal Name:
Original Filename:
Product Name:
Product Version:
Legal Copyright:
Misc.:
File Size: 2 KB (2 238 bytes)
Zestyfind Desktop Links file:C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\NORIMHK2\favicon[1].ico
FileSize :1 kb
Last accessed :09/01/2005 21:01:26
Build :
OS :-
Path:
Filename: favicon[1].ico
Directory: C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\NORIMHK2\
Full Path: C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\NORIMHK2\favicon[1].ico
Date:
Creation Date: jeudi, sept 01 2005 9:01:24
Modify Date: jeudi, sept 01 2005 9:01:26
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name:
File Description:
File Version:
Internal Name:
Original Filename:
Product Name:
Product Version:
Legal Copyright:
Misc.:
File Size: 1 KB (1 406 bytes)
Sexfiles Dialers file:C:\Documents and Settings\lolo1\Recent\xxx.lnk
FileSize :0 kb
Last accessed :11/01/2005 18:44:56
Build :
OS :-
Path:
Filename: xxx.lnk
Directory: C:\Documents and Settings\lolo1\Recent\
Full Path: C:\Documents and Settings\lolo1\Recent\xxx.lnk
Date:
Creation Date: mardi, mars 01 2005 3:59:03
Modify Date: mardi, nov 01 2005 6:44:56
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name:
File Description:
File Version:
Internal Name:
Original Filename:
Product Name:
Product Version:
Legal Copyright:
Misc.:
File Size: 1 KB (517 bytes)
Résultat du balayage du fichier :
Fichiers suspects trouvés :11
Balayage terminé
==========================================================
Total des composants d'espiogiciels trouvés : 16
==========================================================
Tâche en cours d'achèvement 01:41:32
Achevée
==========================================================
Application Version: 8.2.8
==========================================================
Major Version: 5
Minor Version: 1
Build Number Version: 2600
Platform ID: 2
Service Pack Major: 1
Service Pack Minor: 0
Suite Mask: 256
Platform: Windows XP
Platform Version: Windows XP v5.1, Build 2600
OS Product Name: NT Workstation
CSD Version: Service Pack 1
Is Windows XP: True
Is Windows 2K: True
Is Windows NT: True
Is Windows 9x: False
Is Windows 95: False
Is Windows 98: False
Is Windows Me: False
Bonsoir
lol c'est la log "Ijackthis" que S!Ri t'as demande de poster
@+
_____________________________
Un Bon Troyen Est Un Troyen M O R T
lol c'est la log "Ijackthis" que S!Ri t'as demande de poster
@+
_____________________________
Un Bon Troyen Est Un Troyen M O R T
c bon voila mon log jackthit:
Le balayage est en cours d'initialisation 15/01/2005 01:30:53
=================================================
Le balayage de mémoire a commencé
====================
Processus actuellement en cours
#:1 (smss.exe)
Path:\SystemRoot\System32\smss.exe
BasePriority:NORMAL
#:2 (winlogon.exe)
Path:\??\C:\WINDOWS\SYSTEM32\winlogon.exe
BasePriority:HIGH
Build :
OS :-
Description :
Version :
Product Name:
#:3 (services.exe)
Path:C:\WINDOWS\system32\services.exe
BasePriority:NORMAL
FileSize :99 kb
Last accessed :28/08/2001 12:00:00
Build :5.1.2600.0
OS :NT-Win32-Executable
Description :Applications Services et Contrôleur
Version :5.1.2600.0
Product Name:Système d'exploitation Microsoft® Windows®
Path:
Filename: services.exe
Directory: C:\WINDOWS\system32\
Full Path: C:\WINDOWS\system32\services.exe
Date:
Creation Date: mardi, août 28 2001 12:00:00
Modify Date: mardi, août 28 2001 12:00:00
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: Applications Services et Contrôleur
File Version: 5.1.2600.0 (xpclient.010817-1148)
Internal Name: services.exe
Original Filename: services.exe
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.0
Legal Copyright: © Microsoft Corporation. Tous droits réservés.
Misc.:
File Size: 100 KB (101 888 bytes)
File Type: Application
Version: 5.1.0
#:4 (lsass.exe)
Path:C:\WINDOWS\system32\lsass.exe
BasePriority:NORMAL
FileSize :11 kb
Last accessed :29/08/2002 09:45:10
Build :5.1.2600.1106
OS :NT-Win32-DLL
Description :LSA Shell (Export Version)
Version :5.1.2600.1106
Product Name:Microsoft® Windows® Operating System
Path:
Filename: lsass.exe
Directory: C:\WINDOWS\system32\
Full Path: C:\WINDOWS\system32\lsass.exe
Date:
Creation Date: jeudi, août 29 2002 9:45:10
Modify Date: jeudi, août 29 2002 9:45:10
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: LSA Shell (Export Version)
File Version: 5.1.2600.1106 (xpsp1.020828-1920)
Internal Name: lsass.exe
Original Filename: lsass.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.1106
Legal Copyright: © Microsoft Corporation. All rights reserved.
Misc.:
File Size: 12 KB (11 776 bytes)
File Type: DLL Library
Version: 5.1.1106
#:5 (svchost.exe)
Path:C:\WINDOWS\system32\svchost.exe
BasePriority:NORMAL
FileSize :12 kb
Last accessed :28/08/2001 12:00:00
Build :5.1.2600.0
OS :NT-Win32-Executable
Description :Generic Host Process for Win32 Services
Version :5.1.2600.0
Product Name:Microsoft® Windows® Operating System
Path:
Filename: svchost.exe
Directory: C:\WINDOWS\system32\
Full Path: C:\WINDOWS\system32\svchost.exe
Date:
Creation Date: mardi, août 28 2001 12:00:00
Modify Date: mardi, août 28 2001 12:00:00
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.0 (xpclient.010817-1148)
Internal Name: svchost.exe
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.0
Legal Copyright: © Microsoft Corporation. All rights reserved.
Misc.:
File Size: 13 KB (12 800 bytes)
File Type: Application
Version: 5.1.0
#:6 (svchost.exe)
Path:C:\WINDOWS\system32\svchost.exe
BasePriority:NORMAL
FileSize :12 kb
Last accessed :28/08/2001 12:00:00
Build :5.1.2600.0
OS :NT-Win32-Executable
Description :Generic Host Process for Win32 Services
Version :5.1.2600.0
Product Name:Microsoft® Windows® Operating System
Path:
Filename: svchost.exe
Directory: C:\WINDOWS\system32\
Full Path: C:\WINDOWS\system32\svchost.exe
Date:
Creation Date: mardi, août 28 2001 12:00:00
Modify Date: mardi, août 28 2001 12:00:00
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.0 (xpclient.010817-1148)
Internal Name: svchost.exe
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.0
Legal Copyright: © Microsoft Corporation. All rights reserved.
Misc.:
File Size: 13 KB (12 800 bytes)
File Type: Application
Version: 5.1.0
#:7 (Explorer.EXE)
Path:C:\WINDOWS\Explorer.EXE
BasePriority:NORMAL
FileSize :984 kb
Last accessed :29/08/2002 09:45:10
Build :6.0.2800.1106
OS :NT-Win32-Executable
Description :Explorateur Windows
Version :6.0.2800.1106
Product Name:Système d'exploitation Microsoft® Windows®
Path:
Filename: Explorer.EXE
Directory: C:\WINDOWS\
Full Path: C:\WINDOWS\Explorer.EXE
Date:
Creation Date: jeudi, août 29 2002 9:45:10
Modify Date: jeudi, août 29 2002 9:45:10
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: Explorateur Windows
File Version: 6.00.2800.1106 (xpsp1.020828-1920)
Internal Name: explorer
Original Filename: EXPLORER.EXE
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 6.00.2800.1106
Legal Copyright: © Microsoft Corporation. Tous droits réservés.
Misc.:
File Size: 985 KB (1 008 128 bytes)
File Type: Application
Version: 6.0.1106
#:8 (devldr32.exe)
Path:C:\WINDOWS\System32\devldr32.exe
BasePriority:NORMAL
FileSize :25 kb
Last accessed :05/04/2002 08:32:20
Build :1.0.0.25
OS :NT-Win32-Executable
Description :DevLdr32
Version :1.0.0.25
Product Name:Creative Ring3 NT Inteface
Path:
Filename: devldr32.exe
Directory: C:\WINDOWS\System32\
Full Path: C:\WINDOWS\System32\devldr32.exe
Date:
Creation Date: mardi, nov 01 2005 11:10:33
Modify Date: samedi, mai 04 2002 8:32:20
Access Date: samedi, janv 15 2005
Attributes:
Archive: False
Compressed: False
Directory: False
Hidden: False
Normal: True
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Creative Technology Ltd.
File Description: DevLdr32
File Version: 1, 0, 0, 25
Internal Name: DevLdr
Original Filename: DevLdr32.exe
Product Name: Creative Ring3 NT Inteface
Product Version: 1, 0, 0, 25
Legal Copyright: Copyright © 1997-2001 Creative Technology Ltd.
Misc.:
File Size: 26 KB (26 112 bytes)
File Type: Application
Version: 1.0.25
#:9 (Spyware.exe)
Path:C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
BasePriority:NORMAL
FileSize :978 kb
Last accessed :31/03/2004 13:31:54
Build :8.2.0.8
OS :NT-Win32-Executable
Description :BPS Spyware and Adware Remover
Version :8.2.0.8
Product Name:BPS Spyware and Adware Remover
Path:
Filename: Spyware.exe
Directory: C:\Program Files\BulletProofSoft.com\SpywareRemover\
Full Path: C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
Date:
Creation Date: mardi, janv 27 2004 9:03:37
Modify Date: mercredi, mars 31 2004 1:31:54
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: BulletProofSoft.com
File Description: BPS Spyware and Adware Remover
File Version: 8.02.0008
Internal Name: Spyware
Original Filename: Spyware.exe
Product Name: BPS Spyware and Adware Remover
Product Version: 8.02.0008
Legal Copyright: BulletProofSoft.com
Misc.:
File Size: 978 KB (1 001 693 bytes)
File Type: Application
Version: 8.2.8
#:10 (BFDE3D79.DLL)
Path:C:\Program Files\BulletProofSoft.com\SpywareRemover\BFDE3D79.DLL
BasePriority:NORMAL
FileSize :2348 kb
Last accessed :15/01/2005 01:30:38
Build :8.2.0.8
OS :NT-Win32-Executable
Description :BPS Spyware and Adware Remover
Version :8.2.0.8
Product Name:BPS Spyware and Adware Remover
Path:
Filename: BFDE3D79.DLL
Directory: C:\Program Files\BulletProofSoft.com\SpywareRemover\
Full Path: C:\Program Files\BulletProofSoft.com\SpywareRemover\BFDE3D79.DLL
Date:
Creation Date: samedi, janv 15 2005 1:30:36
Modify Date: samedi, janv 15 2005 1:30:38
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: BulletProofSoft.com
File Description: BPS Spyware and Adware Remover
File Version: 8.02.0008
Internal Name: Spyware
Original Filename: Spyware.exe
Product Name: BPS Spyware and Adware Remover
Product Version: 8.02.0008
Legal Copyright: BulletProofSoft.com
Misc.:
File Size: 2 348 KB (2 404 352 bytes)
File Type: Application
Version: 8.2.8
Résultat du balayage de la mémoire :
Total des modules trouvés :11
Modules suspects trouvés :
Balayage terminé
Le balayage du registre a commencé
====================
Registry Key Value Type = Alexa Toolbar:
[HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\]
"{c95fe080-8f5d-11d2-a20b-00aa003c157a}"=dword:00002000
Registry Key Value Type = Alexa:
[HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\]
"{c95fe080-8f5d-11d2-a20b-00aa003c157a}"=dword:00002000
Registry Key Value Type = Alexa:
[HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\]
"{c95fe080-8f5d-11d2-a20b-00aa003c157a}"=dword:00002000
Résultat du balayage du registre :
Clefs suspectes trouvées :5
Balayage terminé
Balayage de témoin a commencé
====================
Résultats de balayage de témoin:
Des témoins suspects trouvés:7
Balayage terminé
Le balayage du dossier a commencé
====================
Résultat du balayage du dossier :
Dossiers suspects trouvés :0
Le balayage du fichier a commencé
====================
Sexfiles Dialers file:C:\films\film coneries\xxx.avi
FileSize :754104 kb
Last accessed :12/06/2004 18:28:38
Build :
OS :-
Path:
Filename: xxx.avi
Directory: C:\films\film coneries\
Full Path: C:\films\film coneries\xxx.avi
Date:
Creation Date: mardi, juin 22 2004 5:18:14
Modify Date: lundi, déc 06 2004 6:28:38
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name:
File Description:
File Version:
Internal Name:
Original Filename:
Product Name:
Product Version:
Legal Copyright:
Misc.:
File Size: 754 104 KB (772 202 496 bytes)
Zestyfind Desktop Links file:C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\MBO9VE85\favicon[1].ico
FileSize :2 kb
Last accessed :09/01/2005 22:37:48
Build :
OS :-
Path:
Filename: favicon[1].ico
Directory: C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\MBO9VE85\
Full Path: C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\MBO9VE85\favicon[1].ico
Date:
Creation Date: jeudi, sept 01 2005 10:37:47
Modify Date: jeudi, sept 01 2005 10:37:48
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name:
File Description:
File Version:
Internal Name:
Original Filename:
Product Name:
Product Version:
Legal Copyright:
Misc.:
File Size: 2 KB (2 238 bytes)
Zestyfind Desktop Links file:C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\NORIMHK2\favicon[1].ico
FileSize :1 kb
Last accessed :09/01/2005 21:01:26
Build :
OS :-
Path:
Filename: favicon[1].ico
Directory: C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\NORIMHK2\
Full Path: C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\NORIMHK2\favicon[1].ico
Date:
Creation Date: jeudi, sept 01 2005 9:01:24
Modify Date: jeudi, sept 01 2005 9:01:26
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name:
File Description:
File Version:
Internal Name:
Original Filename:
Product Name:
Product Version:
Legal Copyright:
Misc.:
File Size: 1 KB (1 406 bytes)
Sexfiles Dialers file:C:\Documents and Settings\lolo1\Recent\xxx.lnk
FileSize :0 kb
Last accessed :11/01/2005 18:44:56
Build :
OS :-
Path:
Filename: xxx.lnk
Directory: C:\Documents and Settings\lolo1\Recent\
Full Path: C:\Documents and Settings\lolo1\Recent\xxx.lnk
Date:
Creation Date: mardi, mars 01 2005 3:59:03
Modify Date: mardi, nov 01 2005 6:44:56
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name:
File Description:
File Version:
Internal Name:
Original Filename:
Product Name:
Product Version:
Legal Copyright:
Misc.:
File Size: 1 KB (517 bytes)
Résultat du balayage du fichier :
Fichiers suspects trouvés :11
Balayage terminé
==========================================================
Total des composants d'espiogiciels trouvés : 16
==========================================================
Tâche en cours d'achèvement 01:41:32
Achevée
==========================================================
Application Version: 8.2.8
==========================================================
Major Version: 5
Minor Version: 1
Build Number Version: 2600
Platform ID: 2
Service Pack Major: 1
Service Pack Minor: 0
Suite Mask: 256
Platform: Windows XP
Platform Version: Windows XP v5.1, Build 2600
OS Product Name: NT Workstation
CSD Version: Service Pack 1
Is Windows XP: True
Is Windows 2K: True
Is Windows NT: True
Is Windows 9x: False
Is Windows 95: False
Is Windows 98: False
Is Windows Me: False
Le balayage est en cours d'initialisation 15/01/2005 01:30:53
=================================================
Le balayage de mémoire a commencé
====================
Processus actuellement en cours
#:1 (smss.exe)
Path:\SystemRoot\System32\smss.exe
BasePriority:NORMAL
#:2 (winlogon.exe)
Path:\??\C:\WINDOWS\SYSTEM32\winlogon.exe
BasePriority:HIGH
Build :
OS :-
Description :
Version :
Product Name:
#:3 (services.exe)
Path:C:\WINDOWS\system32\services.exe
BasePriority:NORMAL
FileSize :99 kb
Last accessed :28/08/2001 12:00:00
Build :5.1.2600.0
OS :NT-Win32-Executable
Description :Applications Services et Contrôleur
Version :5.1.2600.0
Product Name:Système d'exploitation Microsoft® Windows®
Path:
Filename: services.exe
Directory: C:\WINDOWS\system32\
Full Path: C:\WINDOWS\system32\services.exe
Date:
Creation Date: mardi, août 28 2001 12:00:00
Modify Date: mardi, août 28 2001 12:00:00
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: Applications Services et Contrôleur
File Version: 5.1.2600.0 (xpclient.010817-1148)
Internal Name: services.exe
Original Filename: services.exe
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.0
Legal Copyright: © Microsoft Corporation. Tous droits réservés.
Misc.:
File Size: 100 KB (101 888 bytes)
File Type: Application
Version: 5.1.0
#:4 (lsass.exe)
Path:C:\WINDOWS\system32\lsass.exe
BasePriority:NORMAL
FileSize :11 kb
Last accessed :29/08/2002 09:45:10
Build :5.1.2600.1106
OS :NT-Win32-DLL
Description :LSA Shell (Export Version)
Version :5.1.2600.1106
Product Name:Microsoft® Windows® Operating System
Path:
Filename: lsass.exe
Directory: C:\WINDOWS\system32\
Full Path: C:\WINDOWS\system32\lsass.exe
Date:
Creation Date: jeudi, août 29 2002 9:45:10
Modify Date: jeudi, août 29 2002 9:45:10
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: LSA Shell (Export Version)
File Version: 5.1.2600.1106 (xpsp1.020828-1920)
Internal Name: lsass.exe
Original Filename: lsass.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.1106
Legal Copyright: © Microsoft Corporation. All rights reserved.
Misc.:
File Size: 12 KB (11 776 bytes)
File Type: DLL Library
Version: 5.1.1106
#:5 (svchost.exe)
Path:C:\WINDOWS\system32\svchost.exe
BasePriority:NORMAL
FileSize :12 kb
Last accessed :28/08/2001 12:00:00
Build :5.1.2600.0
OS :NT-Win32-Executable
Description :Generic Host Process for Win32 Services
Version :5.1.2600.0
Product Name:Microsoft® Windows® Operating System
Path:
Filename: svchost.exe
Directory: C:\WINDOWS\system32\
Full Path: C:\WINDOWS\system32\svchost.exe
Date:
Creation Date: mardi, août 28 2001 12:00:00
Modify Date: mardi, août 28 2001 12:00:00
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.0 (xpclient.010817-1148)
Internal Name: svchost.exe
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.0
Legal Copyright: © Microsoft Corporation. All rights reserved.
Misc.:
File Size: 13 KB (12 800 bytes)
File Type: Application
Version: 5.1.0
#:6 (svchost.exe)
Path:C:\WINDOWS\system32\svchost.exe
BasePriority:NORMAL
FileSize :12 kb
Last accessed :28/08/2001 12:00:00
Build :5.1.2600.0
OS :NT-Win32-Executable
Description :Generic Host Process for Win32 Services
Version :5.1.2600.0
Product Name:Microsoft® Windows® Operating System
Path:
Filename: svchost.exe
Directory: C:\WINDOWS\system32\
Full Path: C:\WINDOWS\system32\svchost.exe
Date:
Creation Date: mardi, août 28 2001 12:00:00
Modify Date: mardi, août 28 2001 12:00:00
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.0 (xpclient.010817-1148)
Internal Name: svchost.exe
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.0
Legal Copyright: © Microsoft Corporation. All rights reserved.
Misc.:
File Size: 13 KB (12 800 bytes)
File Type: Application
Version: 5.1.0
#:7 (Explorer.EXE)
Path:C:\WINDOWS\Explorer.EXE
BasePriority:NORMAL
FileSize :984 kb
Last accessed :29/08/2002 09:45:10
Build :6.0.2800.1106
OS :NT-Win32-Executable
Description :Explorateur Windows
Version :6.0.2800.1106
Product Name:Système d'exploitation Microsoft® Windows®
Path:
Filename: Explorer.EXE
Directory: C:\WINDOWS\
Full Path: C:\WINDOWS\Explorer.EXE
Date:
Creation Date: jeudi, août 29 2002 9:45:10
Modify Date: jeudi, août 29 2002 9:45:10
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Microsoft Corporation
File Description: Explorateur Windows
File Version: 6.00.2800.1106 (xpsp1.020828-1920)
Internal Name: explorer
Original Filename: EXPLORER.EXE
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 6.00.2800.1106
Legal Copyright: © Microsoft Corporation. Tous droits réservés.
Misc.:
File Size: 985 KB (1 008 128 bytes)
File Type: Application
Version: 6.0.1106
#:8 (devldr32.exe)
Path:C:\WINDOWS\System32\devldr32.exe
BasePriority:NORMAL
FileSize :25 kb
Last accessed :05/04/2002 08:32:20
Build :1.0.0.25
OS :NT-Win32-Executable
Description :DevLdr32
Version :1.0.0.25
Product Name:Creative Ring3 NT Inteface
Path:
Filename: devldr32.exe
Directory: C:\WINDOWS\System32\
Full Path: C:\WINDOWS\System32\devldr32.exe
Date:
Creation Date: mardi, nov 01 2005 11:10:33
Modify Date: samedi, mai 04 2002 8:32:20
Access Date: samedi, janv 15 2005
Attributes:
Archive: False
Compressed: False
Directory: False
Hidden: False
Normal: True
Read Only: False
System: False
Temporary: False
String Info:
Company Name: Creative Technology Ltd.
File Description: DevLdr32
File Version: 1, 0, 0, 25
Internal Name: DevLdr
Original Filename: DevLdr32.exe
Product Name: Creative Ring3 NT Inteface
Product Version: 1, 0, 0, 25
Legal Copyright: Copyright © 1997-2001 Creative Technology Ltd.
Misc.:
File Size: 26 KB (26 112 bytes)
File Type: Application
Version: 1.0.25
#:9 (Spyware.exe)
Path:C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
BasePriority:NORMAL
FileSize :978 kb
Last accessed :31/03/2004 13:31:54
Build :8.2.0.8
OS :NT-Win32-Executable
Description :BPS Spyware and Adware Remover
Version :8.2.0.8
Product Name:BPS Spyware and Adware Remover
Path:
Filename: Spyware.exe
Directory: C:\Program Files\BulletProofSoft.com\SpywareRemover\
Full Path: C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
Date:
Creation Date: mardi, janv 27 2004 9:03:37
Modify Date: mercredi, mars 31 2004 1:31:54
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: BulletProofSoft.com
File Description: BPS Spyware and Adware Remover
File Version: 8.02.0008
Internal Name: Spyware
Original Filename: Spyware.exe
Product Name: BPS Spyware and Adware Remover
Product Version: 8.02.0008
Legal Copyright: BulletProofSoft.com
Misc.:
File Size: 978 KB (1 001 693 bytes)
File Type: Application
Version: 8.2.8
#:10 (BFDE3D79.DLL)
Path:C:\Program Files\BulletProofSoft.com\SpywareRemover\BFDE3D79.DLL
BasePriority:NORMAL
FileSize :2348 kb
Last accessed :15/01/2005 01:30:38
Build :8.2.0.8
OS :NT-Win32-Executable
Description :BPS Spyware and Adware Remover
Version :8.2.0.8
Product Name:BPS Spyware and Adware Remover
Path:
Filename: BFDE3D79.DLL
Directory: C:\Program Files\BulletProofSoft.com\SpywareRemover\
Full Path: C:\Program Files\BulletProofSoft.com\SpywareRemover\BFDE3D79.DLL
Date:
Creation Date: samedi, janv 15 2005 1:30:36
Modify Date: samedi, janv 15 2005 1:30:38
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name: BulletProofSoft.com
File Description: BPS Spyware and Adware Remover
File Version: 8.02.0008
Internal Name: Spyware
Original Filename: Spyware.exe
Product Name: BPS Spyware and Adware Remover
Product Version: 8.02.0008
Legal Copyright: BulletProofSoft.com
Misc.:
File Size: 2 348 KB (2 404 352 bytes)
File Type: Application
Version: 8.2.8
Résultat du balayage de la mémoire :
Total des modules trouvés :11
Modules suspects trouvés :
Balayage terminé
Le balayage du registre a commencé
====================
Registry Key Value Type = Alexa Toolbar:
[HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\]
"{c95fe080-8f5d-11d2-a20b-00aa003c157a}"=dword:00002000
Registry Key Value Type = Alexa:
[HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\]
"{c95fe080-8f5d-11d2-a20b-00aa003c157a}"=dword:00002000
Registry Key Value Type = Alexa:
[HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\]
"{c95fe080-8f5d-11d2-a20b-00aa003c157a}"=dword:00002000
Résultat du balayage du registre :
Clefs suspectes trouvées :5
Balayage terminé
Balayage de témoin a commencé
====================
Résultats de balayage de témoin:
Des témoins suspects trouvés:7
Balayage terminé
Le balayage du dossier a commencé
====================
Résultat du balayage du dossier :
Dossiers suspects trouvés :0
Le balayage du fichier a commencé
====================
Sexfiles Dialers file:C:\films\film coneries\xxx.avi
FileSize :754104 kb
Last accessed :12/06/2004 18:28:38
Build :
OS :-
Path:
Filename: xxx.avi
Directory: C:\films\film coneries\
Full Path: C:\films\film coneries\xxx.avi
Date:
Creation Date: mardi, juin 22 2004 5:18:14
Modify Date: lundi, déc 06 2004 6:28:38
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name:
File Description:
File Version:
Internal Name:
Original Filename:
Product Name:
Product Version:
Legal Copyright:
Misc.:
File Size: 754 104 KB (772 202 496 bytes)
Zestyfind Desktop Links file:C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\MBO9VE85\favicon[1].ico
FileSize :2 kb
Last accessed :09/01/2005 22:37:48
Build :
OS :-
Path:
Filename: favicon[1].ico
Directory: C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\MBO9VE85\
Full Path: C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\MBO9VE85\favicon[1].ico
Date:
Creation Date: jeudi, sept 01 2005 10:37:47
Modify Date: jeudi, sept 01 2005 10:37:48
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name:
File Description:
File Version:
Internal Name:
Original Filename:
Product Name:
Product Version:
Legal Copyright:
Misc.:
File Size: 2 KB (2 238 bytes)
Zestyfind Desktop Links file:C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\NORIMHK2\favicon[1].ico
FileSize :1 kb
Last accessed :09/01/2005 21:01:26
Build :
OS :-
Path:
Filename: favicon[1].ico
Directory: C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\NORIMHK2\
Full Path: C:\Documents and Settings\lolo1\Local Settings\Temporary Internet Files\Content.IE5\NORIMHK2\favicon[1].ico
Date:
Creation Date: jeudi, sept 01 2005 9:01:24
Modify Date: jeudi, sept 01 2005 9:01:26
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name:
File Description:
File Version:
Internal Name:
Original Filename:
Product Name:
Product Version:
Legal Copyright:
Misc.:
File Size: 1 KB (1 406 bytes)
Sexfiles Dialers file:C:\Documents and Settings\lolo1\Recent\xxx.lnk
FileSize :0 kb
Last accessed :11/01/2005 18:44:56
Build :
OS :-
Path:
Filename: xxx.lnk
Directory: C:\Documents and Settings\lolo1\Recent\
Full Path: C:\Documents and Settings\lolo1\Recent\xxx.lnk
Date:
Creation Date: mardi, mars 01 2005 3:59:03
Modify Date: mardi, nov 01 2005 6:44:56
Access Date: samedi, janv 15 2005
Attributes:
Archive: True
Compressed: False
Directory: False
Hidden: False
Normal: False
Read Only: False
System: False
Temporary: False
String Info:
Company Name:
File Description:
File Version:
Internal Name:
Original Filename:
Product Name:
Product Version:
Legal Copyright:
Misc.:
File Size: 1 KB (517 bytes)
Résultat du balayage du fichier :
Fichiers suspects trouvés :11
Balayage terminé
==========================================================
Total des composants d'espiogiciels trouvés : 16
==========================================================
Tâche en cours d'achèvement 01:41:32
Achevée
==========================================================
Application Version: 8.2.8
==========================================================
Major Version: 5
Minor Version: 1
Build Number Version: 2600
Platform ID: 2
Service Pack Major: 1
Service Pack Minor: 0
Suite Mask: 256
Platform: Windows XP
Platform Version: Windows XP v5.1, Build 2600
OS Product Name: NT Workstation
CSD Version: Service Pack 1
Is Windows XP: True
Is Windows 2K: True
Is Windows NT: True
Is Windows 9x: False
Is Windows 95: False
Is Windows 98: False
Is Windows Me: False
me suis trompé!!
voila!!
ogfile of HijackThis v1.99.0
Scan saved at 02:29:41, on 15/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE
C:\Program Files\Webshots\WebshotsTray.exe
C:\totalcmd\TOTALCMD.EXE
c:\utils\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKCU\..\Run: [EPSON Stylus COLOR 480] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 480" /O5 "LPT1:" /M "Stylus COLOR 480"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104786488678
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O21 - SSODL: System - {10252285-D60D-4B5F-B145-2CB174161834} - q_sys.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
voila!!
ogfile of HijackThis v1.99.0
Scan saved at 02:29:41, on 15/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE
C:\Program Files\Webshots\WebshotsTray.exe
C:\totalcmd\TOTALCMD.EXE
c:\utils\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKCU\..\Run: [EPSON Stylus COLOR 480] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 480" /O5 "LPT1:" /M "Stylus COLOR 480"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104786488678
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O21 - SSODL: System - {10252285-D60D-4B5F-B145-2CB174161834} - q_sys.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
re'
Lance HijackThis, coche la ligne et fixe ca:
R3 - Default URLSearchHook is missing
A part ca, ton log est clean.
Ton antivirus (Tu dis Panda mais tu as Kaspersky d'installé) doit détecter un fichier dans un répertoire temporaire.
Donne-nous le chemin du fichier infecté que ton antivirus te trouve.
Vide le contenu de tes répertoires temporaires:
- C:\Documents and Settings\NOM_D'UTILISATEUR\Local Settings\Temp\
- C:\Windows\temp\
Pour vider le répertoire temporaire Internet:
- Menu Démarrer, cliquer sur "Panneau de configuration",
- Cliquer sur "Connexion réseau et Internet" (passer à l'étape suivante si l'icone n'existe pas),
- Cliquer sur "Options Internet",
- Onglet "Général", cliquer sur le bouton "Supprimer les fichiers...",
- Confirmer en Cliquant sur "Ok".
Vide la corbeille de ton logiciel d'email.
Lance HijackThis, coche la ligne et fixe ca:
R3 - Default URLSearchHook is missing
A part ca, ton log est clean.
Ton antivirus (Tu dis Panda mais tu as Kaspersky d'installé) doit détecter un fichier dans un répertoire temporaire.
Donne-nous le chemin du fichier infecté que ton antivirus te trouve.
Vide le contenu de tes répertoires temporaires:
- C:\Documents and Settings\NOM_D'UTILISATEUR\Local Settings\Temp\
- C:\Windows\temp\
Pour vider le répertoire temporaire Internet:
- Menu Démarrer, cliquer sur "Panneau de configuration",
- Cliquer sur "Connexion réseau et Internet" (passer à l'étape suivante si l'icone n'existe pas),
- Cliquer sur "Options Internet",
- Onglet "Général", cliquer sur le bouton "Supprimer les fichiers...",
- Confirmer en Cliquant sur "Ok".
Vide la corbeille de ton logiciel d'email.
