Analyse Hijack SVP ??? (pb ipassist.biz)
tmetic
Messages postés
1
Statut
Membre
-
regis59 -
regis59 -
Bonjour,
j'ai vu que d'autres personnes ont réussi à virer leur spyware du type ipassist.biz grace à vos indications (Steve par exemple).
J'ai le meme pb, pourriez vous m'aider à choisir ce qu'il faut cocher dans hijack ?
Merci beaucoup par avance ,
voici le scan que j'ai obtenu :
Logfile of HijackThis v1.99.1
Scan saved at 09:16:26, on 13/05/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\SAFEGUARD\SGEASY\SGECTL.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\niSvcLoc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\suss.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nipalsm.exe
C:\WINNT\system32\nipalsm.exe
C:\WINNT\Explorer.EXE
C:\WINNT\TEMP\CQ364A.EXE
C:\WINNT\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\WINNT\system32\atiptaxx.exe
C:\SAFEGUARD\SGEASY\ECVIEW.EXE
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINNT\system32\Services\{6DD8D8F1-1C75-448F-B08C-7134B5075558}\SVCHOST.EXE
C:\WINNT\system32\ctfmon.exe
C:\Documents and Settings\DARI\Application Data\wrre.exe
C:\WINNT\system32\l?gonui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SOPRA\EcCalc\ectray32.exe
C:\Program Files\Palm\HOTSYNC.EXE
E:\Mes Documents\Program\Icon3D\icon3d.exe
C:\Program Files\Lotus\Notes\NLNOTES.EXE
C:\Program Files\Lotus\Notes\naldaemn.EXE
C:\Program Files\Lotus\Notes\nwrdaemn.EXE
C:\Program Files\Lotus\Notes\nupdate.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\DARI\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DARI\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipassist.biz/index.php?id=186
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DARI\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yahoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://vls-bob-s02.bobigny.vls.valeo/wpad.dat
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.valeo:8090
O1 - Hosts: 17.145.117.11 d-ru-1f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-ru-1h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-ru-2f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-ru-2h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-eu-2f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-eu-2h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-eu-1f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-eu-1h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-us-1f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-us-1h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 downloads1.kaspersky.ru
O1 - Hosts: 17.145.117.11 downloads2.kaspersky.ru
O1 - Hosts: 17.145.117.11 downloads3.kaspersky.ru
O1 - Hosts: 17.145.117.11 downloads4.kaspersky.ru
O1 - Hosts: 17.145.117.11 downloads5.kaspersky.ru
O1 - Hosts: 17.145.117.11 www.kaspersky.ru
O1 - Hosts: 17.145.117.11 kaspersky.ru
O1 - Hosts: 17.145.117.11 kaspersky-labs.com
O1 - Hosts: 17.145.117.11 www.kaspersky-labs.com
O1 - Hosts: 82.146.42.123 lloydstsb.co.uk
O1 - Hosts: 82.146.42.123 online.lloydstsb.co.uk
O1 - Hosts: 82.146.42.123 www.lloydstsb.co.uk
O1 - Hosts: 82.146.42.123 www.lloydstsb.com
O1 - Hosts: 82.146.42.123 personal.barclays.co.uk
O1 - Hosts: 82.146.42.123 barclays.co.uk
O1 - Hosts: 82.146.42.123 ibank.barclays.co.uk
O1 - Hosts: 82.146.42.123 www.barclays.co.uk
O1 - Hosts: 82.146.42.123 www.nwolb.com
O1 - Hosts: 82.146.42.123 nwolb.com
O1 - Hosts: 82.146.42.123 hsbc.co.uk
O1 - Hosts: 82.146.42.123 www.hsbc.co.uk
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [EDWizard] C:\SAFEGUARD\SGEASY\EDWIZARD.EXE as
O4 - HKLM\..\Run: [SgeEcView] C:\SAFEGUARD\SGEASY\ECVIEW.EXE
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SysUpd] C:\WINNT\sysupd.exe
O4 - HKLM\..\Run: [IMAQBoot] C:\Program Files\National Instruments\NI-IMAQ\bin\ImaqBoot.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Spools Service Controller] C:\WINNT\system32\spools.exe
O4 - HKLM\..\Run: [Service Host] C:\WINNT\system32\Services\{6DD8D8F1-1C75-448F-B08C-7134B5075558}\SVCHOST.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\DARI\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [Sgecrypt] C:\SAFEGUARD\SGEASY\SGECRYPT.EXE /SYSTRAY
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Ecmt] C:\Documents and Settings\DARI\Application Data\wrre.exe
O4 - HKCU\..\Run: [Rzdggl] C:\WINNT\system32\l?gonui.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Icon3D.lnk = E:\Mes Documents\Program\Icon3D\icon3d.exe
O4 - Global Startup: EuroConverter Systray.lnk = C:\Program Files\SOPRA\EcCalc\ectray32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .NPSSView: C:\Program Files\Common Files\Crystal Decisions\2.0\crystalreportviewers\Viewers\ActiveXViewer\NPssView.dll
O14 - IERESET.INF: START_PAGE_URL=http://www
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 81.222.131.59
O15 - Trusted IP range: 81.222.131.59 (HKLM)
O16 - DPF: Sametime Meeting Room Client ST30IF3 - http://vls-bob-s17.bobigny.vls.valeo/sametime/stmeetingroomclient/STMeetingRoomClient.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {24CEC0BF-C8BC-4BCB-B804-226326B319EF} (JNILoader Control) - http://vls-bob-s17.bobigny.vls.valeo/sametime/STMeetingRoomClient/STJNILoader.cab
O16 - DPF: {C1029C96-C060-44EA-9752-502B62E6C8C4} (PGLoader Class) - http://campus.valeo/progression/cds/30/plugins/pgldr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bobigny.vls.valeo.
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bobigny.vls.valeo.
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bobigny.vls.valeo.
O20 - Winlogon Notify: drct16 - C:\WINNT\SYSTEM32\drct16.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINNT\system32\nipalsm.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINNT\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINNT\system32\niSvcLoc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - c:\progra~1\Oracle\Ora81\BIN\ONRSD.EXE
O23 - Service: SgeCtl - Utimaco Safeware AG - C:\SAFEGUARD\SGEASY\SGECTL.EXE
O23 - Service: Intranet Server Client (SicltNT) - Apsynet - C:\WINNT\SYSTEM32\Siclt32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINNT\Pointdev\VNC\WinVNC.exe" -service (file missing)
j'ai vu que d'autres personnes ont réussi à virer leur spyware du type ipassist.biz grace à vos indications (Steve par exemple).
J'ai le meme pb, pourriez vous m'aider à choisir ce qu'il faut cocher dans hijack ?
Merci beaucoup par avance ,
voici le scan que j'ai obtenu :
Logfile of HijackThis v1.99.1
Scan saved at 09:16:26, on 13/05/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\SAFEGUARD\SGEASY\SGECTL.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\niSvcLoc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\suss.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nipalsm.exe
C:\WINNT\system32\nipalsm.exe
C:\WINNT\Explorer.EXE
C:\WINNT\TEMP\CQ364A.EXE
C:\WINNT\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\WINNT\system32\atiptaxx.exe
C:\SAFEGUARD\SGEASY\ECVIEW.EXE
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINNT\system32\Services\{6DD8D8F1-1C75-448F-B08C-7134B5075558}\SVCHOST.EXE
C:\WINNT\system32\ctfmon.exe
C:\Documents and Settings\DARI\Application Data\wrre.exe
C:\WINNT\system32\l?gonui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SOPRA\EcCalc\ectray32.exe
C:\Program Files\Palm\HOTSYNC.EXE
E:\Mes Documents\Program\Icon3D\icon3d.exe
C:\Program Files\Lotus\Notes\NLNOTES.EXE
C:\Program Files\Lotus\Notes\naldaemn.EXE
C:\Program Files\Lotus\Notes\nwrdaemn.EXE
C:\Program Files\Lotus\Notes\nupdate.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\DARI\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DARI\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipassist.biz/index.php?id=186
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DARI\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yahoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://vls-bob-s02.bobigny.vls.valeo/wpad.dat
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.valeo:8090
O1 - Hosts: 17.145.117.11 d-ru-1f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-ru-1h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-ru-2f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-ru-2h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-eu-2f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-eu-2h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-eu-1f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-eu-1h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-us-1f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-us-1h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 downloads1.kaspersky.ru
O1 - Hosts: 17.145.117.11 downloads2.kaspersky.ru
O1 - Hosts: 17.145.117.11 downloads3.kaspersky.ru
O1 - Hosts: 17.145.117.11 downloads4.kaspersky.ru
O1 - Hosts: 17.145.117.11 downloads5.kaspersky.ru
O1 - Hosts: 17.145.117.11 www.kaspersky.ru
O1 - Hosts: 17.145.117.11 kaspersky.ru
O1 - Hosts: 17.145.117.11 kaspersky-labs.com
O1 - Hosts: 17.145.117.11 www.kaspersky-labs.com
O1 - Hosts: 82.146.42.123 lloydstsb.co.uk
O1 - Hosts: 82.146.42.123 online.lloydstsb.co.uk
O1 - Hosts: 82.146.42.123 www.lloydstsb.co.uk
O1 - Hosts: 82.146.42.123 www.lloydstsb.com
O1 - Hosts: 82.146.42.123 personal.barclays.co.uk
O1 - Hosts: 82.146.42.123 barclays.co.uk
O1 - Hosts: 82.146.42.123 ibank.barclays.co.uk
O1 - Hosts: 82.146.42.123 www.barclays.co.uk
O1 - Hosts: 82.146.42.123 www.nwolb.com
O1 - Hosts: 82.146.42.123 nwolb.com
O1 - Hosts: 82.146.42.123 hsbc.co.uk
O1 - Hosts: 82.146.42.123 www.hsbc.co.uk
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [EDWizard] C:\SAFEGUARD\SGEASY\EDWIZARD.EXE as
O4 - HKLM\..\Run: [SgeEcView] C:\SAFEGUARD\SGEASY\ECVIEW.EXE
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SysUpd] C:\WINNT\sysupd.exe
O4 - HKLM\..\Run: [IMAQBoot] C:\Program Files\National Instruments\NI-IMAQ\bin\ImaqBoot.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Spools Service Controller] C:\WINNT\system32\spools.exe
O4 - HKLM\..\Run: [Service Host] C:\WINNT\system32\Services\{6DD8D8F1-1C75-448F-B08C-7134B5075558}\SVCHOST.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\DARI\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [Sgecrypt] C:\SAFEGUARD\SGEASY\SGECRYPT.EXE /SYSTRAY
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Ecmt] C:\Documents and Settings\DARI\Application Data\wrre.exe
O4 - HKCU\..\Run: [Rzdggl] C:\WINNT\system32\l?gonui.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Icon3D.lnk = E:\Mes Documents\Program\Icon3D\icon3d.exe
O4 - Global Startup: EuroConverter Systray.lnk = C:\Program Files\SOPRA\EcCalc\ectray32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .NPSSView: C:\Program Files\Common Files\Crystal Decisions\2.0\crystalreportviewers\Viewers\ActiveXViewer\NPssView.dll
O14 - IERESET.INF: START_PAGE_URL=http://www
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 81.222.131.59
O15 - Trusted IP range: 81.222.131.59 (HKLM)
O16 - DPF: Sametime Meeting Room Client ST30IF3 - http://vls-bob-s17.bobigny.vls.valeo/sametime/stmeetingroomclient/STMeetingRoomClient.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {24CEC0BF-C8BC-4BCB-B804-226326B319EF} (JNILoader Control) - http://vls-bob-s17.bobigny.vls.valeo/sametime/STMeetingRoomClient/STJNILoader.cab
O16 - DPF: {C1029C96-C060-44EA-9752-502B62E6C8C4} (PGLoader Class) - http://campus.valeo/progression/cds/30/plugins/pgldr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bobigny.vls.valeo.
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bobigny.vls.valeo.
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bobigny.vls.valeo.
O20 - Winlogon Notify: drct16 - C:\WINNT\SYSTEM32\drct16.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINNT\system32\nipalsm.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINNT\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINNT\system32\niSvcLoc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - c:\progra~1\Oracle\Ora81\BIN\ONRSD.EXE
O23 - Service: SgeCtl - Utimaco Safeware AG - C:\SAFEGUARD\SGEASY\SGECTL.EXE
O23 - Service: Intranet Server Client (SicltNT) - Apsynet - C:\WINNT\SYSTEM32\Siclt32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINNT\Pointdev\VNC\WinVNC.exe" -service (file missing)
A voir également:
- Analyse Hijack SVP ??? (pb ipassist.biz)
- Analyse composant pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Analyse performance pc - Guide
- Échec de l'analyse antivirus. ✓ - Forum Antivirus
- Analyse et réparation disque dur externe - Guide
2 réponses
je traduis pas les logfiles, mais moi aussi j'ai des problèmes et j'ai trouvé un evaluateur automatique... tu copie/colle ton logfile mais uniquement les lignes aprés "C:/" (RO, R....)
http://www.hijackthis.de/index.php
pour info, j'ai pas encore testé.. mais apparement c'est serieux..
http://www.hijackthis.de/index.php
pour info, j'ai pas encore testé.. mais apparement c'est serieux..
