[infection]Infection tres coriasse
papite59
Messages postés
2
Statut
Membre
-
green day Messages postés 26319 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
green day Messages postés 26319 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
allo.Je suis presentement infecté par je ne sais pas quoi.
j'utilise windows xp familiale avec le logiciel anti-virus Avast proffessionel et sygate personnal firewall.Mon probleme est que,lorsque je scan mon ordi,mes logicielles trouve des virus,trojan,traqueur et autre cochonnerie.Mais aussi on se sert de mon ordi comme serveur pour junk mail vers des addresse aussi bizare qu'invraisemblable.(ex: xdas.htefa.net@kwiecos.rsf.hsd)Le seul moyen que jai dempecher mon ordi d'envoyer ces courrier est de bloqué mon scan resident de mail sortant de avast avec on firewall.
jai fait les scan avec plusieur programe et voici les resultat
Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 22:03:45, on 2006-06-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
e:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\svchost.exe
e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
e:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
C:\Program Files\ewido anti-malware\SecuritySuite.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.travian.com/international
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 24.212.44.72 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast!] e:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MEM] (Value not set)
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - https://www.fileplanet.com/
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = david
O17 - HKLM\Software\..\Telephony: DomainName = david
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = david
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: ISC BIND (named) - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)
O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)
spybot
Logfile of HijackThis v1.99.1
Scan saved at 22:03:45, on 2006-06-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
e:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\svchost.exe
e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
e:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
C:\Program Files\ewido anti-malware\SecuritySuite.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.travian.com/international
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 24.212.44.72 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast!] e:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MEM] (Value not set)
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - https://www.fileplanet.com/
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = david
O17 - HKLM\Software\..\Telephony: DomainName = david
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = david
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: ISC BIND (named) - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)
O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)
ad-aware
Ad-Aware SE Build 1.06r1
Logfile Created on:20 juin 2006 22:04:20
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R112 15.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):21 total references
RXToolbar(TAC index:2):3 total references
Tracking Cookie(TAC index:3):11 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
2006-06-20 22:04:20 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\David\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\visual basic\6.0\recentfiles
Description : list of recently used files in microsoft visual basic
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 572
ThreadCreationTime : 2006-06-20 13:24:25
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 648
ThreadCreationTime : 2006-06-20 13:24:29
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 676
ThreadCreationTime : 2006-06-20 13:24:31
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 2006-06-20 13:24:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 736
ThreadCreationTime : 2006-06-20 13:24:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 888
ThreadCreationTime : 2006-06-20 13:24:31
BasePriority : Normal
FileVersion : 6.14.10.4121
ProductVersion : 6.14.10.4121
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 900
ThreadCreationTime : 2006-06-20 13:24:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 992
ThreadCreationTime : 2006-06-20 13:24:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1084
ThreadCreationTime : 2006-06-20 13:24:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [smc.exe]
FilePath : C:\Program Files\Sygate\SPF\
ProcessID : 1168
ThreadCreationTime : 2006-06-20 13:24:32
BasePriority : Normal
FileVersion : 5.6.00.2808
ProductVersion : 5.6.00.2808
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE
#:11 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1224
ThreadCreationTime : 2006-06-20 13:24:32
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : IEXPLORE.EXE
#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1336
ThreadCreationTime : 2006-06-20 13:24:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:13 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1408
ThreadCreationTime : 2006-06-20 13:24:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1584
ThreadCreationTime : 2006-06-20 13:24:35
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:15 [aswupdsv.exe]
FilePath : e:\Program Files\Alwil Software\Avast4\
ProcessID : 1756
ThreadCreationTime : 2006-06-20 13:24:43
BasePriority : Normal
#:16 [ashserv.exe]
FilePath : e:\Program Files\Alwil Software\Avast4\
ProcessID : 1784
ThreadCreationTime : 2006-06-20 13:24:44
BasePriority : High
FileVersion : 4, 7, 844, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2006 ALWIL Software
OriginalFilename : aswServ.exe
#:17 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 1832
ThreadCreationTime : 2006-06-20 13:24:46
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:18 [lxrjd31s.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1856
ThreadCreationTime : 2006-06-20 13:24:46
BasePriority : Normal
#:19 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2004
ThreadCreationTime : 2006-06-20 13:24:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:20 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 232
ThreadCreationTime : 2006-06-20 13:24:47
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:21 [ashmaisv.exe]
FilePath : e:\Program Files\Alwil Software\Avast4\
ProcessID : 616
ThreadCreationTime : 2006-06-20 13:24:56
BasePriority : Normal
#:22 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 852
ThreadCreationTime : 2006-06-20 13:24:56
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:23 [ashwebsv.exe]
FilePath : e:\Program Files\Alwil Software\Avast4\
ProcessID : 1028
ThreadCreationTime : 2006-06-20 13:24:57
BasePriority : Normal
#:24 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3568
ThreadCreationTime : 2006-06-20 13:33:14
BasePriority : Normal
FileVersion : 6.14.10.4121
ProductVersion : 6.14.10.4121
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:25 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 3720
ThreadCreationTime : 2006-06-20 13:33:16
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE
#:26 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 3992
ThreadCreationTime : 2006-06-20 13:33:18
BasePriority : Normal
#:27 [adeck.exe]
FilePath : C:\Program Files\VIAudioi\SBADeck\
ProcessID : 4012
ThreadCreationTime : 2006-06-20 13:33:19
BasePriority : Normal
FileVersion : 1.0.0.0
ProductVersion : 1.62
ProductName : Vinyl Deck
CompanyName : VIA Technologies, Inc.
FileDescription : VIA Codec Control Panel
InternalName : Vinyl Deck
#:28 [ashdisp.exe]
FilePath : E:\PROGRA~1\ALWILS~1\Avast4\
ProcessID : 1052
ThreadCreationTime : 2006-06-20 13:33:19
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright (c) 2006 ALWIL Software
OriginalFilename : aswDisp.exe
#:29 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 2588
ThreadCreationTime : 2006-06-20 13:33:31
BasePriority : Normal
#:30 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3980
ThreadCreationTime : 2006-06-21 01:51:30
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : IEXPLORE.EXE
#:31 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2404
ThreadCreationTime : 2006-06-21 02:03:20
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:32 [ccleaner.exe]
FilePath : C:\Program Files\CCleaner\
ProcessID : 2632
ThreadCreationTime : 2006-06-21 02:03:22
BasePriority : Normal
FileVersion : 1.30.0310
ProductVersion : 1.30.0310
ProductName : CCleaner
CompanyName : Piriform Ltd
InternalName : ccleaner
OriginalFilename : ccleaner.exe
#:33 [version traduite originale.exe]
FilePath : C:\Program Files\Hijackthis Version Française\
ProcessID : 3876
ThreadCreationTime : 2006-06-21 02:03:23
BasePriority : Normal
FileVersion : 1.99.0001
ProductVersion : 1.99.0001
ProductName : HijackThis
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
LegalCopyright : Freeware
OriginalFilename : HijackThis.exe
Comments : Version history is in Help section
#:34 [securitysuite.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 3304
ThreadCreationTime : 2006-06-21 02:03:25
BasePriority : Normal
FileVersion : 3, 5, 0, 0
ProductVersion : 3, 5, 0, 0
ProductName : ewido anti-malware
CompanyName : ewido networks
FileDescription : anti-malware
InternalName : GuiLoader
LegalCopyright : © 2003 ewido networks
OriginalFilename : SecuritySuite.exe
#:35 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3616
ThreadCreationTime : 2006-06-21 02:03:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Bloc-notes
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : NOTEPAD.EXE
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
RXToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 2
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ac368f5f-6670-4dde-a1a8-b9c064ea0402}
RXToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 2
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{05563f82-69a7-40a6-8670-153b635a7ef6}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 23
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:david@tribalfusion.com/
Expires : 2037-12-31 20:00:00
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:32
Value : Cookie:david@247realmedia.com/
Expires : 2020-12-31 20:00:00
LastSync : Hits:32
UseCount : 0
Hits : 32
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@statcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:david@statcounter.com/
Expires : 2011-06-18 13:48:40
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@ads.multimania.lycos[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:david@ads.multimania.lycos.fr/
Expires : 2006-06-20 19:38:20
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@www.smartadserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:david@www.smartadserver.com/
Expires : 2026-06-15 21:59:26
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:david@questionmarket.com/
Expires : 2006-07-31 05:22:06
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:david@serving-sys.com/
Expires : 2037-12-31 18:00:00
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@web4.realtracker[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:david@web4.realtracker.com/
Expires : 2007-12-31 19:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@weborama[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:david@weborama.fr/
Expires : 2011-06-18 13:59:54
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@revenue[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:david@revenue.net/
Expires : 2022-06-10 01:05:42
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:27
Value : Cookie:david@bluestreak.com/
Expires : 2016-06-17 17:56:44
LastSync : Hits:27
UseCount : 0
Hits : 27
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 11
Objects found so far: 34
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 34
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
RXToolbar Object Recognized!
Type : RegData
Data : {2AB289AE-4B90-4281-B2AE-1F4BB034B647}
TAC Rating : 2
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html
Value : CLSID
Data : {2AB289AE-4B90-4281-B2AE-1F4BB034B647}
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 35
22:55:18 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:50:57.875
Objects scanned:257967
Objects identified:14
Objects ignored:0
New critical objects:14
Ewido
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 23:28:15, 2006-06-20
+ Somme de contrôle: 41B0497E
+ Résultats du scan:
C:\Documents and Settings\David\Cookies\david@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@com[1].txt -> TrackingCookie.Com : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@revenue[2].txt -> TrackingCookie.Revenue : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@tacoda[2].txt -> TrackingCookie.Tacoda : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@www.burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer sans sauvegarder
::Fin du rapport
voila.si il m'en manque dite moi le
j'utilise windows xp familiale avec le logiciel anti-virus Avast proffessionel et sygate personnal firewall.Mon probleme est que,lorsque je scan mon ordi,mes logicielles trouve des virus,trojan,traqueur et autre cochonnerie.Mais aussi on se sert de mon ordi comme serveur pour junk mail vers des addresse aussi bizare qu'invraisemblable.(ex: xdas.htefa.net@kwiecos.rsf.hsd)Le seul moyen que jai dempecher mon ordi d'envoyer ces courrier est de bloqué mon scan resident de mail sortant de avast avec on firewall.
jai fait les scan avec plusieur programe et voici les resultat
Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 22:03:45, on 2006-06-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
e:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\svchost.exe
e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
e:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
C:\Program Files\ewido anti-malware\SecuritySuite.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.travian.com/international
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 24.212.44.72 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast!] e:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MEM] (Value not set)
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - https://www.fileplanet.com/
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = david
O17 - HKLM\Software\..\Telephony: DomainName = david
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = david
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: ISC BIND (named) - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)
O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)
spybot
Logfile of HijackThis v1.99.1
Scan saved at 22:03:45, on 2006-06-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
e:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\svchost.exe
e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
e:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
C:\Program Files\ewido anti-malware\SecuritySuite.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.travian.com/international
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 24.212.44.72 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast!] e:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MEM] (Value not set)
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - https://www.fileplanet.com/
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = david
O17 - HKLM\Software\..\Telephony: DomainName = david
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = david
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: ISC BIND (named) - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)
O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)
ad-aware
Ad-Aware SE Build 1.06r1
Logfile Created on:20 juin 2006 22:04:20
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R112 15.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):21 total references
RXToolbar(TAC index:2):3 total references
Tracking Cookie(TAC index:3):11 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
2006-06-20 22:04:20 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\David\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\visual basic\6.0\recentfiles
Description : list of recently used files in microsoft visual basic
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-1001328727-626539822-1771796980-1007\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 572
ThreadCreationTime : 2006-06-20 13:24:25
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 648
ThreadCreationTime : 2006-06-20 13:24:29
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 676
ThreadCreationTime : 2006-06-20 13:24:31
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 2006-06-20 13:24:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 736
ThreadCreationTime : 2006-06-20 13:24:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 888
ThreadCreationTime : 2006-06-20 13:24:31
BasePriority : Normal
FileVersion : 6.14.10.4121
ProductVersion : 6.14.10.4121
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 900
ThreadCreationTime : 2006-06-20 13:24:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 992
ThreadCreationTime : 2006-06-20 13:24:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1084
ThreadCreationTime : 2006-06-20 13:24:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [smc.exe]
FilePath : C:\Program Files\Sygate\SPF\
ProcessID : 1168
ThreadCreationTime : 2006-06-20 13:24:32
BasePriority : Normal
FileVersion : 5.6.00.2808
ProductVersion : 5.6.00.2808
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE
#:11 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1224
ThreadCreationTime : 2006-06-20 13:24:32
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : IEXPLORE.EXE
#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1336
ThreadCreationTime : 2006-06-20 13:24:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:13 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1408
ThreadCreationTime : 2006-06-20 13:24:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1584
ThreadCreationTime : 2006-06-20 13:24:35
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:15 [aswupdsv.exe]
FilePath : e:\Program Files\Alwil Software\Avast4\
ProcessID : 1756
ThreadCreationTime : 2006-06-20 13:24:43
BasePriority : Normal
#:16 [ashserv.exe]
FilePath : e:\Program Files\Alwil Software\Avast4\
ProcessID : 1784
ThreadCreationTime : 2006-06-20 13:24:44
BasePriority : High
FileVersion : 4, 7, 844, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2006 ALWIL Software
OriginalFilename : aswServ.exe
#:17 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 1832
ThreadCreationTime : 2006-06-20 13:24:46
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:18 [lxrjd31s.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1856
ThreadCreationTime : 2006-06-20 13:24:46
BasePriority : Normal
#:19 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2004
ThreadCreationTime : 2006-06-20 13:24:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:20 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 232
ThreadCreationTime : 2006-06-20 13:24:47
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:21 [ashmaisv.exe]
FilePath : e:\Program Files\Alwil Software\Avast4\
ProcessID : 616
ThreadCreationTime : 2006-06-20 13:24:56
BasePriority : Normal
#:22 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 852
ThreadCreationTime : 2006-06-20 13:24:56
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:23 [ashwebsv.exe]
FilePath : e:\Program Files\Alwil Software\Avast4\
ProcessID : 1028
ThreadCreationTime : 2006-06-20 13:24:57
BasePriority : Normal
#:24 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3568
ThreadCreationTime : 2006-06-20 13:33:14
BasePriority : Normal
FileVersion : 6.14.10.4121
ProductVersion : 6.14.10.4121
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:25 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 3720
ThreadCreationTime : 2006-06-20 13:33:16
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE
#:26 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 3992
ThreadCreationTime : 2006-06-20 13:33:18
BasePriority : Normal
#:27 [adeck.exe]
FilePath : C:\Program Files\VIAudioi\SBADeck\
ProcessID : 4012
ThreadCreationTime : 2006-06-20 13:33:19
BasePriority : Normal
FileVersion : 1.0.0.0
ProductVersion : 1.62
ProductName : Vinyl Deck
CompanyName : VIA Technologies, Inc.
FileDescription : VIA Codec Control Panel
InternalName : Vinyl Deck
#:28 [ashdisp.exe]
FilePath : E:\PROGRA~1\ALWILS~1\Avast4\
ProcessID : 1052
ThreadCreationTime : 2006-06-20 13:33:19
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright (c) 2006 ALWIL Software
OriginalFilename : aswDisp.exe
#:29 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 2588
ThreadCreationTime : 2006-06-20 13:33:31
BasePriority : Normal
#:30 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3980
ThreadCreationTime : 2006-06-21 01:51:30
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : IEXPLORE.EXE
#:31 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2404
ThreadCreationTime : 2006-06-21 02:03:20
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:32 [ccleaner.exe]
FilePath : C:\Program Files\CCleaner\
ProcessID : 2632
ThreadCreationTime : 2006-06-21 02:03:22
BasePriority : Normal
FileVersion : 1.30.0310
ProductVersion : 1.30.0310
ProductName : CCleaner
CompanyName : Piriform Ltd
InternalName : ccleaner
OriginalFilename : ccleaner.exe
#:33 [version traduite originale.exe]
FilePath : C:\Program Files\Hijackthis Version Française\
ProcessID : 3876
ThreadCreationTime : 2006-06-21 02:03:23
BasePriority : Normal
FileVersion : 1.99.0001
ProductVersion : 1.99.0001
ProductName : HijackThis
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
LegalCopyright : Freeware
OriginalFilename : HijackThis.exe
Comments : Version history is in Help section
#:34 [securitysuite.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 3304
ThreadCreationTime : 2006-06-21 02:03:25
BasePriority : Normal
FileVersion : 3, 5, 0, 0
ProductVersion : 3, 5, 0, 0
ProductName : ewido anti-malware
CompanyName : ewido networks
FileDescription : anti-malware
InternalName : GuiLoader
LegalCopyright : © 2003 ewido networks
OriginalFilename : SecuritySuite.exe
#:35 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3616
ThreadCreationTime : 2006-06-21 02:03:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Bloc-notes
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : NOTEPAD.EXE
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
RXToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 2
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ac368f5f-6670-4dde-a1a8-b9c064ea0402}
RXToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 2
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{05563f82-69a7-40a6-8670-153b635a7ef6}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 23
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:david@tribalfusion.com/
Expires : 2037-12-31 20:00:00
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:32
Value : Cookie:david@247realmedia.com/
Expires : 2020-12-31 20:00:00
LastSync : Hits:32
UseCount : 0
Hits : 32
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@statcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:david@statcounter.com/
Expires : 2011-06-18 13:48:40
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@ads.multimania.lycos[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:david@ads.multimania.lycos.fr/
Expires : 2006-06-20 19:38:20
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@www.smartadserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:david@www.smartadserver.com/
Expires : 2026-06-15 21:59:26
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:david@questionmarket.com/
Expires : 2006-07-31 05:22:06
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:david@serving-sys.com/
Expires : 2037-12-31 18:00:00
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@web4.realtracker[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:david@web4.realtracker.com/
Expires : 2007-12-31 19:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@weborama[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:david@weborama.fr/
Expires : 2011-06-18 13:59:54
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@revenue[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:david@revenue.net/
Expires : 2022-06-10 01:05:42
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:27
Value : Cookie:david@bluestreak.com/
Expires : 2016-06-17 17:56:44
LastSync : Hits:27
UseCount : 0
Hits : 27
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 11
Objects found so far: 34
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 34
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
RXToolbar Object Recognized!
Type : RegData
Data : {2AB289AE-4B90-4281-B2AE-1F4BB034B647}
TAC Rating : 2
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html
Value : CLSID
Data : {2AB289AE-4B90-4281-B2AE-1F4BB034B647}
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 35
22:55:18 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:50:57.875
Objects scanned:257967
Objects identified:14
Objects ignored:0
New critical objects:14
Ewido
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 23:28:15, 2006-06-20
+ Somme de contrôle: 41B0497E
+ Résultats du scan:
C:\Documents and Settings\David\Cookies\david@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@com[1].txt -> TrackingCookie.Com : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@revenue[2].txt -> TrackingCookie.Revenue : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@tacoda[2].txt -> TrackingCookie.Tacoda : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@www.burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyer sans sauvegarder
C:\Documents and Settings\David\Cookies\david@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer sans sauvegarder
::Fin du rapport
voila.si il m'en manque dite moi le
A voir également:
- [infection]Infection tres coriasse
- Infection virus ✓ - Forum Virus
- Infection FileRepMetagen - Forum Virus
- Infection malwares - Forum Virus
- Infection pc - Forum Virus
- Infection winrmsrv ✓ - Forum Virus
1 réponse
Salut
Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :
O4 - HKLM\..\Run: [MEM] (Value not set)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
va dans ajout/supprimer un programme ( panneau de configuration ) et supprime le prog du nom de : RXToolbar
ensuite :
scan en ligne : colle rapport entier ( s’il y a quelque chose) :
http://www.bitdefender.fr/bd/site/search.php#
++
***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :
O4 - HKLM\..\Run: [MEM] (Value not set)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
va dans ajout/supprimer un programme ( panneau de configuration ) et supprime le prog du nom de : RXToolbar
ensuite :
scan en ligne : colle rapport entier ( s’il y a quelque chose) :
http://www.bitdefender.fr/bd/site/search.php#
++
***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
