Pc infecte, demande d'aide
gillesing
-
gillesing -
gillesing -
Mon ordi est infecte, je crois par quelque chose comme W32.Onlinegames-b....
je l'ai scanne avec avg qui me dit que c'est ok.
le raport pour hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:46 PM, on 9/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\system32\UMonit2K.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\hwshell.exe
C:\Program Files\Kingsoft\Powerword 2006\xdict.exe
C:\Program Files\UltimateZip\uzqkst.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R3 - URLSearchHook: SrchspHook Class - {22F86F33-9CBB-49a8-BB12-CDBE51B4C294} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEAux Class - {7605CC7C-00FD-4A5F-BAFD-828342DE6279} - C:\PROGRA~1\OCINS\ieaux.dll (file missing)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ó?ò?°é??(&V) - {4647E382-520B-11D2-A0D0-004033D0645D} - C:\Program Files\InfoQuick\VoiceMate\Plugin\MyBands.dll
O3 - Toolbar: NewStar Band - {56C8C49B-7340-4D2F-988B-77416E8B97A5} - C:\Program Files\Chinese New Star\WordPlugin\IEPhonetic.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB002" /M "Stylus CX4100"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DiskMan32] C:\WINDOWS\DiskMan32.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HANWANG Shell.lnk = %ProgramFiles%\hwshell.exe
O4 - Global Startup: 金山词霸 2006.lnk = C:\Program Files\Kingsoft\Powerword 2006\xdict.exe
O8 - Extra context menu item: &访问通用网址 - C:\Program Files\OCINS\cnrbtn.html
O8 - Extra context menu item: Download All by FlashGet - G:\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - G:\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ?D??é?í? - {B012491E-8FA4-4851-AA9B-22E33784FBAD} - C:\Program Files\OCINS\config.exe (file missing)
O9 - Extra 'Tools' menuitem: ?D??é?í? - {B012491E-8FA4-4851-AA9B-22E33784FBAD} - C:\Program Files\OCINS\config.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://vivoptz.dyndns.biz:101/VatDec.cab
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://vivoptz.dyndns.biz/RtspVaPgDec.cab
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://202.172.177.20/ActiveX/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118749390641
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://mocca.com/MediaCorp/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: A7CBD9B2 - Unknown owner - C:\WINDOWS\System32\1173DFDD.EXE (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\System32\ntsokele.exe (file missing)
--
End of file - 10548 bytes
pour runscanner
Runscanner logfile http://www.runscanner.net
* = authenticode signed file
- = file not found
000 General info
----------------
Computer name : YOUR-984QDY9NQR
Creation time : 9/11/2007 11:55:28 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 6.0.2800.1106
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 1
RunScanner Version : 1.0.3.0
Type of scan : Full scan
User Language : Chinese (PRC)
User rights : Administrator
Windows folder : C:\WINDOWS
001 Running processes
---------------------
* c:\program files\alwil software\avast4\ashserv.exe (ALWIL Software)
* c:\program files\alwil software\avast4\aswupdsv.exe (ALWIL Software)
* c:\program files\alwil software\avast4\ashmaisv.exe (ALWIL Software)
* c:\program files\alwil software\avast4\ashwebsv.exe (ALWIL Software)
* c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe (GRISOFT s.r.o.)
* c:\program files\grisoft\avg anti-spyware 7.5\guard.exe (GRISOFT s.r.o.)
* c:\windows\system32\spool\drivers\w32x86\3\e_fatiaep.exe (SEIKO EPSON CORPORATION)
* c:\progra~1\mozill~1\firefox.exe (Mozilla Corporation)
c:\windows\system32\umonit2k.exe (General)
* c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe (Google Inc.)
* c:\windows\system32\hkcmd.exe (Intel Corporation)
c:\windows\system32\hphmon05.exe (Hewlett-Packard)
c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe
c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
c:\program files\hwshell.exe
* c:\windows\system32\igfxtray.exe (Intel Corporation)
c:\hp\kbd\kbd.exe (Hewlett-Packard Company)
c:\program files\kingsoft\powerword 2006\xdict.exe (Kingsoft Co, Ltd.)
* c:\windows\system32\lexbces.exe (Lexmark International, Inc.)
c:\program files\lexmark x5100 series\lxbabmgr.exe (Lexmark International, Inc.)
* c:\program files\lexmark x5100 series\lxbabmon.exe (Lexmark International, Inc.)
* c:\windows\system32\lexpps.exe (Lexmark International, Inc.)
* c:\docume~1\owner\locals~1\temp\rar$ex02.687\runscanner.exe (Runscanner.net)
c:\program files\ultimatezip\uzqkst.exe (SWE von Schleusen)
* c:\program files\alwil software\avast4\ashsimpl.exe (ALWIL Software)
c:\program files\winrar\winrar.exe
c:\program files\winrar\winrar.exe
002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe (GRISOFT s.r.o.)
* C:\WINDOWS\alcxmntr.exe (Realtek Semiconductor Corp.)
- c:\windows\avpsrv.exe
c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe
- c:\windows\diskman32.exe
* c:\windows\system32\spool\drivers\w32x86\3\e_fatiaep.exe (SEIKO EPSON CORPORATION)
c:\windows\system32\umonit2k.exe (General)
* c:\windows\system32\hkcmd.exe (Intel Corporation)
c:\windows\system32\hphmon05.exe (Hewlett-Packard)
c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe (Hewlett-Packard)
c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
c:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
* c:\windows\system32\igfxtray.exe (Intel Corporation)
c:\hp\kbd\kbd.exe (Hewlett-Packard Company)
c:\program files\lexmark x5100 series\lxbabmgr.exe (Lexmark International, Inc.)
c:\windows\system32\nerocheck.exe (Ahead Software Gmbh)
* c:\windows\system32\ps2.exe (Hewlett-Packard Company)
c:\program files\quicktime\qttask.exe (Apple Inc.)
c:\windows\sminst\recguard.exe
003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\program files\ahead\nero backitup\nbj.exe (Ahead Software AG)
* c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe (Google Inc.)
004 C:\Documents and Settings\Owner\Start Menu\Programs\Startup
---------------------------------------------------------------
c:\progra~1\ultima~1\uzqkst.exe (SWE von Schleusen)
005 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
-------------------------------------------------------------------
c:\progra~1\adobe\acroba~2.0\reader\reader~1.exe (Adobe Systems Incorporated)
c:\progra~1\common~1\adobe\calibr~1\adobeg~1.exe (Adobe Systems, Inc.)
c:\progra~1\hwshell.exe
c:\progra~1\kingsoft\powerw~1\xdict.exe (Kingsoft Co, Ltd.)
010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
- c:\windows\system32\1173dfdd.exe (A7CBD9B2)
C:\WINDOWS\microsoft.net\framework\v1.1.4322\aspnet_state.exe (ASP.NET State Service)
* c:\program files\alwil software\avast4\ashserv.exe (avast! Antivirus)
* c:\program files\alwil software\avast4\aswupdsv.exe (avast! iAVS4 Control Service)
* c:\program files\alwil software\avast4\ashmaisv.exe (avast! Mail Scanner)
* c:\program files\alwil software\avast4\ashwebsv.exe (avast! Web Scanner)
* c:\program files\grisoft\avg anti-spyware 7.5\guard.exe (AVG Anti-Spyware Guard)
* c:\program files\google\common\google updater\googleupdaterservice.exe (Google Updater Service)
c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe (InstallDriver Table Manager)
* c:\program files\ipod\bin\ipodservice.exe (iPod Service)
* c:\windows\system32\lexbces.exe (LexBce Server)
- c:\windows\system32\ntsokele.exe (Remote Help Session Manager)
011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
- c:\windows\system32\drivers\acpidisk.sys (acpidisk)
C:\WINDOWS\system32\drivers\avgarkt.sys (AVG Anti-Rootkit)
C:\WINDOWS\system32\drivers\avgarcln.sys (Avg Anti-Rootkit Clean Driver)
* C:\WINDOWS\system32\drivers\avgascln.sys (AVG Anti-Spyware Clean Driver)
* c:\program files\grisoft\avg anti-spyware 7.5\guard.sys (AVG Anti-Spyware Driver)
C:\WINDOWS\system32\drivers\cnprov.sys (cnprov)
- c:\windows\system32\drivers\dg8t1qbv.sys (dg8t1qbv)
* C:\WINDOWS\system32\drivers\mdmxsdk.sys (Diagnostic Interface DRIVER)
* C:\WINDOWS\system32\drivers\dwusbdnt.sys (Digit@lway Audio Player USB Driver)
* C:\WINDOWS\system32\drivers\ptilink.sys (Direct Parallel Link Driver)
C:\WINDOWS\system32\drivers\pxhelp20.sys (Filter)
* C:\WINDOWS\system32\drivers\v4cb010b.sys (FinePix Digital Camera)
* C:\WINDOWS\system32\drivers\gearaspiwdm.sys (GEARAspiWDM)
* C:\WINDOWS\system32\drivers\hsf_cnxt.sys (HSF_CNXT driver)
* C:\WINDOWS\system32\drivers\hsf_dp.sys (HSF_DP driver)
* C:\WINDOWS\system32\drivers\hsfhwbs2.sys (HSF_HWB2 WDM driver)
- c:\windows\system32\drivers\idnaux.sys (idnaux)
* C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel(R) Graphics Chipset (KCH) Driver)
* C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel(R) Graphics Platform (SoftBIOS) Driver)
C:\WINDOWS\system32\drivers\npf.sys (Netgroup Packet Filter)
C:\WINDOWS\system32\drivers\pn4rokf391.sys (pn4rokf391)
- c:\protector plus\ppdrv.sys (Protector Plus Driver (UnRegistered))
- c:\protector plus\ppemscan.sys (Protector Plus Email Scan Driver)
* C:\WINDOWS\system32\drivers\ps2.sys (PS2)
* C:\WINDOWS\system32\drivers\r8139n51.sys (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver)
* C:\WINDOWS\system32\drivers\secdrv.sys (Secdrv)
* C:\WINDOWS\system32\drivers\alcxwdm.sys (Service for Realtek AC97 Audio (WDM))
* C:\WINDOWS\system32\drivers\sisagpx.sys (SiS AGP Filter)
* C:\WINDOWS\system32\drivers\srvkp.sys (SiS VGA Driver Manager)
- c:\windows\system32\drivers\emfilter.sys (USB Device Lower Filter)
- c:\windows\system32\drivers\emscan.sys (USB Still Image Capture Device)
- c:\windows\system32\drivers\emdevice.sys (Vcam385)
* C:\WINDOWS\system32\drivers\viaagp1.sys (VIA AGP Filter)
* C:\WINDOWS\system32\drivers\sisgrp.sys (Video)
* C:\WINDOWS\system32\drivers\ialmnt5.sys (Video)
* C:\WINDOWS\system32\drivers\nv4_mini.sys (Video)
* C:\WINDOWS\system32\drivers\s3gnbm.sys (Video)
030 HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
------------------------------------------
c:\windows\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
c:\windows\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
c:\windows\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
c:\program files\common files\microsoft shared\information retrieval\msitss.dll (Microsoft Corporation) {0A9007C0-4076-11D3-8789-0000F8105754}
c:\progra~1\msnmes~1\msgrapp.dll (Microsoft Corporation) {828030A1-22C1-4009-854F-8E305202313F}
* c:\windows\system32\msdxm.ocx {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020}
035 HKLM-HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
------------------------------------------------------------------
c:\windows\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}
041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
c:\program files\epson\epson web-to-page\epson web-to-page.dll (SEIKO EPSON CORPORATION) {EE5D279F-081B-4404-994D-C6B60AAEBA6D}
* c:\program files\google\googletoolbar2.dll (Google Inc.) {2318C2B1-4965-11d4-9B18-009027A5CD4F}
c:\program files\infoquick\voicemate\plugin\mybands.dll (Written by Paul DiLascia) {4647E382-520B-11D2-A0D0-004033D0645D}
* c:\windows\system32\msdxm.ocx {8E718888-423F-11D2-876E-00A0C9082467}
c:\program files\chinese new star\wordplugin\iephonetic.dll (DigitEasy Singapore) {56C8C49B-7340-4D2F-988B-77416E8B97A5}
042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
C:\WINDOWS\bdoscandel.exe {85d1f590-48f4-11d9-9669-0800200c9a66}
- c:\program files\ocins\config.exe {B012491E-8FA4-4851-AA9B-22E33784FBAD}
c:\progra~1\yahoo!\messen~1\ypager.exe {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
----------------------------------------------------------------
c:\program files\chinese new star\wordplugin\iephonetic.dll (DigitEasy Singapore) {56C8C49B-7340-4D2F-988B-77416E8B97A5}
* c:\program files\google\googletoolbar2.dll (Google Inc.) {2318C2B1-4965-11D4-9B18-009027A5CD4F}
047 Trusted zones
-----------------
Zone: : msn
050 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
-----------------------------------------------------------------------------
* c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
c:\program files\internet explorer\iexplore32.win {A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E}
052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
GUID / CLSID not found {A5366673-E8CA-11D3-9CD9-0090271D075B}
GUID / CLSID not found {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
* c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll (Adobe Systems Incorporated) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
* c:\program files\spybot - search & destroy\sdhelper.dll (Safer Networking Limited) {53707962-6F74-2D53-2644-206D7942484F}
c:\program files\epson\epson web-to-page\epson web-to-page.dll (SEIKO EPSON CORPORATION) {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}
* c:\program files\google\googletoolbar2.dll (Google Inc.) {AA58ED58-01DD-4d91-8333-CF10577473F7}
* c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
- c:\progra~1\ocins\ieaux.dll {7605CC7C-00FD-4A5F-BAFD-828342DE6279}
c:\program files\microsoft money\system\mnyside.dll (Microsoft Corporation) {243B17DE-77C7-46BF-B94B-0B5F309A0E64}
- c:\documents and settings\all users\application data\microsoft\pctools\pctools.dll {385AB8C6-FB22-4D17-8834-064E2BA0A6F0}
061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
* c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
c:\program files\illustrate\dbpoweramp\dmcshell.dll {2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}
c:\program files\illustrate\dbpoweramp\dbshell.dll {FED7043D-346A-414D-ACD7-550D052499A7}
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
c:\windows\system32\mscoree.dll (Microsoft Corporation) {1D2680C9-0E2A-469d-B787-065558BC7D43}
* c:\windows\system32\hticons.dll (Hilgraeve, Inc.) {88895560-9AA2-1069-930E-00AA0030EBC8}
* c:\program files\itunes\itunesminiplayer.dll (Apple Inc.) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}
c:\windows\system32\shellvrtf.dll (XSS) {7F67036B-66F1-411A-AD85-759FB9C5B0DB}
c:\progra~1\ultima~1\uzshldr.dll {2F860D82-AF3C-11D4-BDB3-00E0987D8540}
c:\progra~1\ultima~1\uzshlex.dll {2F860D81-AF3C-11D4-BDB3-00E0987D8540}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
* C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
* C:\WINDOWS\System32\lexlmpm.dll (Lexmark International, Inc.)
073 %windir%\Tasks
------------------
AppleSoftwareUpdate.job : c:\program files\apple software update\softwareupdate.exe (Apple Inc.)
Symantec NetDetect.job : c:\program files\symantec\liveupdate\ndetect.exe (Symantec Corporation)
100 Internet Explorer settings
------------------------------
CustomizeSearch HKLM : http://client.jogo.cn/cdn/browser/customsearch/customsearch-cn.html
Default_Page_URL HKCU : http://qsg9.hpwis.com/
Default_Page_URL HKLM : http://qsg9.hpwis.com/
Default_Search_URL HKLM : http://www.google.com/toolbar/ie8/sidebar.html
ProxyOverride HKCU : localhost
Search Page HKCU : https://www.google.com/?gws_rd=ssl
Search Page HKLM : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchAssistant HKCU : http://www.google.com/toolbar/ie8/sidebar.html
SearchAssistant HKLM : http://www.google.com/toolbar/ie8/sidebar.html
SearchUrl HKCU : http://www.google.com/search?q=%s
ShellNext HKCU : http://qsg9.hpwis.com/
Start Page HKCU : about:blank
Start Page HKLM : http://qsg9.hpwis.com/
102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
------------------------------------------------------------------
c:\program files\chinese new star\wordplugin\iephonetic.dll (DigitEasy Singapore) {56C8C49B-7340-4D2F-988B-77416E8B97A5}
104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
c:\windows\downloaded program files\vatdecoder.dll {210D0CBC-8B17-48D1-B294-1A338DD2EB3A}
c:\windows\downloaded program files\rtspvapgdecoder.dll {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2}
c:\program files\hp\receiver experience\activex\highbarsaveactivex.dll (Hewlett-Packard) {54D53429-945C-4188-B460-C81356541882}
c:\windows\downlo~1\oscan8.ocx (SOFTWIN) {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
* c:\windows\downloaded program files\mgaxctrl.dll (Autodesk Inc.) {62789780-B744-11D0-986B-00609731A21D}
* c:\windows\downloaded program files\imageuploader4.ocx (Aurigma, Inc.) {6E5E167B-1566-4316-B27F-0DDAB3484CF7}
c:\program files\java\j2re1.4.1_02\bin\npjpi141_02.dll (JavaSoft / Sun Microsystems, Inc.) {8AD9C840-044E-11D1-B3E9-00805F499D93}
* c:\windows\downloaded program files\asinst.dll (Panda Software) {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
c:\program files\java\j2re1.4.1_02\bin\npjpi141_02.dll (JavaSoft / Sun Microsystems, Inc.) {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
* c:\windows\system32\macromed\flash\flash9c.ocx (Adobe Systems, Inc.) {D27CDB6E-AE6D-11CF-96B8-444553540000}
105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
&访问通用网址 : C:\Program Files\OCINS\cnrbtn.html
Download All by FlashGet : G:\FlashGet\jc_all.htm
Download using FlashGet : G:\FlashGet\jc_link.htm
E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
151 HKLM\Software\Microsoft\Command Processor\Autorun
-----------------------------------------------------
- d:\myplayer.com
160 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
DisableRegistryTools : 0
161 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
dontdisplaylastusername : 0
shutdownwithoutlogon : 1
undockwithoutlogon : 1
167 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run (+subkeys)
-----------------------------------------------------------------------------------
- lyleador.exe
- lyloader.exe
- lyloadhr.exe
- lyloadmr.exe
- lyloador.exe
- lyloadqr.exe
- lyloadar.exe
- lyloadbr.exe
173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
c:\progra~1\ultima~1\uzshlex.dll {2F860D81-AF3C-11D4-BDB3-00E0987D8540}
* c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
c:\program files\epson\creativity suite\easy photo print\eppshell.dll (SEIKO EPSON CORPORATION) {509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}
* c:\program files\grisoft\avg anti-spyware 7.5\context.dll (GRISOFT s.r.o.) {8934FCEF-F5B8-468f-951F-78A921CD3920}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
je l'ai scanne avec avg qui me dit que c'est ok.
le raport pour hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:46 PM, on 9/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\system32\UMonit2K.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\hwshell.exe
C:\Program Files\Kingsoft\Powerword 2006\xdict.exe
C:\Program Files\UltimateZip\uzqkst.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R3 - URLSearchHook: SrchspHook Class - {22F86F33-9CBB-49a8-BB12-CDBE51B4C294} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEAux Class - {7605CC7C-00FD-4A5F-BAFD-828342DE6279} - C:\PROGRA~1\OCINS\ieaux.dll (file missing)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ó?ò?°é??(&V) - {4647E382-520B-11D2-A0D0-004033D0645D} - C:\Program Files\InfoQuick\VoiceMate\Plugin\MyBands.dll
O3 - Toolbar: NewStar Band - {56C8C49B-7340-4D2F-988B-77416E8B97A5} - C:\Program Files\Chinese New Star\WordPlugin\IEPhonetic.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB002" /M "Stylus CX4100"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DiskMan32] C:\WINDOWS\DiskMan32.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HANWANG Shell.lnk = %ProgramFiles%\hwshell.exe
O4 - Global Startup: 金山词霸 2006.lnk = C:\Program Files\Kingsoft\Powerword 2006\xdict.exe
O8 - Extra context menu item: &访问通用网址 - C:\Program Files\OCINS\cnrbtn.html
O8 - Extra context menu item: Download All by FlashGet - G:\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - G:\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ?D??é?í? - {B012491E-8FA4-4851-AA9B-22E33784FBAD} - C:\Program Files\OCINS\config.exe (file missing)
O9 - Extra 'Tools' menuitem: ?D??é?í? - {B012491E-8FA4-4851-AA9B-22E33784FBAD} - C:\Program Files\OCINS\config.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://vivoptz.dyndns.biz:101/VatDec.cab
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://vivoptz.dyndns.biz/RtspVaPgDec.cab
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://202.172.177.20/ActiveX/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118749390641
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://mocca.com/MediaCorp/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: A7CBD9B2 - Unknown owner - C:\WINDOWS\System32\1173DFDD.EXE (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\System32\ntsokele.exe (file missing)
--
End of file - 10548 bytes
pour runscanner
Runscanner logfile http://www.runscanner.net
* = authenticode signed file
- = file not found
000 General info
----------------
Computer name : YOUR-984QDY9NQR
Creation time : 9/11/2007 11:55:28 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 6.0.2800.1106
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 1
RunScanner Version : 1.0.3.0
Type of scan : Full scan
User Language : Chinese (PRC)
User rights : Administrator
Windows folder : C:\WINDOWS
001 Running processes
---------------------
* c:\program files\alwil software\avast4\ashserv.exe (ALWIL Software)
* c:\program files\alwil software\avast4\aswupdsv.exe (ALWIL Software)
* c:\program files\alwil software\avast4\ashmaisv.exe (ALWIL Software)
* c:\program files\alwil software\avast4\ashwebsv.exe (ALWIL Software)
* c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe (GRISOFT s.r.o.)
* c:\program files\grisoft\avg anti-spyware 7.5\guard.exe (GRISOFT s.r.o.)
* c:\windows\system32\spool\drivers\w32x86\3\e_fatiaep.exe (SEIKO EPSON CORPORATION)
* c:\progra~1\mozill~1\firefox.exe (Mozilla Corporation)
c:\windows\system32\umonit2k.exe (General)
* c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe (Google Inc.)
* c:\windows\system32\hkcmd.exe (Intel Corporation)
c:\windows\system32\hphmon05.exe (Hewlett-Packard)
c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe
c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
c:\program files\hwshell.exe
* c:\windows\system32\igfxtray.exe (Intel Corporation)
c:\hp\kbd\kbd.exe (Hewlett-Packard Company)
c:\program files\kingsoft\powerword 2006\xdict.exe (Kingsoft Co, Ltd.)
* c:\windows\system32\lexbces.exe (Lexmark International, Inc.)
c:\program files\lexmark x5100 series\lxbabmgr.exe (Lexmark International, Inc.)
* c:\program files\lexmark x5100 series\lxbabmon.exe (Lexmark International, Inc.)
* c:\windows\system32\lexpps.exe (Lexmark International, Inc.)
* c:\docume~1\owner\locals~1\temp\rar$ex02.687\runscanner.exe (Runscanner.net)
c:\program files\ultimatezip\uzqkst.exe (SWE von Schleusen)
* c:\program files\alwil software\avast4\ashsimpl.exe (ALWIL Software)
c:\program files\winrar\winrar.exe
c:\program files\winrar\winrar.exe
002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe (GRISOFT s.r.o.)
* C:\WINDOWS\alcxmntr.exe (Realtek Semiconductor Corp.)
- c:\windows\avpsrv.exe
c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe
- c:\windows\diskman32.exe
* c:\windows\system32\spool\drivers\w32x86\3\e_fatiaep.exe (SEIKO EPSON CORPORATION)
c:\windows\system32\umonit2k.exe (General)
* c:\windows\system32\hkcmd.exe (Intel Corporation)
c:\windows\system32\hphmon05.exe (Hewlett-Packard)
c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe (Hewlett-Packard)
c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
c:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
* c:\windows\system32\igfxtray.exe (Intel Corporation)
c:\hp\kbd\kbd.exe (Hewlett-Packard Company)
c:\program files\lexmark x5100 series\lxbabmgr.exe (Lexmark International, Inc.)
c:\windows\system32\nerocheck.exe (Ahead Software Gmbh)
* c:\windows\system32\ps2.exe (Hewlett-Packard Company)
c:\program files\quicktime\qttask.exe (Apple Inc.)
c:\windows\sminst\recguard.exe
003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\program files\ahead\nero backitup\nbj.exe (Ahead Software AG)
* c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe (Google Inc.)
004 C:\Documents and Settings\Owner\Start Menu\Programs\Startup
---------------------------------------------------------------
c:\progra~1\ultima~1\uzqkst.exe (SWE von Schleusen)
005 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
-------------------------------------------------------------------
c:\progra~1\adobe\acroba~2.0\reader\reader~1.exe (Adobe Systems Incorporated)
c:\progra~1\common~1\adobe\calibr~1\adobeg~1.exe (Adobe Systems, Inc.)
c:\progra~1\hwshell.exe
c:\progra~1\kingsoft\powerw~1\xdict.exe (Kingsoft Co, Ltd.)
010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
- c:\windows\system32\1173dfdd.exe (A7CBD9B2)
C:\WINDOWS\microsoft.net\framework\v1.1.4322\aspnet_state.exe (ASP.NET State Service)
* c:\program files\alwil software\avast4\ashserv.exe (avast! Antivirus)
* c:\program files\alwil software\avast4\aswupdsv.exe (avast! iAVS4 Control Service)
* c:\program files\alwil software\avast4\ashmaisv.exe (avast! Mail Scanner)
* c:\program files\alwil software\avast4\ashwebsv.exe (avast! Web Scanner)
* c:\program files\grisoft\avg anti-spyware 7.5\guard.exe (AVG Anti-Spyware Guard)
* c:\program files\google\common\google updater\googleupdaterservice.exe (Google Updater Service)
c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe (InstallDriver Table Manager)
* c:\program files\ipod\bin\ipodservice.exe (iPod Service)
* c:\windows\system32\lexbces.exe (LexBce Server)
- c:\windows\system32\ntsokele.exe (Remote Help Session Manager)
011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
- c:\windows\system32\drivers\acpidisk.sys (acpidisk)
C:\WINDOWS\system32\drivers\avgarkt.sys (AVG Anti-Rootkit)
C:\WINDOWS\system32\drivers\avgarcln.sys (Avg Anti-Rootkit Clean Driver)
* C:\WINDOWS\system32\drivers\avgascln.sys (AVG Anti-Spyware Clean Driver)
* c:\program files\grisoft\avg anti-spyware 7.5\guard.sys (AVG Anti-Spyware Driver)
C:\WINDOWS\system32\drivers\cnprov.sys (cnprov)
- c:\windows\system32\drivers\dg8t1qbv.sys (dg8t1qbv)
* C:\WINDOWS\system32\drivers\mdmxsdk.sys (Diagnostic Interface DRIVER)
* C:\WINDOWS\system32\drivers\dwusbdnt.sys (Digit@lway Audio Player USB Driver)
* C:\WINDOWS\system32\drivers\ptilink.sys (Direct Parallel Link Driver)
C:\WINDOWS\system32\drivers\pxhelp20.sys (Filter)
* C:\WINDOWS\system32\drivers\v4cb010b.sys (FinePix Digital Camera)
* C:\WINDOWS\system32\drivers\gearaspiwdm.sys (GEARAspiWDM)
* C:\WINDOWS\system32\drivers\hsf_cnxt.sys (HSF_CNXT driver)
* C:\WINDOWS\system32\drivers\hsf_dp.sys (HSF_DP driver)
* C:\WINDOWS\system32\drivers\hsfhwbs2.sys (HSF_HWB2 WDM driver)
- c:\windows\system32\drivers\idnaux.sys (idnaux)
* C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel(R) Graphics Chipset (KCH) Driver)
* C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel(R) Graphics Platform (SoftBIOS) Driver)
C:\WINDOWS\system32\drivers\npf.sys (Netgroup Packet Filter)
C:\WINDOWS\system32\drivers\pn4rokf391.sys (pn4rokf391)
- c:\protector plus\ppdrv.sys (Protector Plus Driver (UnRegistered))
- c:\protector plus\ppemscan.sys (Protector Plus Email Scan Driver)
* C:\WINDOWS\system32\drivers\ps2.sys (PS2)
* C:\WINDOWS\system32\drivers\r8139n51.sys (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver)
* C:\WINDOWS\system32\drivers\secdrv.sys (Secdrv)
* C:\WINDOWS\system32\drivers\alcxwdm.sys (Service for Realtek AC97 Audio (WDM))
* C:\WINDOWS\system32\drivers\sisagpx.sys (SiS AGP Filter)
* C:\WINDOWS\system32\drivers\srvkp.sys (SiS VGA Driver Manager)
- c:\windows\system32\drivers\emfilter.sys (USB Device Lower Filter)
- c:\windows\system32\drivers\emscan.sys (USB Still Image Capture Device)
- c:\windows\system32\drivers\emdevice.sys (Vcam385)
* C:\WINDOWS\system32\drivers\viaagp1.sys (VIA AGP Filter)
* C:\WINDOWS\system32\drivers\sisgrp.sys (Video)
* C:\WINDOWS\system32\drivers\ialmnt5.sys (Video)
* C:\WINDOWS\system32\drivers\nv4_mini.sys (Video)
* C:\WINDOWS\system32\drivers\s3gnbm.sys (Video)
030 HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
------------------------------------------
c:\windows\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
c:\windows\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
c:\windows\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
c:\program files\common files\microsoft shared\information retrieval\msitss.dll (Microsoft Corporation) {0A9007C0-4076-11D3-8789-0000F8105754}
c:\progra~1\msnmes~1\msgrapp.dll (Microsoft Corporation) {828030A1-22C1-4009-854F-8E305202313F}
* c:\windows\system32\msdxm.ocx {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020}
035 HKLM-HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
------------------------------------------------------------------
c:\windows\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}
041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
c:\program files\epson\epson web-to-page\epson web-to-page.dll (SEIKO EPSON CORPORATION) {EE5D279F-081B-4404-994D-C6B60AAEBA6D}
* c:\program files\google\googletoolbar2.dll (Google Inc.) {2318C2B1-4965-11d4-9B18-009027A5CD4F}
c:\program files\infoquick\voicemate\plugin\mybands.dll (Written by Paul DiLascia) {4647E382-520B-11D2-A0D0-004033D0645D}
* c:\windows\system32\msdxm.ocx {8E718888-423F-11D2-876E-00A0C9082467}
c:\program files\chinese new star\wordplugin\iephonetic.dll (DigitEasy Singapore) {56C8C49B-7340-4D2F-988B-77416E8B97A5}
042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
C:\WINDOWS\bdoscandel.exe {85d1f590-48f4-11d9-9669-0800200c9a66}
- c:\program files\ocins\config.exe {B012491E-8FA4-4851-AA9B-22E33784FBAD}
c:\progra~1\yahoo!\messen~1\ypager.exe {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
----------------------------------------------------------------
c:\program files\chinese new star\wordplugin\iephonetic.dll (DigitEasy Singapore) {56C8C49B-7340-4D2F-988B-77416E8B97A5}
* c:\program files\google\googletoolbar2.dll (Google Inc.) {2318C2B1-4965-11D4-9B18-009027A5CD4F}
047 Trusted zones
-----------------
Zone: : msn
050 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
-----------------------------------------------------------------------------
* c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
c:\program files\internet explorer\iexplore32.win {A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E}
052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
GUID / CLSID not found {A5366673-E8CA-11D3-9CD9-0090271D075B}
GUID / CLSID not found {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
* c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll (Adobe Systems Incorporated) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
* c:\program files\spybot - search & destroy\sdhelper.dll (Safer Networking Limited) {53707962-6F74-2D53-2644-206D7942484F}
c:\program files\epson\epson web-to-page\epson web-to-page.dll (SEIKO EPSON CORPORATION) {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}
* c:\program files\google\googletoolbar2.dll (Google Inc.) {AA58ED58-01DD-4d91-8333-CF10577473F7}
* c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
- c:\progra~1\ocins\ieaux.dll {7605CC7C-00FD-4A5F-BAFD-828342DE6279}
c:\program files\microsoft money\system\mnyside.dll (Microsoft Corporation) {243B17DE-77C7-46BF-B94B-0B5F309A0E64}
- c:\documents and settings\all users\application data\microsoft\pctools\pctools.dll {385AB8C6-FB22-4D17-8834-064E2BA0A6F0}
061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
* c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
c:\program files\illustrate\dbpoweramp\dmcshell.dll {2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}
c:\program files\illustrate\dbpoweramp\dbshell.dll {FED7043D-346A-414D-ACD7-550D052499A7}
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
c:\windows\system32\mscoree.dll (Microsoft Corporation) {1D2680C9-0E2A-469d-B787-065558BC7D43}
* c:\windows\system32\hticons.dll (Hilgraeve, Inc.) {88895560-9AA2-1069-930E-00AA0030EBC8}
* c:\program files\itunes\itunesminiplayer.dll (Apple Inc.) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}
c:\windows\system32\shellvrtf.dll (XSS) {7F67036B-66F1-411A-AD85-759FB9C5B0DB}
c:\progra~1\ultima~1\uzshldr.dll {2F860D82-AF3C-11D4-BDB3-00E0987D8540}
c:\progra~1\ultima~1\uzshlex.dll {2F860D81-AF3C-11D4-BDB3-00E0987D8540}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
* C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
* C:\WINDOWS\System32\lexlmpm.dll (Lexmark International, Inc.)
073 %windir%\Tasks
------------------
AppleSoftwareUpdate.job : c:\program files\apple software update\softwareupdate.exe (Apple Inc.)
Symantec NetDetect.job : c:\program files\symantec\liveupdate\ndetect.exe (Symantec Corporation)
100 Internet Explorer settings
------------------------------
CustomizeSearch HKLM : http://client.jogo.cn/cdn/browser/customsearch/customsearch-cn.html
Default_Page_URL HKCU : http://qsg9.hpwis.com/
Default_Page_URL HKLM : http://qsg9.hpwis.com/
Default_Search_URL HKLM : http://www.google.com/toolbar/ie8/sidebar.html
ProxyOverride HKCU : localhost
Search Page HKCU : https://www.google.com/?gws_rd=ssl
Search Page HKLM : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchAssistant HKCU : http://www.google.com/toolbar/ie8/sidebar.html
SearchAssistant HKLM : http://www.google.com/toolbar/ie8/sidebar.html
SearchUrl HKCU : http://www.google.com/search?q=%s
ShellNext HKCU : http://qsg9.hpwis.com/
Start Page HKCU : about:blank
Start Page HKLM : http://qsg9.hpwis.com/
102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
------------------------------------------------------------------
c:\program files\chinese new star\wordplugin\iephonetic.dll (DigitEasy Singapore) {56C8C49B-7340-4D2F-988B-77416E8B97A5}
104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
c:\windows\downloaded program files\vatdecoder.dll {210D0CBC-8B17-48D1-B294-1A338DD2EB3A}
c:\windows\downloaded program files\rtspvapgdecoder.dll {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2}
c:\program files\hp\receiver experience\activex\highbarsaveactivex.dll (Hewlett-Packard) {54D53429-945C-4188-B460-C81356541882}
c:\windows\downlo~1\oscan8.ocx (SOFTWIN) {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
* c:\windows\downloaded program files\mgaxctrl.dll (Autodesk Inc.) {62789780-B744-11D0-986B-00609731A21D}
* c:\windows\downloaded program files\imageuploader4.ocx (Aurigma, Inc.) {6E5E167B-1566-4316-B27F-0DDAB3484CF7}
c:\program files\java\j2re1.4.1_02\bin\npjpi141_02.dll (JavaSoft / Sun Microsystems, Inc.) {8AD9C840-044E-11D1-B3E9-00805F499D93}
* c:\windows\downloaded program files\asinst.dll (Panda Software) {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
c:\program files\java\j2re1.4.1_02\bin\npjpi141_02.dll (JavaSoft / Sun Microsystems, Inc.) {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
* c:\windows\system32\macromed\flash\flash9c.ocx (Adobe Systems, Inc.) {D27CDB6E-AE6D-11CF-96B8-444553540000}
105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
&访问通用网址 : C:\Program Files\OCINS\cnrbtn.html
Download All by FlashGet : G:\FlashGet\jc_all.htm
Download using FlashGet : G:\FlashGet\jc_link.htm
E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
151 HKLM\Software\Microsoft\Command Processor\Autorun
-----------------------------------------------------
- d:\myplayer.com
160 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
DisableRegistryTools : 0
161 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
dontdisplaylastusername : 0
shutdownwithoutlogon : 1
undockwithoutlogon : 1
167 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run (+subkeys)
-----------------------------------------------------------------------------------
- lyleador.exe
- lyloader.exe
- lyloadhr.exe
- lyloadmr.exe
- lyloador.exe
- lyloadqr.exe
- lyloadar.exe
- lyloadbr.exe
173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
c:\progra~1\ultima~1\uzshlex.dll {2F860D81-AF3C-11D4-BDB3-00E0987D8540}
* c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
c:\program files\epson\creativity suite\easy photo print\eppshell.dll (SEIKO EPSON CORPORATION) {509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}
* c:\program files\grisoft\avg anti-spyware 7.5\context.dll (GRISOFT s.r.o.) {8934FCEF-F5B8-468f-951F-78A921CD3920}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Configuration: Windows XP Firefox 2.0.0.6
A voir également:
- Pc infecte, demande d'aide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Reinitialiser pc - Guide
- Forcer demarrage pc - Guide
- Temperature pc - Guide
- Pc lent - Guide
3 réponses
Bonjour,
Il y a effectivement beaucoup de correction à apporter (22)...Enlever les entrees suivantes avec hijackthis (penser à desactiver la restauration systeme de windows avant de commencer) :
R3 - URLSearchHook: SrchspHook Class - {22F86F33-9CBB-49a8-BB12-CDBE51B4C294} - (no file)
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: IEAux Class - {7605CC7C-00FD-4A5F-BAFD-828342DE6279} - C:\PROGRA~1\OCINS\ieaux.dll (file missing)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [DiskMan32] C:\WINDOWS\DiskMan32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe Office related
O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe Fuzzy Algorithmcheck (2.39 / 5.00), Nasty
O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe Fuzzy Algorithmcheck (2.39 / 5.00), Nasty
O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe Fuzzy Algorithmcheck (2.39 / 5.00), Nasty
O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe Fuzzy Algorithmcheck (2.39 / 5.00), Nasty
O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe Fuzzy Algorithmcheck (2.39 / 5.00), Nasty
O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe Fuzzy Algorithmcheck (2.39 / 5.00), Nasty
O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe Fuzzy Algorithmcheck (2.39 / 5.00), Nasty
O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe Fuzzy Algorithmcheck (2.39 / 5.00), Nasty
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &访问通用网址 - C:\Program Files\OCINS\cnrbtn.html
O9 - Extra button: ?D??é?í? - {B012491E-8FA4-4851-AA9B-22E33784FBAD} - C:\Program Files\OCINS\config.exe (file missing)
O9 - Extra 'Tools' menuitem: ?D??é?í? - {B012491E-8FA4-4851-AA9B-22E33784FBAD} - C:\Program Files\OCINS\config.exe (file missing)
O23 - Service: A7CBD9B2 - Unknown owner - C:\WINDOWS\System32\1173DFDD.EXE (file missing)
O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\System32\ntsokele.exe (file missing)
Ahitec.com
Il y a effectivement beaucoup de correction à apporter (22)...Enlever les entrees suivantes avec hijackthis (penser à desactiver la restauration systeme de windows avant de commencer) :
R3 - URLSearchHook: SrchspHook Class - {22F86F33-9CBB-49a8-BB12-CDBE51B4C294} - (no file)
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: IEAux Class - {7605CC7C-00FD-4A5F-BAFD-828342DE6279} - C:\PROGRA~1\OCINS\ieaux.dll (file missing)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [DiskMan32] C:\WINDOWS\DiskMan32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe Office related
O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe Fuzzy Algorithmcheck (2.39 / 5.00), Nasty
O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe Fuzzy Algorithmcheck (2.39 / 5.00), Nasty
O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe Fuzzy Algorithmcheck (2.39 / 5.00), Nasty
O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe Fuzzy Algorithmcheck (2.39 / 5.00), Nasty
O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe Fuzzy Algorithmcheck (2.39 / 5.00), Nasty
O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe Fuzzy Algorithmcheck (2.39 / 5.00), Nasty
O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe Fuzzy Algorithmcheck (2.39 / 5.00), Nasty
O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe Fuzzy Algorithmcheck (2.39 / 5.00), Nasty
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &访问通用网址 - C:\Program Files\OCINS\cnrbtn.html
O9 - Extra button: ?D??é?í? - {B012491E-8FA4-4851-AA9B-22E33784FBAD} - C:\Program Files\OCINS\config.exe (file missing)
O9 - Extra 'Tools' menuitem: ?D??é?í? - {B012491E-8FA4-4851-AA9B-22E33784FBAD} - C:\Program Files\OCINS\config.exe (file missing)
O23 - Service: A7CBD9B2 - Unknown owner - C:\WINDOWS\System32\1173DFDD.EXE (file missing)
O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\System32\ntsokele.exe (file missing)
Ahitec.com
Coucou.
Un petit conseil en passant, avg? tu m'etonnne que tu te retrrouve infecté...
Tiens:http://forum.malekal.com/ftopic4192.php Antivir c'est le meilleur gratuit :)
Un petit conseil en passant, avg? tu m'etonnne que tu te retrrouve infecté...
Tiens:http://forum.malekal.com/ftopic4192.php Antivir c'est le meilleur gratuit :)
Merci pour l'aide.
J'ai fait comme indique puis installe Antivir pour voir
A present j'ai: <gras>C\WINDOWS\System 32\j47kkb1vkb.dll</gras>
qui apparais lorsque j'ouvre mon compte personnel. peut pas l'effacer ou le mettre en quarantaine
et plein de messages de virus decouvert par Antivir
les derniers scans:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:49 PM, on 9/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\system32\UMonit2K.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\hwshell.exe
C:\Program Files\Kingsoft\Powerword 2006\xdict.exe
C:\Program Files\UltimateZip\uzqkst.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ó?ò?°é??(&V) - {4647E382-520B-11D2-A0D0-004033D0645D} - C:\Program Files\InfoQuick\VoiceMate\Plugin\MyBands.dll
O3 - Toolbar: NewStar Band - {56C8C49B-7340-4D2F-988B-77416E8B97A5} - C:\Program Files\Chinese New Star\WordPlugin\IEPhonetic.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB002" /M "Stylus CX4100"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HANWANG Shell.lnk = %ProgramFiles%\hwshell.exe
O4 - Global Startup: 金山词霸 2006.lnk = C:\Program Files\Kingsoft\Powerword 2006\xdict.exe
O8 - Extra context menu item: Download All by FlashGet - G:\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - G:\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://vivoptz.dyndns.biz:101/VatDec.cab
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://vivoptz.dyndns.biz/RtspVaPgDec.cab
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://202.172.177.20/ActiveX/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118749390641
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://mocca.com/MediaCorp/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\System32\ntsokele.exe (file missing)
J'ai fait comme indique puis installe Antivir pour voir
A present j'ai: <gras>C\WINDOWS\System 32\j47kkb1vkb.dll</gras>
qui apparais lorsque j'ouvre mon compte personnel. peut pas l'effacer ou le mettre en quarantaine
et plein de messages de virus decouvert par Antivir
les derniers scans:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:49 PM, on 9/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\system32\UMonit2K.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\hwshell.exe
C:\Program Files\Kingsoft\Powerword 2006\xdict.exe
C:\Program Files\UltimateZip\uzqkst.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ó?ò?°é??(&V) - {4647E382-520B-11D2-A0D0-004033D0645D} - C:\Program Files\InfoQuick\VoiceMate\Plugin\MyBands.dll
O3 - Toolbar: NewStar Band - {56C8C49B-7340-4D2F-988B-77416E8B97A5} - C:\Program Files\Chinese New Star\WordPlugin\IEPhonetic.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB002" /M "Stylus CX4100"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HANWANG Shell.lnk = %ProgramFiles%\hwshell.exe
O4 - Global Startup: 金山词霸 2006.lnk = C:\Program Files\Kingsoft\Powerword 2006\xdict.exe
O8 - Extra context menu item: Download All by FlashGet - G:\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - G:\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://vivoptz.dyndns.biz:101/VatDec.cab
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://vivoptz.dyndns.biz/RtspVaPgDec.cab
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://202.172.177.20/ActiveX/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118749390641
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://mocca.com/MediaCorp/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\System32\ntsokele.exe (file missing)
