A voir également:
- Analyse d'un Scan CWshredder.exe
- Epson scan 2 ✓ - Forum Imprimante
- Scan comics ✓ - Forum Loisirs / Divertissements
- Analyse et reparation du lecteur c ✓ - Forum Windows 10
- Genius scan - Télécharger - Organisation
- Nana scan vf - Forum Loisirs / Divertissements
32 réponses
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
329
17 juil. 2004 à 01:29
17 juil. 2004 à 01:29
Salut
Ceci sont des trojan C:\WINDOWS\system32\scagent.exe
C:\WINDOWS\System32\windll32.exe
Relance hijack et coche et fix ces lignes
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find-everything.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O4 - HKCU\..\Run: [windll32.exe] C:\WINDOWS\System32\windll32.exe
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://66.230.167.185/z/aw/chm/cool.chm::/cool.exe
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/tools/activex/fpu.cab
O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_4_FR_XP.cab
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carpediem.fr/CABS/cd/1,0,3,8/fr/AccesMembre.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_FR_XP.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlaccell.CAB
Tu ne ma pas dit ton probleme
Met ton anti virus a jour
Met un bon pare feu
Et a eviter les site x et autres
Telecharge cet anti trojan
http://www.emsisoft.net/fr/
penser a le metre a jour avant de scanner le pc
--------------------
mes vrai passion la chasse et le balltrap
Ceci sont des trojan C:\WINDOWS\system32\scagent.exe
C:\WINDOWS\System32\windll32.exe
Relance hijack et coche et fix ces lignes
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find-everything.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O4 - HKCU\..\Run: [windll32.exe] C:\WINDOWS\System32\windll32.exe
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://66.230.167.185/z/aw/chm/cool.chm::/cool.exe
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/tools/activex/fpu.cab
O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_4_FR_XP.cab
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carpediem.fr/CABS/cd/1,0,3,8/fr/AccesMembre.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_FR_XP.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlaccell.CAB
Tu ne ma pas dit ton probleme
Met ton anti virus a jour
Met un bon pare feu
Et a eviter les site x et autres
Telecharge cet anti trojan
http://www.emsisoft.net/fr/
penser a le metre a jour avant de scanner le pc
--------------------
mes vrai passion la chasse et le balltrap
merci balltrap, je vais essayer çà. Mon problème est que quand je lance ie, j'ai toujours la même page d'accueil(un moteur de recherche à la con) et je ne peux pas la changer. Outlook express est aussi bloqué, je ne sais pas si c'est lié.
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
329
17 juil. 2004 à 22:38
17 juil. 2004 à 22:38
ok
tient moi au courent
a++
--------------------
mes vrai passion la chasse et le balltrap
tient moi au courent
a++
--------------------
mes vrai passion la chasse et le balltrap
salut balltrap, j'ai viré tout ce que tu m'as dit et outlook remarche mais j'ai toujours la même page d'accueil (about:blank). A chaque redémarrage de l'ordi(même non connecté) j'ai toujours ces lignes qui reviennent dans hijackthis :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
je te reposte mon dernier log :
Logfile of HijackThis v1.97.7
Scan saved at 15:07:55, on 18/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\MMTray.exe
C:\WINDOWS\System32\MMTray2k.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Thierry2\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B5B85CAB-7559-4B12-8080-2EFBB28F1E4A} - C:\WINDOWS\madopew.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [monitor] monitor.exe
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Tout télécharger en utilisant Mass Downloader - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Télécharger en utilisant &Mass Downloader - C:\Program Files\Mass Downloader\Add_Url.htm
O9 - Extra button: Mass Downloader (HKLM)
O9 - Extra 'Tools' menuitem: &Mass Downloader (HKLM)
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.alloticket.com/MicroPaiement/kit/WebInstall.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38109.3702430556
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08016098-2E42-43CE-96F0-766E80DDD989}: NameServer = 213.228.0.212 212.27.32.177
O17 - HKLM\System\CS1\Services\Tcpip\..\{08016098-2E42-43CE-96F0-766E80DDD989}: NameServer = 213.228.0.212 212.27.32.177
O17 - HKLM\System\CS2\Services\Tcpip\..\{08016098-2E42-43CE-96F0-766E80DDD989}: NameServer = 213.228.0.212 212.27.32.177
Merci encore pour ton aide
a+
zambal
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
je te reposte mon dernier log :
Logfile of HijackThis v1.97.7
Scan saved at 15:07:55, on 18/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\MMTray.exe
C:\WINDOWS\System32\MMTray2k.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Thierry2\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B5B85CAB-7559-4B12-8080-2EFBB28F1E4A} - C:\WINDOWS\madopew.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [monitor] monitor.exe
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Tout télécharger en utilisant Mass Downloader - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Télécharger en utilisant &Mass Downloader - C:\Program Files\Mass Downloader\Add_Url.htm
O9 - Extra button: Mass Downloader (HKLM)
O9 - Extra 'Tools' menuitem: &Mass Downloader (HKLM)
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.alloticket.com/MicroPaiement/kit/WebInstall.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38109.3702430556
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08016098-2E42-43CE-96F0-766E80DDD989}: NameServer = 213.228.0.212 212.27.32.177
O17 - HKLM\System\CS1\Services\Tcpip\..\{08016098-2E42-43CE-96F0-766E80DDD989}: NameServer = 213.228.0.212 212.27.32.177
O17 - HKLM\System\CS2\Services\Tcpip\..\{08016098-2E42-43CE-96F0-766E80DDD989}: NameServer = 213.228.0.212 212.27.32.177
Merci encore pour ton aide
a+
zambal
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
329
18 juil. 2004 à 18:58
18 juil. 2004 à 18:58
salut fait ca et met le rapport
http://membres.lycos.fr/aricop/forum/dllfix.exe
-Pose-le sur le bureau.
-Double-clique.
-Décompresse-le sur le bureau.
-Double-clique "Start.bat" et choisis l'option 1 pour le rapport.
-Une fois la recherche terminée, un fichier txt doit apparaître sous
le nom "Output.txt" et sera sauvegardé dans le dossier.
-Copie/colle le contenu de "Output.txt" dans ta réponse.
--------------------
mes vrai passion la chasse et le balltrap
http://membres.lycos.fr/aricop/forum/dllfix.exe
-Pose-le sur le bureau.
-Double-clique.
-Décompresse-le sur le bureau.
-Double-clique "Start.bat" et choisis l'option 1 pour le rapport.
-Une fois la recherche terminée, un fichier txt doit apparaître sous
le nom "Output.txt" et sera sauvegardé dans le dossier.
-Copie/colle le contenu de "Output.txt" dans ta réponse.
--------------------
mes vrai passion la chasse et le balltrap
salut balltrap, voici mon output.txt. Au démarrage, j'ai maintenant mon lecteur CD qui s'ouvre, est-ce lié???
a+
--==***@@@ FIND-ALL' VERSION MODIFIED -6/05 @@@***==--
--==***@@@ ORIGINAL BY FREEATLAST @@@***==--
20/07/2004
11:56
System Info:
Microsoft Windows XP [version 5.1.2600]
C: "" (A069:9E53) - FS:NTFS clusters:4k
Total: 40 007 729 152 [37G] - Free: 7 407 566 848 [6.9G]
*IE version and Service packs:
6.0.2600.0 C:\Program Files\Internet Explorer\Iexplore.exe
*Notepad version :
5.1.2600.0 C:\WINDOWS\notepad.exe
*Media Player version :
8.0.0.4482 C:\Program Files\Windows Media Player\wmplayer.exe
! REG.EXE VERSION 2.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MinorVersion REG_SZ ;Q837009;Q832894;
Locked or 'Suspect' file(s) found...
These may be other files that Dllfix doesnt target.
Scanning for main Hijacker:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5B85CAB-7559-4B12-8080-2EFBB28F1E4A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
@=""
REGEDIT4
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]
"CLSID"="{AACA9E00-85EE-401B-850E-A3D3EADF05B4}"
"CLSID_"="{353357F9-2A37-46D6-9AD2-24E3E1B0C51A}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]
"CLSID"="{AACA9E00-85EE-401B-850E-A3D3EADF05B4}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
! REG.EXE VERSION 2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_Dlls REG_SZ
*Security settings for 'Windows' key:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI) ALLOW Read BUILTIN\Utilisateurs
(IO) ALLOW Read BUILTIN\Utilisateurs
(NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(NI) ALLOW Full access BUILTIN\Administrateurs
(IO) ALLOW Full access BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access BUILTIN\Administrateurs
(IO) ALLOW Full access CREATEUR PROPRIETAIRE
Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Utilisateurs
Read BUILTIN\Utilisateurs avec pouvoir
Full access BUILTIN\Administrateurs
Full access AUTORITE NT\SYSTEM
a+
--==***@@@ FIND-ALL' VERSION MODIFIED -6/05 @@@***==--
--==***@@@ ORIGINAL BY FREEATLAST @@@***==--
20/07/2004
11:56
System Info:
Microsoft Windows XP [version 5.1.2600]
C: "" (A069:9E53) - FS:NTFS clusters:4k
Total: 40 007 729 152 [37G] - Free: 7 407 566 848 [6.9G]
*IE version and Service packs:
6.0.2600.0 C:\Program Files\Internet Explorer\Iexplore.exe
*Notepad version :
5.1.2600.0 C:\WINDOWS\notepad.exe
*Media Player version :
8.0.0.4482 C:\Program Files\Windows Media Player\wmplayer.exe
! REG.EXE VERSION 2.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MinorVersion REG_SZ ;Q837009;Q832894;
Locked or 'Suspect' file(s) found...
These may be other files that Dllfix doesnt target.
Scanning for main Hijacker:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5B85CAB-7559-4B12-8080-2EFBB28F1E4A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
@=""
REGEDIT4
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]
"CLSID"="{AACA9E00-85EE-401B-850E-A3D3EADF05B4}"
"CLSID_"="{353357F9-2A37-46D6-9AD2-24E3E1B0C51A}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]
"CLSID"="{AACA9E00-85EE-401B-850E-A3D3EADF05B4}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
! REG.EXE VERSION 2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_Dlls REG_SZ
*Security settings for 'Windows' key:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI) ALLOW Read BUILTIN\Utilisateurs
(IO) ALLOW Read BUILTIN\Utilisateurs
(NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(NI) ALLOW Full access BUILTIN\Administrateurs
(IO) ALLOW Full access BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access BUILTIN\Administrateurs
(IO) ALLOW Full access CREATEUR PROPRIETAIRE
Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Utilisateurs
Read BUILTIN\Utilisateurs avec pouvoir
Full access BUILTIN\Administrateurs
Full access AUTORITE NT\SYSTEM
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
329
20 juil. 2004 à 13:48
20 juil. 2004 à 13:48
re
desoler j ai oublier des trucs
relance hijack coche et fix les lignes que je t avais mis
ensuite
demarre en mode sans echec et supprime ces fichiers
C:\WINDOWS\system32\scagent.exe
C:\WINDOWS\System32\windll32.exe
la chasse et la balltrap ma vrai passion
voir site perso dans profil
desoler j ai oublier des trucs
relance hijack coche et fix les lignes que je t avais mis
ensuite
demarre en mode sans echec et supprime ces fichiers
C:\WINDOWS\system32\scagent.exe
C:\WINDOWS\System32\windll32.exe
la chasse et la balltrap ma vrai passion
voir site perso dans profil
re
y'a pas de mal mais scagent.exe et windll32.exe ne sont plus présents sur mon système depuis mon post n°28 du 18/07
y'a pas de mal mais scagent.exe et windll32.exe ne sont plus présents sur mon système depuis mon post n°28 du 18/07
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
329
20 juil. 2004 à 14:08
20 juil. 2004 à 14:08
oki
a tu essayer celui ci telecharge le derniere version
CWShredder
http://www.spywareinfo.com/~merijn/downloads.html
il faut l'ouvrir (absolument) toutes fenêtres fermées et hors connexion et faire fix- next - next
la chasse et la balltrap ma vrai passion
voir site perso dans profil
a tu essayer celui ci telecharge le derniere version
CWShredder
http://www.spywareinfo.com/~merijn/downloads.html
il faut l'ouvrir (absolument) toutes fenêtres fermées et hors connexion et faire fix- next - next
la chasse et la balltrap ma vrai passion
voir site perso dans profil
Salut balltrap, avec CWSshredder ça a marché nickel, j'ai enfin retrouvé ma page d'accueil. Merci encore pour toute ton aide.
a+
zambal
a+
zambal
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
329
22 juil. 2004 à 23:35
22 juil. 2004 à 23:35
de rien
content pour toi
a++
la chasse et le balltrap ma vrai passion
voir site perso dans profil
content pour toi
a++
la chasse et le balltrap ma vrai passion
voir site perso dans profil
salut voila mon log est se kelkun pourrai maidé merci ;)
Logfile of HijackThis v1.99.0
Scan saved at 00:45:14, on 09/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SXGTKBAR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\ADSL AUTOCONNECT\ADSL AUTOCONNECT.EXE
C:\PROGRAM FILES\ADSL AUTOCONNECT\ADSL AUTOCONNECT.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\FR\MSNAPPAU.EXE
C:\PROGRAM FILES\AZUREUS\AZUREUS.EXE
C:\PROGRAM FILES\JAVA\J2RE1.4.2_06\BIN\JAVAW.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\XI\NETTRANSPORT 2\NETTRANSPORT.EXE
C:\WINDOWS\TEMP\RAR$EX00.380\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://fr.racingmanager.yahoo.net/yracing/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\x71yomx3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\x71yomx3.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_18_0.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\FR\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ohb - {086CEFD5-A88D-4981-8915-D51F04360ED1} - C:\WINDOWS\SYSTEM\WINHOT32.DLL
O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - C:\WINDOWS\SYSTEM\HSRB.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\FR\MSNTB.DLL
O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_18_0.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - C:\WINDOWS\SYSTEM\WINHOT32.DLL
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [PowerManager] C:\WINDOWS\SVCHOST.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [ADSLAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe -Z
O4 - Startup: hp psc 2000 Series.lnk.disabled
O4 - Startup: officejet 6100.lnk.disabled
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\SYSTEM\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.lankadeepa.lk/wfplayer/tdserver.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} (iiittt Class) - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab
Logfile of HijackThis v1.99.0
Scan saved at 00:45:14, on 09/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SXGTKBAR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\ADSL AUTOCONNECT\ADSL AUTOCONNECT.EXE
C:\PROGRAM FILES\ADSL AUTOCONNECT\ADSL AUTOCONNECT.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\FR\MSNAPPAU.EXE
C:\PROGRAM FILES\AZUREUS\AZUREUS.EXE
C:\PROGRAM FILES\JAVA\J2RE1.4.2_06\BIN\JAVAW.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\XI\NETTRANSPORT 2\NETTRANSPORT.EXE
C:\WINDOWS\TEMP\RAR$EX00.380\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://fr.racingmanager.yahoo.net/yracing/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\x71yomx3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\x71yomx3.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_18_0.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\FR\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ohb - {086CEFD5-A88D-4981-8915-D51F04360ED1} - C:\WINDOWS\SYSTEM\WINHOT32.DLL
O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - C:\WINDOWS\SYSTEM\HSRB.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\FR\MSNTB.DLL
O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_18_0.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - C:\WINDOWS\SYSTEM\WINHOT32.DLL
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [PowerManager] C:\WINDOWS\SVCHOST.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [ADSLAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe -Z
O4 - Startup: hp psc 2000 Series.lnk.disabled
O4 - Startup: officejet 6100.lnk.disabled
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\SYSTEM\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.lankadeepa.lk/wfplayer/tdserver.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} (iiittt Class) - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab