Jump to content

[LOGICIEL] Mon Rapport


yaness

Recommended Posts

Logfile of HijackThis v1.99.1

Scan saved at 11:29:45, on 2006-03-09

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\DOCUME~1\ALLUSE~1\DOCUME~1\backweb\4757941\Program\SERVIC~1.EXE

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Documents and Settings\All Users\Documents\Anti-Virus\fsgk32st.exe

C:\Documents and Settings\All Users\Documents\backweb\4757941\program\fsbwsys.exe

C:\Documents and Settings\All Users\Documents\Anti-Virus\FSGK32.EXE

C:\Documents and Settings\All Users\Documents\Common\FSMA32.EXE

C:\Documents and Settings\All Users\Documents\Common\FSMB32.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Documents and Settings\All Users\Documents\Anti-Virus\fssm32.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\All Users\Documents\Common\FCH32.EXE

C:\Documents and Settings\All Users\Documents\Common\FAMEH32.EXE

C:\Documents and Settings\All Users\Documents\FSPC\fspc.exe

C:\Documents and Settings\All Users\Documents\FWES\Program\fsdfwd.exe

C:\Documents and Settings\All Users\Documents\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Documents and Settings\All Users\Documents\Common\FSM32.EXE

C:\Documents and Settings\All Users\Documents\FSGUI\ispnews.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Documents and Settings\All Users\Documents\FSGUI\fsguiexe.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Documents and Settings\All Users\Documents\backweb\4757941\Program\fspex.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\sistray.exe

c:\progra~1\intern~1\iexplore.exe

C:\Documents and Settings\All Users\Documents\FSGUI\fsavgui.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Vaness\Local Settings\Temporary Internet Files\Content.IE5\8TPHRGK2\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zwbkytzhgdqrbjiww.com/91GO7kidk...r/mWWN6ZXI.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mix997.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.visionic.qc.ca/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Documents and Settings\All Users\Documents\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Documents and Settings\All Users\Documents\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Documents and Settings\All Users\Documents\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\Documents and Settings\All Users\Documents\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [spySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [iNTERNET SURF PART BLEH] C:\Documents and Settings\All Users\Application Data\admin inside internet surf\build surf.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Onlineabout] C:\DOCUME~1\Vaness\APPLIC~1\STOREF~1\multinameobj.exe

O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [boontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZC

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Filtre Web - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Documents and Settings\All Users\Documents\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Documents and Settings\All Users\Documents\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Afficher la &liste des sites Web - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Documents and Settings\All Users\Documents\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Documents and Settings\All Users\Documents\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: &Interrompre le filtre de la page Web - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Documents and Settings\All Users\Documents\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Documents and Settings\All Users\Documents\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: &Refuser ce site Web - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Documents and Settings\All Users\Documents\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Documents and Settings\All Users\Documents\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: &Autoriser ce site Web - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Documents and Settings\All Users\Documents\FSPC\fspcmsie.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing

O14 - IERESET.INF: START_PAGE_URL=http://www.visionic.qc.ca/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128111310171

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Services de sécurité COGECO (BackWeb Plug-in - 4757941) - Unknown owner - C:\DOCUME~1\ALLUSE~1\DOCUME~1\backweb\4757941\Program\SERVIC~1.EXE

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Documents and Settings\All Users\Documents\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Documents and Settings\All Users\Documents\backweb\4757941\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Documents and Settings\All Users\Documents\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Documents and Settings\All Users\Documents\FSPC\fshttps\fshttps.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Documents and Settings\All Users\Documents\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

merci bien jespere ke mon rapport est complet

Comment on fait pour deleter el virus trojan.win32.starter????????

Link to comment
Share on other sites

Il est très complet, superbe. Il y a juste un "hic". Il a à être posté dans la centralisation ad hoc.

Ainsi, du "hic", tu passeras au "hoc" et hop tu (h)obtiendras une réponse. Ou alors, vise la signature de snooky.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...