Se connecter / S'enregistrer
Votre question

procédure pour supprimer searchmiracle et elitebar à partir de mon log

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
25 Mai 2005 16:02:45

Voici mon log
Elitebar et searchmiracle revienne tjs malgres tous les antispyware existant. Ma bécane (un pc portable ) n'avance plus au démarage ni par la suite.
Merci de me sauver


Logfile of HijackThis v1.99.1
Scan saved at 15:58:41, on 05/25/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\SQLLIB\bin\db2jds.exe
C:\Program Files\SQLLIB\bin\db2sec.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\sdwork\issimsvc.exe
C:\Notes\ntmulti.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\WRTService.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\Drivers\ldlcserv.exe
C:\WINNT\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\RunDll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alcatel One Touch PC Suite 2\DesktopTool\DesktopTool.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\XCPCMenu.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\IBM\Infoprint Select\ipnotify.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Stampede\TurboGold\Tgclui32.exe
C:\PROGRA~1\IBM\IMNNQ\HTTPDL.exe
C:\PROGRA~1\IBM\IMNNQ\imnsvdem.exe
C:\Notes\NLNOTES.EXE
C:\Program Files\Stampede\TurboGold\ntgclhap.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Notes\ntaskldr.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Hijackthis\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wwww.yahoo.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/de...*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = w3-501.ibm.com;<local>
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP.EXE
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Desktop Tool] "C:\Program Files\Alcatel One Touch PC Suite 2\DesktopTool\DesktopTool.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [defergui] c:\sdwork\defergui.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\Program Files\Symantec AntiVirus\VPTray.exe"
O4 - HKLM\..\Run: [obj 01 cash fast] C:\Documents and Settings\All Users\Application Data\Pile online obj 01\one style.exe
O4 - HKLM\..\Run: [XTNDConnect PC - LtNts4] C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgnt.exe
O4 - HKLM\..\Run: [XTNDConnect PC] C:\Program Files\Common Files\XCPCMenu.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\program files\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\MsgPlus.exe"
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\elitehgs32.exe
O4 - HKLM\..\Run: [HELPER] C:\WINNT\system32\france.exe -N
O4 - HKCU\..\Run: [USER LONG] C:\DOCUME~1\ADMINI~1\APPLIC~1\EXITBO~1\dupe fork 16.exe
O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Global Startup: Stampede TurboGold.lnk = C:\Program Files\Stampede\TurboGold\Tgclui32.exe
O4 - Global Startup: Start HTML Search Server.lnk = C:\Program Files\SQLLIB\bin\db2nq.exe
O12 - Plugin for .ivp: C:\Program Files\Internet Explorer\Plugins\npiscplg.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Sametime Meeting Room Client ST25 - http://lls401.be.ibm.com:8088/sametime/stmeetingroomcli...
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall....
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3-3.ibm.com/tools/print/plugin/gpwsx.CAB
O16 - DPF: {CA970A6F-2347-4622-AD7C-2B3CB8B659B1} (JNILoader Control) - http://lls401.be.ibm.com:8088/sametime/stmeetingroomcli...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.40n...
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lge.fr.ibm.com ibm.com france.ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = lge.fr.ibm.com ibm.com france.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lge.fr.ibm.com ibm.com france.ibm.com
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: tphotkey - C:\WINNT\SYSTEM32\tphklock.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DB2 JDBC Applet Server - Control Center (DB2ControlCenterServer) - Unknown owner - C:\Program Files\SQLLIB\bin\db2ccs.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2sec.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: ldlcserv - IBM Corporation - C:\WINNT\System32\Drivers\ldlcserv.exe
O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\Notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: QCONSVC - IBM Corp. - C:\WINNT\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrcBoot - IBM Corporation - C:\WINNT\System32\drivers\trcboot.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WRT Service (WRTService) - Unknown owner - C:\WINNT\WRTService.exe

Autres pages sur : procedure supprimer searchmiracle elitebar partir log

Contenus similaires
25 Mai 2005 17:41:31

merci bcp. voici mon log désormais. Peut-on me confirmer que tout va bien?

Logfile of HijackThis v1.99.1
Scan saved at 17:41:37, on 05/25/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\SQLLIB\bin\db2jds.exe
C:\Program Files\SQLLIB\bin\db2sec.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\sdwork\issimsvc.exe
C:\Notes\ntmulti.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\WRTService.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\Drivers\ldlcserv.exe
C:\WINNT\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\RunDll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alcatel One Touch PC Suite 2\DesktopTool\DesktopTool.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\XCPCMenu.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Stampede\TurboGold\Tgclui32.exe
C:\PROGRA~1\IBM\IMNNQ\HTTPDL.exe
C:\PROGRA~1\IBM\IMNNQ\imnsvdem.exe
C:\Notes\NLNOTES.EXE
C:\Program Files\Stampede\TurboGold\ntgclhap.exe
C:\Notes\ntaskldr.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINNT\explorer.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hijackthis\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wwww.yahoo.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wwww.yahoo.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/de...*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/de...*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP.EXE
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Desktop Tool] "C:\Program Files\Alcatel One Touch PC Suite 2\DesktopTool\DesktopTool.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [defergui] c:\sdwork\defergui.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\Program Files\Symantec AntiVirus\VPTray.exe"
O4 - HKLM\..\Run: [obj 01 cash fast] C:\Documents and Settings\All Users\Application Data\Pile online obj 01\one style.exe
O4 - HKLM\..\Run: [XTNDConnect PC - LtNts4] C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgnt.exe
O4 - HKLM\..\Run: [XTNDConnect PC] C:\Program Files\Common Files\XCPCMenu.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Global Startup: Stampede TurboGold.lnk = C:\Program Files\Stampede\TurboGold\Tgclui32.exe
O4 - Global Startup: Start HTML Search Server.lnk = C:\Program Files\SQLLIB\bin\db2nq.exe
O12 - Plugin for .ivp: C:\Program Files\Internet Explorer\Plugins\npiscplg.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Sametime Meeting Room Client ST25 - http://lls401.be.ibm.com:8088/sametime/stmeetingroomcli...
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall....
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3-3.ibm.com/tools/print/plugin/gpwsx.CAB
O16 - DPF: {CA970A6F-2347-4622-AD7C-2B3CB8B659B1} (JNILoader Control) - http://lls401.be.ibm.com:8088/sametime/stmeetingroomcli...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lge.fr.ibm.com ibm.com france.ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = lge.fr.ibm.com ibm.com france.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lge.fr.ibm.com ibm.com france.ibm.com
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: tphotkey - C:\WINNT\SYSTEM32\tphklock.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DB2 JDBC Applet Server - Control Center (DB2ControlCenterServer) - Unknown owner - C:\Program Files\SQLLIB\bin\db2ccs.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2sec.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: ldlcserv - IBM Corporation - C:\WINNT\System32\Drivers\ldlcserv.exe
O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\Notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: QCONSVC - IBM Corp. - C:\WINNT\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrcBoot - IBM Corporation - C:\WINNT\System32\drivers\trcboot.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WRT Service (WRTService) - Unknown owner - C:\WINNT\WRTService.exe

26 Mai 2005 12:45:08

oui sava mes alors ta supprimer tes spyware
26 Mai 2005 17:27:38

je suis blazé aaujourd'hui tout est revenu. Voici mon log. Je pensais en avoir fini avec elite...
G peut-etre pas fait tout correctement. Je suis allé sur ton lien puis g fixer ce qu'il me disait de fixer, j'ai supprimer les base de registre infecté mais tout est revenu aujourd'hui. HELP

Logfile of HijackThis v1.99.1
Scan saved at 17:23:31, on 05/26/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\SQLLIB\bin\db2jds.exe
C:\Program Files\SQLLIB\bin\db2sec.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\sdwork\issimsvc.exe
C:\Notes\ntmulti.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\WRTService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINNT\System32\Drivers\ldlcserv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alcatel One Touch PC Suite 2\DesktopTool\DesktopTool.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\XCPCMenu.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\IBM\Infoprint Select\ipnotify.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Stampede\TurboGold\Tgclui32.exe
C:\PROGRA~1\IBM\IMNNQ\HTTPDL.exe
C:\PROGRA~1\IBM\IMNNQ\imnsvdem.exe
C:\Notes\NLNOTES.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Stampede\TurboGold\ntgclhap.exe
C:\Notes\ntaskldr.EXE
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\lotus\approach\Approach.exe
C:\Hijackthis\HijackThis1991.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wwww.yahoo.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/de...*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = w3-501.ibm.com;<local>
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP.EXE
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Desktop Tool] "C:\Program Files\Alcatel One Touch PC Suite 2\DesktopTool\DesktopTool.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [defergui] c:\sdwork\defergui.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\Program Files\Symantec AntiVirus\VPTray.exe"
O4 - HKLM\..\Run: [obj 01 cash fast] C:\Documents and Settings\All Users\Application Data\Pile online obj 01\one style.exe
O4 - HKLM\..\Run: [XTNDConnect PC - LtNts4] C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgnt.exe
O4 - HKLM\..\Run: [XTNDConnect PC] C:\Program Files\Common Files\XCPCMenu.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\MsgPlus.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\program files\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [HELPER] C:\WINNT\system32\france.exe -N
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\elitehgs32.exe
O4 - HKCU\..\Run: [USER LONG] C:\DOCUME~1\ADMINI~1\APPLIC~1\EXITBO~1\dupe fork 16.exe
O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Global Startup: Stampede TurboGold.lnk = C:\Program Files\Stampede\TurboGold\Tgclui32.exe
O4 - Global Startup: Start HTML Search Server.lnk = C:\Program Files\SQLLIB\bin\db2nq.exe
O12 - Plugin for .ivp: C:\Program Files\Internet Explorer\Plugins\npiscplg.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Sametime Meeting Room Client ST25 - http://lls401.be.ibm.com:8088/sametime/stmeetingroomcli...
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3-3.ibm.com/tools/print/plugin/gpwsx.CAB
O16 - DPF: {CA970A6F-2347-4622-AD7C-2B3CB8B659B1} (JNILoader Control) - http://lls401.be.ibm.com:8088/sametime/stmeetingroomcli...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lge.fr.ibm.com ibm.com france.ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = lge.fr.ibm.com ibm.com france.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lge.fr.ibm.com ibm.com france.ibm.com
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: tphotkey - C:\WINNT\SYSTEM32\tphklock.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DB2 JDBC Applet Server - Control Center (DB2ControlCenterServer) - Unknown owner - C:\Program Files\SQLLIB\bin\db2ccs.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2sec.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: ldlcserv - IBM Corporation - C:\WINNT\System32\Drivers\ldlcserv.exe
O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\Notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: QCONSVC - IBM Corp. - C:\WINNT\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrcBoot - IBM Corporation - C:\WINNT\System32\drivers\trcboot.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WRT Service (WRTService) - Unknown owner - C:\WINNT\WRTService.exe

26 Mai 2005 17:47:32

re tien

Déconnecte toi d'internet:

 Vide le cache d'Internet Explorer et supprime les cookies:

* Panneau de configuration >> Options internet >> Onglet "Général"
- Clic sur [supprimer les cookies]
- Clic sur [Supprimer les fichiers] et coche la case "Supprimer tout le contenu hors connexion"
Valide avec ok


Pour ne pas se retrouver avec des points de restauration systeme infectés il vaut mieux la désactiver:

 Désactive la restauration systéme.
Clic droit sur poste de travail > propriétés > onglet restauration système
puis cocher "désactiver la restauration système".
clic sur ok pour valider
(accepte le redemarrage).

 Redémarre en mode sans échec
Laisse passer l'écran du bios, puis tapote sur la touche F8 avant l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.

apres fait une analyse en mode sans echec avec kaspersky est ad-adware spybot.
tien nous au courrant
26 Mai 2005 18:40:49

je ne le répetrais jamais asser n'analyser pas vos log sur hijackthis.de.
Ne donner pas se lien sur les forum, il fait que des erreurs!
27 Mai 2005 10:57:17

eh bien je t'écoute, si tu as une idée pour supprimer définitivement mes spyware.
27 Mai 2005 11:59:08

voila les log

AD - AWARE

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{825CF5BD-8862-4430-B771-0C15C5CA8DEF}"
Rootkey : HKEY_USERS
Object : S-1-5-21-2584409051-915721121-918617840-500\software\microsoft\internet explorer\toolbar\webbrowser
Value : {825CF5BD-8862-4430-B771-0C15C5CA8DEF}

MegaSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30}"
Rootkey : HKEY_USERS
Object : S-1-5-21-2584409051-915721121-918617840-500\software\microsoft\internet explorer\toolbar\webbrowser
Value : {4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 22


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : S-1-5-21-2584409051-915721121-918617840-500\Software\Microsoft\Internet Explorer\MainSearch Pagesearchmiracle.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchmiracle.com/sp.php"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-2584409051-915721121-918617840-500\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://searchmiracle.com/sp.php"
Possible Browser Hijack attempt : S-1-5-21-2584409051-915721121-918617840-500\Software\Microsoft\Internet Explorer\SearchSearchAssistantsearchmiracle.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchmiracle.com/sp.php"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-2584409051-915721121-918617840-500\Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://searchmiracle.com/sp.php"

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 24


SPYBOY&DESTROY

Search result list ---
Alexa Related: What's related link (Replace file, fixed)
C:\WINNT\Web\RELATED.HTM

DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-21-2584409051-915721121-918617840-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

Roings: Library (File, fixed)
C:\WINNT\system32\ObjSafe.tlb



ALors?
27 Mai 2005 15:34:15

Bonjour,

Télécharge cet outil ETRemoverV1.3.0 :
http://www.simplytech.it/ETRemover
Tu vas dans le paragraphe Downloads en bas de page et tu clique sur le "here" rouge.
Une fois téléchargé,tu le dézippes dans un répertoire dédié.

Télécharge CWShredder
http://cwshredder.net/bin/CWShredder.exe
-Mettre CWShredder dans un répertoire dédié


-Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuye sur Entrée.

-Lance l'outil ETRemoverV1.3.0.
Clique sur "Kill Elite Toolbar"
Tu le laisses travailler.

-lancer CWShredder et cliquer sur "Fix".

Redémarre ton PC normalement et poste un nouveau log Hijackthis car il restera des choses à faire.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS