Aller au contenu

Marcolino

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    21

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    français et italien

Marcolino's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. Marcolino
    Bonsoir Bruce, Je vais faire ça ce week end et indiquerai sur ce post le résultat si utile pour les autres de chez zebulon En revanche j'avais un question : ente antivir avira classic et Bitdefender professional plus 9.5 que me conseilles tu ? @+ Marcolino
  2. Marcolino
    Hello Bruce Lee, Ca marche !!!! Génial, tout est parti. J'ai aussi viré Kaspersky professional Pro et installé Avira antivir Classic Comme tu disait plus haut si BuddyBargain et Win32 sont passés alors que j'avasi Kaspersky et Zone Alarm Pro à jour et activés, cela veut dire que l'aqntivirus n'est pas tip top Une derinère chose comment puis-je indiquer que le problème est résolu sur le forum? Encore merci Marcolino
  3. Marcolino
    Ciao Bruce, OK je vais essayer Merci. Juste pour info qu'est que c'est qu'un "faux positif" ? Encore MERCIIII
  4. Marcolino
    Symantec Adware.Bargainbuddy Removal Tool 1.0.4[/color] Adware.Bargainbuddy has not been found on your computer. Ad-Aware SE Build 1.06r1 Logfile Created on:mardi 26 septembre 2006 21:24:39 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R123 12.09.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BargainBuddy(TAC index::1 total references. MRU List(TAC index:0):10 total references. Tracking Cookie(TAC index:3):1 total references. »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : Prior to deletion, allow unloading Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic settings in log file Set : Include additional settings in log file Set : Include reference summary in log file Set : Include Alternate Datastream details in log file Set : Play sound at scan completion if scan locates critical objects 26-09-2006 21:24:39 - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 492 ThreadCreationTime : 26-09-2006 18:49:32 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 552 ThreadCreationTime : 26-09-2006 18:49:34 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 576 ThreadCreationTime : 26-09-2006 18:49:36 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 624 ThreadCreationTime : 26-09-2006 18:49:38 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Applications Services et Contrôleur InternalName : services.exe LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 636 ThreadCreationTime : 26-09-2006 18:49:38 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 788 ThreadCreationTime : 26-09-2006 18:49:41 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 852 ThreadCreationTime : 26-09-2006 18:49:42 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 904 ThreadCreationTime : 26-09-2006 18:49:42 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 984 ThreadCreationTime : 26-09-2006 18:49:42 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1052 ThreadCreationTime : 26-09-2006 18:49:44 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1192 ThreadCreationTime : 26-09-2006 18:49:47 BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [nvsvc32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1336 ThreadCreationTime : 26-09-2006 18:49:49 BasePriority : Normal FileVersion : 6.14.10.6575 ProductVersion : 6.14.10.6575 ProductName : NVIDIA Driver Helper Service, Version 65.75 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 65.75 InternalName : NVSVC LegalCopyright : © NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:13 [slserv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1364 ThreadCreationTime : 26-09-2006 18:49:50 BasePriority : Normal FileVersion : 2.80.00(24Apr2000) ProductVersion : 2.80.00 ProductName : Modem FileDescription : User-Level Modem Service InternalName : slserv LegalCopyright : Copyright © 1999-2000 OriginalFilename : slserv.exe #:14 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1396 ThreadCreationTime : 26-09-2006 18:49:51 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:15 [vsmon.exe] FilePath : C:\WINDOWS\system32\ZoneLabs\ ProcessID : 1424 ThreadCreationTime : 26-09-2006 18:49:51 BasePriority : Normal FileVersion : 6.5.737.000 ProductVersion : 6.5.737.000 ProductName : TrueVector Service CompanyName : Zone Labs, LLC FileDescription : TrueVector Service InternalName : vsmon LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC OriginalFilename : vsmon.exe #:16 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1632 ThreadCreationTime : 26-09-2006 18:49:56 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Explorateur Windows InternalName : explorer LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : EXPLORER.EXE #:17 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 412 ThreadCreationTime : 26-09-2006 18:50:24 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Exécuter une DLL en tant qu'application InternalName : rundll LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : RUNDLL.EXE #:18 [soundman.exe] FilePath : C:\WINDOWS\ ProcessID : 444 ThreadCreationTime : 26-09-2006 18:50:25 BasePriority : Normal FileVersion : 1, 0, 0, 12 ProductVersion : 1, 0, 0, 12 ProductName : Realtek HD Sound Manager CompanyName : Realtek Semiconductor Corp. FileDescription : Realtek Sound Manager InternalName : ALSMTray LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp. OriginalFilename : ALSMTray.exe Comments : Realtek HD Audio Sound Manager #:19 [alcwzrd.exe] FilePath : C:\WINDOWS\ ProcessID : 432 ThreadCreationTime : 26-09-2006 18:50:26 BasePriority : Normal FileVersion : 1.1.0.13 ProductVersion : 1.1.0.13 ProductName : ALCWZRD CompanyName : RealTek Semicoductor Corp. FileDescription : RealTek AlcWzrd Application InternalName : ALCWZRD.EXE LegalCopyright : Copyright © 2003-2004 Realtek Semiconductor Corp. OriginalFilename : ALCWZRD.EXE #:20 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 520 ThreadCreationTime : 26-09-2006 18:50:26 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Exécuter une DLL en tant qu'application InternalName : rundll LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : RUNDLL.EXE #:21 [jusched.exe] FilePath : C:\Program Files\Java\jre1.5.0_07\bin\ ProcessID : 544 ThreadCreationTime : 26-09-2006 18:50:26 BasePriority : Normal #:22 [pcmservice.exe] FilePath : C:\Apps\Powercinema\ ProcessID : 528 ThreadCreationTime : 26-09-2006 18:50:27 BasePriority : Normal FileVersion : 3.0.2208 ProductVersion : 3.0.2208 ProductName : Cyberlink PowerCinema 3.0 CompanyName : CyberLink Corp. FileDescription : CyberLink PowerCinema Resident Program InternalName : CyberLink PowerCinema Resident Program LegalCopyright : Copyright © 2003 CyberLink Corp. OriginalFilename : PCMService.EXE #:23 [realsched.exe] FilePath : C:\Program Files\Fichiers communs\Real\Update_OB\ ProcessID : 532 ThreadCreationTime : 26-09-2006 18:50:28 BasePriority : Normal FileVersion : 0.1.0.3018 ProductVersion : 0.1.0.3018 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:24 [zlclient.exe] FilePath : C:\Program Files\Zone Labs\ZoneAlarm\ ProcessID : 816 ThreadCreationTime : 26-09-2006 18:50:29 BasePriority : Normal FileVersion : 6.5.737.000 ProductVersion : 6.5.737.000 ProductName : Zone Labs Client CompanyName : Zone Labs, LLC FileDescription : Zone Labs Client InternalName : zlclient LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC OriginalFilename : zlclient.exe #:25 [dslmon.exe] FilePath : C:\Program Files\SAGEM\SAGEM F@st 800-840\ ProcessID : 1064 ThreadCreationTime : 26-09-2006 18:50:33 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : DSLMON Application FileDescription : ADIMON MFC Application InternalName : DSLMON LegalCopyright : Copyright © 2000 OriginalFilename : ADIMON.EXE #:26 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2084 ThreadCreationTime : 26-09-2006 18:50:48 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:27 [avguard.exe] FilePath : C:\Program Files\AntiVir PersonalEdition Classic\ ProcessID : 3636 ThreadCreationTime : 26-09-2006 18:55:48 BasePriority : Normal #:28 [avgnt.exe] FilePath : C:\Program Files\AntiVir PersonalEdition Classic\ ProcessID : 3732 ThreadCreationTime : 26-09-2006 18:55:50 BasePriority : Normal #:29 [sched.exe] FilePath : C:\Program Files\AntiVir PersonalEdition Classic\ ProcessID : 3748 ThreadCreationTime : 26-09-2006 18:55:50 BasePriority : Normal #:30 [avcenter.exe] FilePath : C:\Program Files\AntiVir PersonalEdition Classic\ ProcessID : 2892 ThreadCreationTime : 26-09-2006 19:04:03 BasePriority : Normal FileVersion : 7.00.01.14 ProductVersion : 7.00.01.14 ProductName : AntiVir Workstation CompanyName : Avira GmbH FileDescription : Antivirus Control Center InternalName : Control Center LegalCopyright : Copyright © 2006 Avira GmbH. All rights reserved. LegalTrademarks : AntiVir® is a registered trademark of Avira GmbH, Germany OriginalFilename : avcenter.exe #:31 [notepad.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2212 ThreadCreationTime : 26-09-2006 19:24:09 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Bloc-notes InternalName : Notepad LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : NOTEPAD.EXE #:32 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1492 ThreadCreationTime : 26-09-2006 19:24:24 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New Critical Objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BargainBuddy Object Recognized: Type : RegKey Data : TAC Index : 8 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2356669984-3205545551-1785013757-1006\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000} Registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New Critical Objects: 1 Objects found so far: 1 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New Critical Objects: 0 Objects found so far: 1 Started tracking cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized: Type : IECache Entry Data : meneghini@weborama[1].txt TAC Index : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:[email protected]/ Expires : 25-09-2008 20:55:04 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New Critical Objects: 1 Objects found so far: 2 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk scan result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New Critical Objects: 0 Objects found so far: 2 Disk scan result for C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New Critical Objects: 0 Objects found so far: 2 Disk scan result for C:\DOCUME~1\MENEGH~1\LOCALS~1\Temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New Critical Objects: 0 Objects found so far: 2 Scanning Hosts file... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New Critical Objects:0 Objects found so far: 2 MRU List Object Recognized: Location: : C:\Documents and Settings\Meneghini\recent Description : list of recently opened documents MRU List Object Recognized: Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized: Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized: Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized: Location: : S-1-5-21-2356669984-3205545551-1785013757-1006\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized: Location: : S-1-5-21-2356669984-3205545551-1785013757-1006\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized: Location: : S-1-5-21-2356669984-3205545551-1785013757-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized: Location: : S-1-5-21-2356669984-3205545551-1785013757-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized: Location: : S-1-5-21-2356669984-3205545551-1785013757-1006\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized: Location: : S-1-5-21-2356669984-3205545551-1785013757-1006\software\nvidia corporation\global\nview\windowmanagement Description : nvidia nview cached application window positions Performing conditional scans.. »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New Critical Objects: 0 Objects found so far: 12 21:25:15 Scan Complete Summary of this scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:00:35.719 Objects scanned:84023 Objects identified:2 Objects ignored:0 New Critical Objects:2
  5. Marcolino
    Salut, L'utilitaire Symantec n'a rien trouvé (cf. rapport ci-dessous) mais Bargain Buddy est tours là (cf. rapport ad Aware ci dessous). Que faire
  6. Marcolino
    Hello Bruce Lee Merci pour l'info. J'avais vu la solution mais je me demandais si je pouvais l'utiliser en ayant un autre antivirus J'essaye ce soir et vous tiens informés A+ Marcolino
  7. Marcolino
  8. Marcolino
    Salut Bruce Lee, Avant tou tmerci pour les conseils. J'ai suivi ta procédure et voici ci-dessus les 3 rapports (Hijack + Ad Aware + Antivir). Seuls problèmes : 1- ANTIVIR : la version qu'on télécharge est impossible à "updater" car il indique que évluation est déjà expirée (31/08/06) 2 - AD AWARE : après procédure Baddy Bagain est tjr là. Il suffit que je me connecte à Interent et ... le voilà Merci pour l'aide que tu pourras m'apporter LOG HiJACK Logfile of HijackThis v1.99.1 Scan saved at 23:14:01, on 25/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Meneghini\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.net R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - https://ssl-tb.sitadelle.com/selfcare.ceget...FAutoConfig.ocx O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe (file missing) O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Rapport Antivir C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp [WARNING] The file could not be opened! C:\Documents and Settings\Meneghini\ntuser.dat [WARNING] The file could not be opened! C:\Documents and Settings\Meneghini\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Meneghini\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\Meneghini\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\DEFAULT [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SOFTWARE [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SYSTEM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! End of the scan: lundi 25 septembre 2006 23:08 Used time: 33:40 min The scan has been done completely. 4494 Scanning directories 207341 Files were scanned 0 viruses and/or unwanted programs was found 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 6938 Archives were scanned 20 Warnings 0 Notes Rapport Ad-Awared-Aware SE Build 1.06r1 Logfile Created on:lundi 25 septembre 2006 23:23:16 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R123 12.09.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BargainBuddy(TAC index::1 total references. MRU List(TAC index:0):3 total references. Tracking Cookie(TAC index:3):1 total references. »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : Prior to deletion, allow unloading Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic settings in log file Set : Include additional settings in log file Set : Include reference summary in log file Set : Include Alternate Datastream details in log file Set : Play sound at scan completion if scan locates critical objects 25-09-2006 23:23:16 - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 532 ThreadCreationTime : 25-09-2006 21:11:40 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 600 ThreadCreationTime : 25-09-2006 21:11:43 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 624 ThreadCreationTime : 25-09-2006 21:11:44 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 672 ThreadCreationTime : 25-09-2006 21:11:46 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Applications Services et Contrôleur InternalName : services.exe LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 684 ThreadCreationTime : 25-09-2006 21:11:46 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 848 ThreadCreationTime : 25-09-2006 21:11:48 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 896 ThreadCreationTime : 25-09-2006 21:11:49 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 936 ThreadCreationTime : 25-09-2006 21:11:49 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1000 ThreadCreationTime : 25-09-2006 21:11:49 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1040 ThreadCreationTime : 25-09-2006 21:11:50 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1144 ThreadCreationTime : 25-09-2006 21:11:51 BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [nvsvc32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1372 ThreadCreationTime : 25-09-2006 21:11:56 BasePriority : Normal FileVersion : 6.14.10.6575 ProductVersion : 6.14.10.6575 ProductName : NVIDIA Driver Helper Service, Version 65.75 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 65.75 InternalName : NVSVC LegalCopyright : © NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:13 [slserv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1404 ThreadCreationTime : 25-09-2006 21:11:57 BasePriority : Normal FileVersion : 2.80.00(24Apr2000) ProductVersion : 2.80.00 ProductName : Modem FileDescription : User-Level Modem Service InternalName : slserv LegalCopyright : Copyright © 1999-2000 OriginalFilename : slserv.exe #:14 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1428 ThreadCreationTime : 25-09-2006 21:11:57 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:15 [vsmon.exe] FilePath : C:\WINDOWS\system32\ZoneLabs\ ProcessID : 1456 ThreadCreationTime : 25-09-2006 21:11:57 BasePriority : Normal FileVersion : 6.5.737.000 ProductVersion : 6.5.737.000 ProductName : TrueVector Service CompanyName : Zone Labs, LLC FileDescription : TrueVector Service InternalName : vsmon LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC OriginalFilename : vsmon.exe #:16 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1688 ThreadCreationTime : 25-09-2006 21:12:00 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Explorateur Windows InternalName : explorer LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : EXPLORER.EXE #:17 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1920 ThreadCreationTime : 25-09-2006 21:12:14 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Exécuter une DLL en tant qu'application InternalName : rundll LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : RUNDLL.EXE #:18 [soundman.exe] FilePath : C:\WINDOWS\ ProcessID : 1940 ThreadCreationTime : 25-09-2006 21:12:15 BasePriority : Normal FileVersion : 1, 0, 0, 12 ProductVersion : 1, 0, 0, 12 ProductName : Realtek HD Sound Manager CompanyName : Realtek Semiconductor Corp. FileDescription : Realtek Sound Manager InternalName : ALSMTray LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp. OriginalFilename : ALSMTray.exe Comments : Realtek HD Audio Sound Manager #:19 [alcwzrd.exe] FilePath : C:\WINDOWS\ ProcessID : 1948 ThreadCreationTime : 25-09-2006 21:12:15 BasePriority : Normal FileVersion : 1.1.0.13 ProductVersion : 1.1.0.13 ProductName : ALCWZRD CompanyName : RealTek Semicoductor Corp. FileDescription : RealTek AlcWzrd Application InternalName : ALCWZRD.EXE LegalCopyright : Copyright © 2003-2004 Realtek Semiconductor Corp. OriginalFilename : ALCWZRD.EXE #:20 [jusched.exe] FilePath : C:\Program Files\Java\jre1.5.0_07\bin\ ProcessID : 2000 ThreadCreationTime : 25-09-2006 21:12:16 BasePriority : Normal #:21 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2012 ThreadCreationTime : 25-09-2006 21:12:17 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Exécuter une DLL en tant qu'application InternalName : rundll LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : RUNDLL.EXE #:22 [pcmservice.exe] FilePath : C:\Apps\Powercinema\ ProcessID : 148 ThreadCreationTime : 25-09-2006 21:12:20 BasePriority : Normal FileVersion : 3.0.2208 ProductVersion : 3.0.2208 ProductName : Cyberlink PowerCinema 3.0 CompanyName : CyberLink Corp. FileDescription : CyberLink PowerCinema Resident Program InternalName : CyberLink PowerCinema Resident Program LegalCopyright : Copyright © 2003 CyberLink Corp. OriginalFilename : PCMService.EXE #:23 [realsched.exe] FilePath : C:\Program Files\Fichiers communs\Real\Update_OB\ ProcessID : 180 ThreadCreationTime : 25-09-2006 21:12:21 BasePriority : Normal FileVersion : 0.1.0.3018 ProductVersion : 0.1.0.3018 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:24 [zlclient.exe] FilePath : C:\Program Files\Zone Labs\ZoneAlarm\ ProcessID : 364 ThreadCreationTime : 25-09-2006 21:12:23 BasePriority : Normal FileVersion : 6.5.737.000 ProductVersion : 6.5.737.000 ProductName : Zone Labs Client CompanyName : Zone Labs, LLC FileDescription : Zone Labs Client InternalName : zlclient LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC OriginalFilename : zlclient.exe #:25 [dslmon.exe] FilePath : C:\Program Files\SAGEM\SAGEM F@st 800-840\ ProcessID : 396 ThreadCreationTime : 25-09-2006 21:12:25 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : DSLMON Application FileDescription : ADIMON MFC Application InternalName : DSLMON LegalCopyright : Copyright © 2000 OriginalFilename : ADIMON.EXE #:26 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2432 ThreadCreationTime : 25-09-2006 21:13:30 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:27 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ProcessID : 3420 ThreadCreationTime : 25-09-2006 21:17:04 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : IEXPLORE.EXE #:28 [winword.exe] FilePath : C:\Program Files\Microsoft Office\Office\ ProcessID : 1896 ThreadCreationTime : 25-09-2006 21:23:03 BasePriority : Normal #:29 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2096 ThreadCreationTime : 25-09-2006 21:23:08 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New Critical Objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BargainBuddy Object Recognized: Type : RegKey Data : TAC Index : 8 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2356669984-3205545551-1785013757-1006\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000} Registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New Critical Objects: 1 Objects found so far: 1 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New Critical Objects: 0 Objects found so far: 1 Started tracking cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized: Type : IECache Entry Data : meneghini@weborama[1].txt TAC Index : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:[email protected]/ Expires : 24-09-2008 23:17:18 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New Critical Objects: 1 Objects found so far: 2 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk scan result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New Critical Objects: 0 Objects found so far: 2 Disk scan result for C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New Critical Objects: 0 Objects found so far: 2 Disk scan result for C:\DOCUME~1\MENEGH~1\LOCALS~1\Temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New Critical Objects: 0 Objects found so far: 2 Scanning Hosts file... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New Critical Objects:0 Objects found so far: 2 MRU List Object Recognized: Location: : C:\Documents and Settings\Meneghini\recent Description : list of recently opened documents MRU List Object Recognized: Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized: Location: : S-1-5-21-2356669984-3205545551-1785013757-1006\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened Performing conditional scans.. »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New Critical Objects: 0 Objects found so far: 5 23:23:39 Scan Complete Summary of this scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:00:23.188 Objects scanned:84049 Objects identified:2 Objects ignored:0 New Critical Objects:2
  9. Marcolino
    Hello les zeboulonettes et les zeboulons Bonjour à tous. Voici mon problème. Chaque fois que je lance AD Aware (bien à jour) il me retrouve toujours les 2 coquins suivants : Bargain Buddy et Win32.Trojan.Agent. Je le supprime mais ... rebelotte je précise que HijackThis ne me donne rien de suspect et aucun comportement bizarre du PC sauf peut être un léger allentissement sur internet Quant à ma config : Windows XP SP2 Zone Alarm Pro (à jour) Kaspersky Personnal Pro 5 (à jour) DD : 2x160Go ADSL Cegetel/Neuf : 4Mo Que pourriez-vous me conseiller pour érdiquer définitivement les 2 virus/malware, svp ? Merci infiniment Marcolino
  10. Marcolino
    Panda n'a rien trouvé a part des cookies ke j'ai nettoyé avec ad aware et zone alarm Merci de vos conseils Je cheche du cote du FAI peut etre ? a+ Marcolino
  11. Marcolino
    Merci malekal Je vais faire un scan avec Panda. En ce moment j'ai kasperski ki scanne (mais pas en ligne) Je collerai resultat Panda asap Merci encore PS : il se peut que tt cela vienne de Cegete l
  12. Marcolino
    Hello les Zebulonnettes et les zebulons, Ca va ? Moi pas trop. Après restauration partielle suite plantage XP sur page de fermeture, j'ai les problèmes suivants : -ADSL deconnecte alors que USB Ok (pas de deconnexions autorisées pour économiser energie) -Navigation plus lente Voici ma config P4 3.2Go HT Nvidia GeForce 6600 128Mo DD : 320 (2 de 160Go) RAM : 1024 XP SP2 Kaseprsky Personnal PRO 5 Zone Alarm Ad aware ADS Cegetel 4Mo Modem Sagem Fast (pilotes à jour) .. et mon log HiJack Logfile of HijackThis v1.99.1 Scan saved at 22:40:28, on 28/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\Shareaza\Shareaza.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Meneghini\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.net R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - https://ssl-tb.sitadelle.com/selfcare.ceget...FAutoConfig.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{7FD636C7-9078-40E9-A8B1-E130E88DFC84}: NameServer = 217.19.192.132 217.19.192.131 O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe (file missing) O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe QQ 1 y voit de trucs étranges ? Help me please PS : un seul périférique sur USB : le modem Merci bcp Marcolino
  13. Marcolino
    Hello la room; Problème resolu pou rsite web et chat : c'était ma "machine" java qui était "en panne". Disinstallée et reinsatallée. Le problème de Pinball en revanche est toujours présent. Je ne joue pas bcp mais moi et am fille adorons ce jeu Si je demade pas trop qq 1 d'expert saurait m'aider ? Thanks, Grazie, Merci, Obrigado, Muchas gracias
  14. Marcolino
    Tu as raison facks désolé le voila Logfile of HijackThis v1.99.1 Scan saved at 22:11:14, on 20/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Apps\Powercinema\PCMService.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Meneghini\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{F116B695-09C9-4C49-B35A-BA251D3B3827}: NameServer = 217.19.192.132 217.19.192.131 O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Merci
  15. Marcolino
    Hello la room, Mes problèmes avec les navigateurs ne font qu'empirer. Je ne peux plus me connecter sur un site web (il messaggero.it : quotidien italien) ou me connecter sur un chat sans que XP quitte ie sans pour autant me donner de message d'erreur (même pbl avec firefox). La connexion ADSL reste active et peux relancer ie ou firefox sans pbl. HELP ME PLEASE. Je voudrais m'éviter une restauration complète Voici ma config XP SP2 Kaspersky 5 Zone alarm GeForce 6600 DD : 2 (320Go au total) Mémoire : 1Go Pentium IV HT ADSL Cegetel 4Mo (Modem USB) Internet Explorer 6 J'ai supprimé Norton en pensant que ca pouvait être lié mais non rien à faire : avec Kaspersky même problème. Ad Aware passé, HiJack This et tt est propre comme vs pouvez le constater QQ 1 pour me sauver Thanks MArcolino
×
×
  • Créer...