Aller au contenu

5zoreil

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    13

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par 5zoreil

  1. 5zoreil

    connection à internet

    5zoreil a répondu à un(e) sujet de 5zoreil dans Internet & Réseaux

    bonjour, non, je n'arrive pas à me connecter au net. je n'utilise pas un modem mais une clé wifi USB. Ma connection marchait très bien, je n'arrive pas à comprendre quelle modification à pu créer ce disfonctionnement merci
  2. 5zoreil
    Bonjour j'ai un ordinateur portable avec un clé wifi. J'ai une excellente réception. Cependant, je n'arrive pas à me connecter ni sur ma boite aux lettres, ni à naviguer. J'ai passé une analyse minitieuse de man anti virus(avast)., j'ai défragmanté mon disque plusieurs fois et j'a passé tuneup. Avez vous des conseils à me donner. Merci d'avance le zoreil
  3. 5zoreil
    Bonjour J'utilise ANTIVIR. Il détecte plusieurs fois par jour un programme qui execute le fichier crypté HEUR et me le signale comme virus. J'ai scanné mon disque dur, ANTIVIR en re détècte régulièrement. Y a t il une solution? Merci de votre Aide 5Zoreil
  4. 5zoreil

    emprex

    5zoreil a posté un sujet dans Hardware

    j'ai une clé emprex 128 et je n'arrive pas à installer le pilote . Quelqu'un a t il un tuyau à me donner merci et bonne année à tous 5zoreil
  5. 5zoreil

    outlook express

    5zoreil a posté un sujet dans Software

    bonjour depuis quelques temps, les messages que j'envoie depuis outlook express sur XP restent dans la boite d'envoi après être partis et s'envoient sans arrêt jusqu'à ce que je les supprime. Quelqu'un connait-il un remède? Merci
  6. 5zoreil
    bonjour depuis quelques jours, quand j'envoie un courriel depuis outlook express sous XP, le message s'envoie mais ne quitte plus la boite d'envoi avec un message d'avertissement sans libellé. Le message s'envoie en boucle jusqu'à ce que je le supprime de la boite merci de votre aide
  7. 5zoreil
    salut Est-ce que quelqu'un peut me conseiller pour monter un lecteur C windows sur une machine linux mandriva style SMB mount merci
  8. 5zoreil

    agent dx

    5zoreil a répondu à un(e) sujet de 5zoreil dans Analyses et éradication malwares

    Plus de dysfonctionnement. Je n'ai pas pu tester ma connexion internet mais antivir ne detecte plus rien, même après le reboot. Je t'informe que tu m'avais déjà dit d'enlever le dossier uvotvwpr. Même en mode sans echec ce n'était pas possible. Je l'ai donc déplacé . un nouveau grand merci pour cette précieuse aide Plus de dysfonctionnement. Je n'ai pas pu tester ma connexion internet mais antivir ne detecte plus rien, même après le reboot. un nouveau grand merci pour cette précieuse aide
  9. 5zoreil

    agent dx

    5zoreil a répondu à un(e) sujet de 5zoreil dans Analyses et éradication malwares

    ci dessous les 2 logs Logfile of HijackThis v1.99.1 Scan saved at 08:26:27, on 16.11.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Booster Wanadoo\wanadoo_booster.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Administrateur\Mes documents\highjack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - Global Startup: Booster Wanadoo.lnk = C:\Program Files\Booster Wanadoo\wanadoo_booster.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{B3362A03-3D4C-44AC-987D-CBD809F0A0FF}: NameServer = 192.168.0.1 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe puis ******** 08:18: | Début de session, 16 novembre 2005 | 08:18: Spy Sweeper démarrée 08:18: Analyse lancée avec la version des définitions 556 08:18: Démarrage de l’analyse de la mémoire 08:19: Analyse de la mémoire terminée, temps passé : 00:01:05 08:19: Démarrage de l’analyse du Registre 08:19: Trouvé Adware: commonname 08:19: HKCR\appid\{118a2bfa-5ac7-4d29-beb9-d68f4d2cccab}\ (1 traces secondaires) (ID = 106780) 08:19: HKCR\babeie.agentie.1\ (1 traces secondaires) (ID = 106782) 08:19: HKCR\babeie.agentie\ (3 traces secondaires) (ID = 106783) 08:19: HKCR\babeie.handler.1\ (1 traces secondaires) (ID = 106784) 08:19: HKCR\babeie.handler\ (3 traces secondaires) (ID = 106785) 08:19: HKCR\babeie.helper.1\ (1 traces secondaires) (ID = 106786) 08:19: HKCR\babeie.helper\ (3 traces secondaires) (ID = 106787) 08:19: HKCR\interface\{2d0f5208-3198-49a4-86a7-d65e9e582751}\ (8 traces secondaires) (ID = 106823) 08:19: HKCR\interface\{8adbbe3e-1841-4708-85df-727ccee6220b}\ (8 traces secondaires) (ID = 106826) 08:19: HKCR\interface\{99908473-1135-4009-be4f-32b921f86ed9}\ (8 traces secondaires) (ID = 106829) 08:19: HKCR\protocols\handler\cn\ (2 traces secondaires) (ID = 106833) 08:19: HKLM\software\%s\ (1 traces secondaires) (ID = 106834) 08:19: HKLM\software\classes\appid\winnet.exe\ (1 traces secondaires) (ID = 106836) 08:19: HKLM\software\classes\babeie.agentie\ (3 traces secondaires) (ID = 106838) 08:19: HKLM\software\classes\babeie.handler\ (3 traces secondaires) (ID = 106839) 08:19: HKLM\software\classes\babeie.helper\ (3 traces secondaires) (ID = 106840) 08:19: HKLM\software\classes\interface\{2d0f5208-3198-49a4-86a7-d65e9e582751}\ (8 traces secondaires) (ID = 106867) 08:19: HKLM\software\classes\interface\{99908473-1135-4009-be4f-32b921f86ed9}\ (8 traces secondaires) (ID = 106872) 08:19: HKLM\software\commonname\ (24 traces secondaires) (ID = 106882) 08:19: HKLM\software\microsoft\windows\currentversion\uninstall\commonname\ (2 traces secondaires) (ID = 106905) 08:19: HKLM\system\currentcontrolset\services\winik\ (14 traces secondaires) (ID = 106933) 08:19: HKCR\winnet.update.1\ (1 traces secondaires) (ID = 106941) 08:19: HKCR\winnet.update\ (3 traces secondaires) (ID = 106942) 08:19: Trouvé Adware: ezula ilookup 08:19: HKCR\appid\ezulabootexe.exe\ (1 traces secondaires) (ID = 126122) 08:19: HKCR\appid\ezulamain.exe\ (1 traces secondaires) (ID = 126123) 08:19: HKCR\appid\{8a044397-5da2-11d4-b185-0050dab79376}\ (1 traces secondaires) (ID = 126125) 08:19: HKCR\appid\{c0335198-6755-11d4-8a73-0050da2ee1be}\ (1 traces secondaires) (ID = 126126) 08:19: HKCR\clsid\{07f0a545-47ba-11d4-8a6d-0050da2ee1be}\ (11 traces secondaires) (ID = 126128) 08:19: HKCR\clsid\{2306abe4-4d42-11d4-8a6d-0050da2ee1be}\ (11 traces secondaires) (ID = 126139) 08:19: HKCR\clsid\{c4fee4a7-4b8b-11d4-8a6d-0050da2ee1be}\ (11 traces secondaires) (ID = 126148) 08:19: HKCR\clsid\{d290d6e7-bf9d-42f0-9c1b-3bc8ae769b57}\ (9 traces secondaires) (ID = 126149) 08:19: HKCR\ezulaagent.ezulactrlhost.1\ (1 traces secondaires) (ID = 126152) 08:19: HKCR\ezulaagent.ezulactrlhost\ (3 traces secondaires) (ID = 126153) 08:19: HKCR\ezulaagent.ieobject.1\ (1 traces secondaires) (ID = 126154) 08:19: HKCR\ezulaagent.ieobject\ (3 traces secondaires) (ID = 126155) 08:19: HKCR\ezulaagent.plugprot.1\ (1 traces secondaires) (ID = 126156) 08:19: HKCR\ezulaagent.plugprot\ (3 traces secondaires) (ID = 126157) 08:19: HKCR\ezulaagent.toolbarband.1\ (1 traces secondaires) (ID = 126158) 08:19: HKCR\ezulaagent.toolbarband\ (1 traces secondaires) (ID = 126159) 08:19: HKCR\ezulabootexe.installctrl.1\ (1 traces secondaires) (ID = 126162) 08:19: HKCR\ezulabootexe.installctrl\ (3 traces secondaires) (ID = 126163) 08:19: HKCR\ezulafsearcheng.ezulacode.1\ (3 traces secondaires) (ID = 126164) 08:19: HKCR\ezulafsearcheng.ezulacode\ (5 traces secondaires) (ID = 126165) 08:19: HKCR\ezulafsearcheng.ezulahash.1\ (3 traces secondaires) (ID = 126166) 08:20: HKCR\ezulafsearcheng.ezulahash\ (5 traces secondaires) (ID = 126167) 08:20: HKCR\ezulafsearcheng.ezulasearch.1\ (3 traces secondaires) (ID = 126168) 08:20: HKCR\ezulafsearcheng.ezulasearch\ (5 traces secondaires) (ID = 126169) 08:20: HKCR\ezulafsearcheng.popupdisplay.1\ (3 traces secondaires) (ID = 126170) 08:20: HKCR\ezulafsearcheng.popupdisplay\ (5 traces secondaires) (ID = 126171) 08:20: HKCR\ezulafsearcheng.resulthelper.1\ (3 traces secondaires) (ID = 126172) 08:20: HKCR\ezulafsearcheng.resulthelper\ (5 traces secondaires) (ID = 126173) 08:20: HKCR\ezulafsearcheng.searchhelper.1\ (3 traces secondaires) (ID = 126174) 08:20: HKCR\ezulafsearcheng.searchhelper\ (5 traces secondaires) (ID = 126175) 08:20: HKCR\ezulamain.ezulasearchpipe.1\ (1 traces secondaires) (ID = 126178) 08:20: HKCR\ezulamain.ezulasearchpipe\ (3 traces secondaires) (ID = 126179) 08:20: HKCR\ezulamain.trayiconm.1\ (1 traces secondaires) (ID = 126180) 08:20: HKCR\ezulamain.trayiconm\ (3 traces secondaires) (ID = 126181) 08:20: HKCR\interface\{07f0a542-47ba-11d4-8a6d-0050da2ee1be}\ (8 traces secondaires) (ID = 126182) 08:20: HKCR\interface\{3d7247f1-5db8-11d4-8a72-0050da2ee1be}\ (8 traces secondaires) (ID = 126184) 08:20: HKCR\interface\{4fd8645f-9b3e-46c1-9727-9837842a84ab}\ (8 traces secondaires) (ID = 126185) 08:20: HKCR\interface\{7edc96e1-5dd3-11d4-b185-0050dab79376}\ (8 traces secondaires) (ID = 126186) 08:20: HKCR\interface\{8a0443a2-5da2-11d4-b185-0050dab79376}\ (8 traces secondaires) (ID = 126187) 08:20: HKCR\interface\{8ebb1743-9a2f-11d4-8a7e-0050da2ee1be}\ (8 traces secondaires) (ID = 126188) 08:20: HKCR\interface\{19dfb2ca-9b27-11d4-b192-0050dab79376}\ (8 traces secondaires) (ID = 126190) 08:20: HKCR\interface\{27bc6871-4d5a-11d4-8a6d-0050da2ee1be}\ (8 traces secondaires) (ID = 126191) 08:20: HKCR\interface\{1823bc4b-a253-4767-9cfc-9aca62a6b136}\ (8 traces secondaires) (ID = 126197) 08:20: HKCR\interface\{58359012-bf36-11d3-99a2-0050da2ee1be}\ (8 traces secondaires) (ID = 126200) 08:20: HKCR\interface\{c03351a3-6755-11d4-8a73-0050da2ee1be}\ (8 traces secondaires) (ID = 126201) 08:20: HKCR\interface\{c4fee4a6-4b8b-11d4-8a6d-0050da2ee1be}\ (8 traces secondaires) (ID = 126202) 08:20: HKCR\interface\{ef0372dc-f552-11d3-8528-0050dab79376}\ (8 traces secondaires) (ID = 126203) 08:20: HKLM\software\classes\appid\ezulabootexe.exe\ (1 traces secondaires) (ID = 126208) 08:20: HKLM\software\classes\appid\ezulamain.exe\ (1 traces secondaires) (ID = 126209) 08:20: HKLM\software\classes\appid\{8a044397-5da2-11d4-b185-0050dab79376}\ (1 traces secondaires) (ID = 126211) 08:20: HKLM\software\classes\appid\{c0335198-6755-11d4-8a73-0050da2ee1be}\ (1 traces secondaires) (ID = 126212) 08:20: HKLM\software\classes\clsid\{07f0a543-47ba-11d4-8a6d-0050da2ee1be}\ (11 traces secondaires) (ID = 126215) 08:20: HKLM\software\classes\clsid\{3d7247e8-5db8-11d4-8a72-0050da2ee1be}\ (11 traces secondaires) (ID = 126217) 08:20: HKLM\software\classes\clsid\{2306abe4-4d42-11d4-8a6d-0050da2ee1be}\ (11 traces secondaires) (ID = 126227) 08:20: HKLM\software\classes\clsid\{c4fee4a7-4b8b-11d4-8a6d-0050da2ee1be}\ (11 traces secondaires) (ID = 126235) 08:20: HKLM\software\classes\clsid\{d290d6e7-bf9d-42f0-9c1b-3bc8ae769b57}\ (9 traces secondaires) (ID = 126236) 08:20: HKLM\software\classes\ezulaagent.ezulactrlhost\ (3 traces secondaires) (ID = 126239) 08:20: HKLM\software\classes\ezulaagent.ieobject\ (3 traces secondaires) (ID = 126240) 08:20: HKLM\software\classes\ezulaagent.plugprot\ (3 traces secondaires) (ID = 126241) 08:20: HKLM\software\classes\ezulaagent.toolbarband\ (1 traces secondaires) (ID = 126242) 08:20: HKLM\software\classes\ezulabootexe.installctrl\ (3 traces secondaires) (ID = 126244) 08:20: HKLM\software\classes\ezulafsearcheng.ezulacode\ (5 traces secondaires) (ID = 126245) 08:20: HKLM\software\classes\ezulafsearcheng.ezulahash\ (5 traces secondaires) (ID = 126246) 08:20: HKLM\software\classes\ezulafsearcheng.ezulasearch\ (5 traces secondaires) (ID = 126247) 08:20: HKLM\software\classes\ezulafsearcheng.popupdisplay\ (5 traces secondaires) (ID = 126248) 08:20: HKLM\software\classes\ezulafsearcheng.resulthelper\ (5 traces secondaires) (ID = 126249) 08:20: HKLM\software\classes\ezulafsearcheng.searchhelper\ (5 traces secondaires) (ID = 126250) 08:20: HKLM\software\classes\ezulamain.ezulasearchpipe\ (3 traces secondaires) (ID = 126252) 08:20: HKLM\software\classes\ezulamain.trayiconm\ (3 traces secondaires) (ID = 126253) 08:20: HKLM\software\classes\interface\{07f0a544-47ba-11d4-8a6d-0050da2ee1be}\ (8 traces secondaires) (ID = 126254) 08:20: HKLM\software\classes\interface\{3d7247f1-5db8-11d4-8a72-0050da2ee1be}\ (8 traces secondaires) (ID = 126255) 08:20: HKLM\software\classes\interface\{4fd8645f-9b3e-46c1-9727-9837842a84ab}\ (8 traces secondaires) (ID = 126256) 08:20: HKLM\software\classes\interface\{8a0443a2-5da2-11d4-b185-0050dab79376}\ (8 traces secondaires) (ID = 126257) 08:20: HKLM\software\classes\interface\{8ebb1743-9a2f-11d4-8a7e-0050da2ee1be}\ (8 traces secondaires) (ID = 126258) 08:20: HKLM\software\classes\interface\{19dfb2ca-9b27-11d4-b192-0050dab79376}\ (8 traces secondaires) (ID = 126260) 08:20: HKLM\software\classes\interface\{27bc6871-4d5a-11d4-8a6d-0050da2ee1be}\ (8 traces secondaires) (ID = 126261) 08:20: HKLM\software\classes\interface\{1823bc4b-a253-4767-9cfc-9aca62a6b136}\ (8 traces secondaires) (ID = 126268) 08:20: HKLM\software\classes\interface\{58359012-bf36-11d3-99a2-0050da2ee1be}\ (8 traces secondaires) (ID = 126271) 08:20: HKLM\software\classes\interface\{c03351a3-6755-11d4-8a73-0050da2ee1be}\ (8 traces secondaires) (ID = 126272) 08:20: HKLM\software\classes\interface\{c4fee4a6-4b8b-11d4-8a6d-0050da2ee1be}\ (8 traces secondaires) (ID = 126273) 08:20: HKLM\software\classes\interface\{ef0372de-f552-11d3-8528-0050dab79376}\ (8 traces secondaires) (ID = 126274) 08:20: HKLM\software\classes\typelib\{07f0a536-47ba-11d4-8a6d-0050da2ee1be}\ (9 traces secondaires) (ID = 126276) 08:20: HKLM\software\classes\typelib\{083fa8f4-84f4-11d4-8a77-0050da2ee1be}\ (9 traces secondaires) (ID = 126277) 08:20: HKCR\typelib\{07f0a536-47ba-11d4-8a6d-0050da2ee1be}\ (9 traces secondaires) (ID = 126301) 08:20: HKCR\typelib\{083fa8f4-84f4-11d4-8a77-0050da2ee1be}\ (9 traces secondaires) (ID = 126302) 08:20: Trouvé Adware: flashtrack 08:20: HKCR\bredobj.bredobj.1\ (3 traces secondaires) (ID = 126519) 08:20: HKCR\bredobj.bredobj\ (3 traces secondaires) (ID = 126520) 08:20: HKCR\interface\{6e83ae1c-f69c-4aed-af98-d23c24c6fa4b}\ (8 traces secondaires) (ID = 126530) 08:20: HKLM\software\flt\ (7 traces secondaires) (ID = 126542) 08:20: HKLM\software\microsoft\windows\currentversion\uninstall\ftapp\ (2 traces secondaires) (ID = 126557) 08:20: HKCR\typelib\{7955ea20-e0d6-4a77-88b6-120674d979ea}\ (9 traces secondaires) (ID = 126564) 08:20: Trouvé Adware: gain-supported software 08:20: HKCR\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (9 traces secondaires) (ID = 126731) 08:20: HKLM\software\classes\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (9 traces secondaires) (ID = 126751) 08:20: Trouvé Adware: mindset interactive - favoriteman 08:20: HKCR\f1.organizer.1\ (3 traces secondaires) (ID = 135009) 08:20: HKCR\f1.organizer\ (5 traces secondaires) (ID = 135010) 08:20: HKLM\software\classes\f1.organizer\ (5 traces secondaires) (ID = 135015) 08:20: Trouvé Adware: shopathomeselect 08:20: HKLM\software\winsock2\layered provider sample\ (ID = 141736) 08:20: HKCR\ezulaagent.ezulactrlhost\ (3 traces secondaires) (ID = 385959) 08:20: HKCR\ezulaagent.ezulactrlhost\curver\ (1 traces secondaires) (ID = 385963) 08:20: HKCR\ezulaagent.ezulactrlhost.1\ (1 traces secondaires) (ID = 385965) 08:20: HKCR\ezulaagent.ieobject\ (3 traces secondaires) (ID = 385969) 08:20: HKCR\ezulaagent.ieobject\curver\ (1 traces secondaires) (ID = 385973) 08:20: HKCR\ezulaagent.ieobject.1\ (1 traces secondaires) (ID = 385975) 08:20: HKCR\ezulaagent.plugprot\ (3 traces secondaires) (ID = 385979) 08:20: HKCR\ezulaagent.plugprot\curver\ (1 traces secondaires) (ID = 385983) 08:20: HKCR\ezulaagent.plugprot.1\ (1 traces secondaires) (ID = 385985) 08:20: HKCR\ezulafsearcheng.searchhelper\ (5 traces secondaires) (ID = 386049) 08:20: HKCR\ezulafsearcheng.searchhelper\clsid\ (1 traces secondaires) (ID = 386051) 08:20: HKCR\ezulafsearcheng.searchhelper\curver\ (1 traces secondaires) (ID = 386053) 08:20: HKCR\ezulamain.ezulasearchpipe\ (3 traces secondaires) (ID = 386059) 08:20: HKCR\ezulamain.ezulasearchpipe\curver\ (1 traces secondaires) (ID = 386063) 08:20: HKCR\ezulamain.ezulasearchpipe.1\ (1 traces secondaires) (ID = 386065) 08:20: HKCR\ezulamain.trayiconm\ (3 traces secondaires) (ID = 386069) 08:20: HKCR\ezulamain.trayiconm\curver\ (1 traces secondaires) (ID = 386073) 08:20: HKCR\appid\ezulabootexe.exe\ (1 traces secondaires) (ID = 386101) 08:20: HKCR\appid\ezulabootexe.exe\ || appid (ID = 386102) 08:20: HKCR\appid\ezulamain.exe\ (1 traces secondaires) (ID = 386103) 08:20: HKCR\appid\ezulamain.exe\ || appid (ID = 386104) 08:20: HKLM\software\classes\ezulaagent.ezulactrlhost\ (3 traces secondaires) (ID = 386899) 08:20: HKLM\software\classes\ezulaagent.ezulactrlhost\curver\ (1 traces secondaires) (ID = 386903) 08:20: HKLM\software\classes\ezulaagent.ezulactrlhost.1\ (1 traces secondaires) (ID = 386905) 08:20: HKLM\software\classes\ezulafsearcheng.ezulahash\ (5 traces secondaires) (ID = 386949) 08:20: HKLM\software\classes\ezulafsearcheng.ezulahash\clsid\ (1 traces secondaires) (ID = 386951) 08:20: HKLM\software\classes\ezulafsearcheng.ezulahash\curver\ (1 traces secondaires) (ID = 386953) 08:20: HKLM\software\classes\ezulafsearcheng.ezulahash.1\ (3 traces secondaires) (ID = 386955) 08:20: HKLM\software\classes\ezulafsearcheng.ezulahash.1\clsid\ (1 traces secondaires) (ID = 386957) 08:20: HKLM\software\classes\ezulafsearcheng.ezulasearch.1\ (3 traces secondaires) (ID = 386965) 08:20: HKLM\software\classes\ezulafsearcheng.ezulasearch.1\clsid\ (1 traces secondaires) (ID = 386967) 08:20: HKLM\software\classes\ezulafsearcheng.resulthelper.1\ (3 traces secondaires) (ID = 386985) 08:20: HKLM\software\classes\ezulafsearcheng.searchhelper.1\ (3 traces secondaires) (ID = 386995) 08:20: HKLM\software\classes\ezulamain.trayiconm.1\ (1 traces secondaires) (ID = 387015) 08:20: HKCR\ezulafsearcheng.ezulahash.1\ (3 traces secondaires) (ID = 466528) 08:20: HKCR\ezulafsearcheng.ezulahash.1\clsid\ (1 traces secondaires) (ID = 466530) 08:20: HKCR\ezulafsearcheng.ezulahash\ (5 traces secondaires) (ID = 466532) 08:20: HKCR\ezulafsearcheng.ezulahash\clsid\ (1 traces secondaires) (ID = 466534) 08:20: HKCR\ezulafsearcheng.ezulahash\curver\ (1 traces secondaires) (ID = 466536) 08:20: HKCR\ezulafsearcheng.ezulasearch.1\ (3 traces secondaires) (ID = 466538) 08:20: HKCR\ezulafsearcheng.ezulasearch.1\clsid\ (1 traces secondaires) (ID = 466540) 08:20: HKCR\ezulafsearcheng.ezulasearch\ (5 traces secondaires) (ID = 466542) 08:20: HKCR\ezulafsearcheng.ezulasearch\clsid\ (1 traces secondaires) (ID = 466544) 08:20: HKCR\ezulafsearcheng.ezulasearch\curver\ (1 traces secondaires) (ID = 466546) 08:20: HKCR\ezulafsearcheng.resulthelper\ (5 traces secondaires) (ID = 466554) 08:20: HKCR\ezulafsearcheng.resulthelper\clsid\ (1 traces secondaires) (ID = 466556) 08:20: HKCR\ezulafsearcheng.resulthelper\curver\ (1 traces secondaires) (ID = 466558) 08:20: HKCR\ezulafsearcheng.ezulacode.1\ (3 traces secondaires) (ID = 466560) 08:20: HKCR\ezulafsearcheng.ezulacode.1\clsid\ (1 traces secondaires) (ID = 466562) 08:20: HKCR\ezulafsearcheng.ezulacode\ (5 traces secondaires) (ID = 466564) 08:20: HKCR\ezulafsearcheng.ezulacode\clsid\ (1 traces secondaires) (ID = 466566) 08:20: HKCR\ezulafsearcheng.ezulacode\curver\ (1 traces secondaires) (ID = 466568) 08:20: HKCR\ezulafsearcheng.popupdisplay.1\ (3 traces secondaires) (ID = 466570) 08:20: HKCR\ezulafsearcheng.popupdisplay.1\clsid\ (1 traces secondaires) (ID = 466572) 08:20: HKCR\ezulafsearcheng.popupdisplay\ (5 traces secondaires) (ID = 466574) 08:20: HKCR\ezulafsearcheng.popupdisplay\clsid\ (1 traces secondaires) (ID = 466576) 08:20: HKCR\ezulafsearcheng.popupdisplay\curver\ (1 traces secondaires) (ID = 466578) 08:20: HKCR\ezulabootexe.installctrl.1\ (1 traces secondaires) (ID = 466596) 08:20: HKCR\ezulabootexe.installctrl\ (3 traces secondaires) (ID = 466600) 08:20: HKCR\ezulabootexe.installctrl\curver\ (1 traces secondaires) (ID = 466604) 08:20: HKCR\ezulaagent.toolbarband.1\ (1 traces secondaires) (ID = 466626) 08:20: HKCR\ezulaagent.toolbarband\ (1 traces secondaires) (ID = 466630) 08:20: HKLM\software\classes\ezulafsearcheng.ezulasearch\ (5 traces secondaires) (ID = 466688) 08:20: HKLM\software\classes\ezulafsearcheng.ezulasearch\clsid\ (1 traces secondaires) (ID = 466690) 08:20: HKLM\software\classes\ezulafsearcheng.ezulasearch\curver\ (1 traces secondaires) (ID = 466692) 08:20: HKLM\software\classes\ezulafsearcheng.searchhelper\ (5 traces secondaires) (ID = 466694) 08:20: HKLM\software\classes\ezulafsearcheng.searchhelper\clsid\ (1 traces secondaires) (ID = 466696) 08:20: HKLM\software\classes\ezulafsearcheng.searchhelper\curver\ (1 traces secondaires) (ID = 466698) 08:20: HKLM\software\classes\ezulafsearcheng.resulthelper\ (5 traces secondaires) (ID = 466700) 08:20: HKLM\software\classes\ezulafsearcheng.resulthelper\clsid\ (1 traces secondaires) (ID = 466702) 08:20: HKLM\software\classes\ezulafsearcheng.resulthelper\curver\ (1 traces secondaires) (ID = 466704) 08:20: HKLM\software\classes\ezulafsearcheng.ezulacode.1\ (3 traces secondaires) (ID = 466706) 08:20: HKLM\software\classes\ezulafsearcheng.ezulacode.1\clsid\ (1 traces secondaires) (ID = 466708) 08:20: HKLM\software\classes\ezulafsearcheng.ezulacode\ (5 traces secondaires) (ID = 466710) 08:20: HKLM\software\classes\ezulafsearcheng.ezulacode\clsid\ (1 traces secondaires) (ID = 466712) 08:20: HKLM\software\classes\ezulafsearcheng.ezulacode\curver\ (1 traces secondaires) (ID = 466714) 08:20: HKLM\software\classes\ezulafsearcheng.popupdisplay.1\ (3 traces secondaires) (ID = 466716) 08:20: HKLM\software\classes\ezulafsearcheng.popupdisplay.1\clsid\ (1 traces secondaires) (ID = 466718) 08:20: HKLM\software\classes\ezulafsearcheng.popupdisplay\ (5 traces secondaires) (ID = 466720) 08:20: HKLM\software\classes\ezulafsearcheng.popupdisplay\clsid\ (1 traces secondaires) (ID = 466722) 08:20: HKLM\software\classes\ezulafsearcheng.popupdisplay\curver\ (1 traces secondaires) (ID = 466724) 08:20: HKLM\software\classes\ezulamain.trayiconm\ (3 traces secondaires) (ID = 466726) 08:20: HKLM\software\classes\ezulamain.trayiconm\curver\ (1 traces secondaires) (ID = 466730) 08:20: HKLM\software\classes\ezulabootexe.installctrl.1\ (1 traces secondaires) (ID = 466742) 08:20: HKLM\software\classes\ezulabootexe.installctrl\ (3 traces secondaires) (ID = 466746) 08:20: HKLM\software\classes\ezulabootexe.installctrl\curver\ (1 traces secondaires) (ID = 466750) 08:20: HKLM\software\classes\ezulamain.ezulasearchpipe.1\ (1 traces secondaires) (ID = 466752) 08:20: HKLM\software\classes\ezulamain.ezulasearchpipe\ (3 traces secondaires) (ID = 466756) 08:20: HKLM\software\classes\ezulamain.ezulasearchpipe\curver\ (1 traces secondaires) (ID = 466760) 08:20: HKLM\software\classes\ezulaagent.ieobject.1\ (1 traces secondaires) (ID = 466762) 08:20: HKLM\software\classes\ezulaagent.ieobject\ (3 traces secondaires) (ID = 466766) 08:20: HKLM\software\classes\ezulaagent.ieobject\curver\ (1 traces secondaires) (ID = 466770) 08:20: HKLM\software\classes\ezulaagent.toolbarband.1\ (1 traces secondaires) (ID = 466772) 08:20: HKLM\software\classes\ezulaagent.toolbarband\ (1 traces secondaires) (ID = 466776) 08:20: HKLM\software\classes\ezulaagent.plugprot.1\ (1 traces secondaires) (ID = 466780) 08:20: HKLM\software\classes\ezulaagent.plugprot\ (3 traces secondaires) (ID = 466784) 08:20: HKLM\software\classes\ezulaagent.plugprot\curver\ (1 traces secondaires) (ID = 466788) 08:20: HKLM\software\classes\appid\ezulamain.exe\ (1 traces secondaires) (ID = 466800) 08:20: HKLM\software\classes\appid\ezulamain.exe\ || appid (ID = 466801) 08:20: HKLM\software\classes\appid\ezulabootexe.exe\ (1 traces secondaires) (ID = 466802) 08:20: HKLM\software\classes\appid\ezulabootexe.exe\ || appid (ID = 466803) 08:20: HKCR\ezulafsearcheng.ezulahash\ (5 traces secondaires) (ID = 466816) 08:20: HKCR\ezulafsearcheng.ezulasearch\ (5 traces secondaires) (ID = 466817) 08:20: HKCR\ezulafsearcheng.searchhelper\ (5 traces secondaires) (ID = 466818) 08:20: HKCR\ezulafsearcheng.resulthelper\ (5 traces secondaires) (ID = 466819) 08:20: HKCR\ezulafsearcheng.ezulacode\ (5 traces secondaires) (ID = 466820) 08:20: HKCR\ezulafsearcheng.popupdisplay\ (5 traces secondaires) (ID = 466821) 08:20: HKCR\ezulamain.trayiconm\ (3 traces secondaires) (ID = 466822) 08:20: HKCR\ezulabootexe.installctrl\ (3 traces secondaires) (ID = 466824) 08:20: HKCR\ezulamain.ezulasearchpipe\ (3 traces secondaires) (ID = 466825) 08:20: HKCR\ezulaagent.ieobject\ (3 traces secondaires) (ID = 466826) 08:20: HKCR\ezulaagent.toolbarband\ (1 traces secondaires) (ID = 466827) 08:20: HKCR\ezulaagent.plugprot\ (3 traces secondaires) (ID = 466828) 08:20: HKCR\ezulaagent.ezulactrlhost\ (3 traces secondaires) (ID = 466829) 08:20: HKLM\software\gator.com\ (1461 traces secondaires) (ID = 528933) 08:20: Trouvé Adware: cydoor 08:20: HKLM\software\cydoor\ (3 traces secondaires) (ID = 639127) 08:20: HKCR\clsid\{07f0a543-47ba-11d4-8a6d-0050da2ee1be}\ (11 traces secondaires) (ID = 816730) 08:20: HKCR\clsid\{3d7247e8-5db8-11d4-8a72-0050da2ee1be}\ (11 traces secondaires) (ID = 816767) 08:20: HKU\S-1-5-21-1241782079-4222561561-2385565259-500\software\commonname\ (3 traces secondaires) (ID = 106881) 08:20: HKU\S-1-5-21-1241782079-4222561561-2385565259-500\software\ezula\setup\ (19 traces secondaires) (ID = 386817) 08:20: HKU\S-1-5-21-1241782079-4222561561-2385565259-500\software\ezula\setup\ || bmk (ID = 386818) 08:20: HKU\S-1-5-21-1241782079-4222561561-2385565259-500\software\ezula\setup\id\ (4 traces secondaires) (ID = 386819) 08:20: HKU\S-1-5-21-1241782079-4222561561-2385565259-500\software\ezula\setup\id\ || geo (ID = 386820) 08:20: HKU\S-1-5-21-1241782079-4222561561-2385565259-500\software\ezula\setup\path\ (3 traces secondaires) (ID = 386824) 08:20: HKU\S-1-5-21-1241782079-4222561561-2385565259-500\software\ezula\setup\path\ || imagespath (ID = 386825) 08:20: HKU\S-1-5-21-1241782079-4222561561-2385565259-500\software\ezula\setup\path\ || genun (ID = 386826) 08:20: HKU\S-1-5-21-1241782079-4222561561-2385565259-500\software\ezula\ (34 traces secondaires) (ID = 466658) 08:20: HKU\S-1-5-21-1241782079-4222561561-2385565259-500\software\ezula\ || strup (ID = 466659) 08:20: HKU\S-1-5-21-1241782079-4222561561-2385565259-500\software\ezula\setup\id\ || l_up (ID = 466669) 08:20: HKU\S-1-5-21-1241782079-4222561561-2385565259-500\software\cydoor\ (580 traces secondaires) (ID = 639126) 08:20: HKU\S-1-5-21-1241782079-4222561561-2385565259-500\software\ezula\ (34 traces secondaires) (ID = 639279) 08:20: Analyse du Registre terminée, temps passé :00:00:11 08:20: Démarrage de l’analyse des cookies 08:20: Analyse des cookies terminée, temps passé : 00:00:00 08:20: Démarrage de l’analyse des fichiers 08:20: c:\program files\gator.com (1 traces secondaires) (ID = -2147480941) 08:20: c:\documents and settings\all users\menu démarrer\programmes\gain publishing (1 traces secondaires) (ID = -2147480950) 08:20: c:\documents and settings\administrateur\menu démarrer\programmes\toptext ilookup (3 traces secondaires) (ID = -2147481003) 08:20: c:\program files\ezula (38 traces secondaires) (ID = -2147480999) 08:20: obj.dat (ID = 114465) 08:20: url2.dat (ID = 53831) 08:20: babe.dat (ID = 53735) 08:20: dfs.dat (ID = 53778) 08:20: cnbabeie.exe (ID = 53748) 08:20: sahagent.log (ID = 75886) 08:21: Trouvé Adware: abetterinternet 08:21: backup-20051115-093242-518.dll (ID = 83383) 08:21: fillin.wav (ID = 61352) 08:21: button_small.gif (ID = 60415) 08:21: backup-20051115-093242-492.dll (ID = 61087) 08:22: sahagent-imesh.exe (ID = 75873) 08:23: gatorstubsetup.exe (ID = 61412) 08:23: guninstaller.exe (ID = 61468) 08:23: giocl.dll (ID = 61431) 08:23: gioclclient.dll (ID = 61432) 08:23: gappmgr.dll (ID = 61377) 08:23: gmt.exe.manifest (ID = 61434) 08:23: gdwldeng.dll (ID = 61425) 08:23: gmtproxy.dll (ID = 61439) 08:23: seng.dll (ID = 60620) 08:23: chcon.dll (ID = 60418) 08:23: gatorres.dll (ID = 61405) 08:23: gator.log (ID = 61386) 08:23: hfixcfg (ID = 61483) 08:23: genun.ez (ID = 111054) 08:23: search.src (ID = 60617) 08:23: egnsengine.dll (ID = 61346) 08:23: appmgrgui.zip (ID = 61281) 08:23: gain publishing web site.url (ID = 61372) 08:23: mepcme.dat (ID = 61517) 08:23: gatorsupportinfo.txt (ID = 61414) 08:23: cmediagnostics.log (ID = 61291) 08:23: exit.dat (ID = 114460) 08:23: url1.dat (ID = 53829) 08:23: url8.dat (ID = 53834) 08:23: url9.dat (ID = 53835) 08:23: legend.lgn (ID = 60573) 08:23: param.ez (ID = 60605) 08:23: rwds.rst (ID = 60615) 08:23: Analyse des fichiers terminée, temps passé : 00:03:32 08:23: Analyse complète terminée. Durée 00:04:51 08:23: Traces trouvées : 3373 ******** 08:07: | Début de session, 16 novembre 2005 | 08:07: Spy Sweeper démarrée 08:07: Analyse lancée avec la version des définitions 556 08:07: Démarrage de l’analyse de la mémoire 08:08: Analyse de la mémoire terminée, temps passé : 00:01:00 08:08: Démarrage de l’analyse du Registre 08:08: Trouvé Adware: commonname 08:08: HKCR\appid\{118a2bfa-5ac7-4d29-beb9-d68f4d2cccab}\ (1 traces secondaires) (ID = 106780) 08:08: HKCR\babeie.agentie.1\ (1 traces secondaires) (ID = 106782) 08:08: HKCR\babeie.agentie\ (3 traces secondaires) (ID = 106783) 08:08: HKCR\babeie.handler.1\ (1 traces secondaires) (ID = 106784) 08:08: HKCR\babeie.handler\ (3 traces secondaires) (ID = 106785) 08:08: HKCR\babeie.helper.1\ (1 traces secondaires) (ID = 106786) 08:08: HKCR\babeie.helper\ (3 traces secondaires) (ID = 106787) 08:08: HKCR\interface\{2d0f5208-3198-49a4-86a7-d65e9e582751}\ (8 traces secondaires) (ID = 106823) 08:08: HKCR\interface\{8adbbe3e-1841-4708-85df-727ccee6220b}\ (8 traces secondaires) (ID = 106826) 08:08: HKCR\interface\{99908473-1135-4009-be4f-32b921f86ed9}\ (8 traces secondaires) (ID = 106829) 08:08: HKCR\protocols\handler\cn\ (2 traces secondaires) (ID = 106833) 08:08: HKLM\software\%s\ (1 traces secondaires) (ID = 106834) 08:08: HKLM\software\classes\appid\winnet.exe\ (1 traces secondaires) (ID = 106836) 08:08: HKLM\software\classes\babeie.agentie\ (3 traces secondaires) (ID = 106838) 08:08: HKLM\software\classes\babeie.handler\ (3 traces secondaires) (ID = 106839) 08:08: HKLM\software\classes\babeie.helper\ (3 traces secondaires) (ID = 106840) 08:08: HKLM\software\classes\interface\{2d0f5208-3198-49a4-86a7-d65e9e582751}\ (8 traces secondaires) (ID = 106867) 08:08: HKLM\software\classes\interface\{99908473-1135-4009-be4f-32b921f86ed9}\ (8 traces secondaires) (ID = 106872) 08:08: HKLM\software\commonname\ (24 traces secondaires) (ID = 106882) 08:08: HKLM\software\microsoft\windows\currentversion\uninstall\commonname\ (2 traces secondaires) (ID = 106905) 08:08: HKLM\system\currentcontrolset\services\winik\ (14 traces secondaires) (ID = 106933) 08:08: HKCR\winnet.update.1\ (1 traces secondaires) (ID = 106941) 08:08: HKCR\winnet.update\ (3 traces secondaires) (ID = 106942) 08:08: Trouvé Adware: ezula ilookup 08:08: HKCR\appid\ezulabootexe.exe\ (1 traces secondaires) (ID = 126122) 08:08: HKCR\appid\ezulamain.exe\ (1 traces secondaires) (ID = 126123) 08:08: HKCR\appid\{8a044397-5da2-11d4-b185-0050dab79376}\ (1 traces secondaires) (ID = 126125) 08:08: HKCR\appid\{c0335198-6755-11d4-8a73-0050da2ee1be}\ (1 traces secondaires) (ID = 126126) 08:08: HKCR\clsid\{07f0a545-47ba-11d4-8a6d-0050da2ee1be}\ (11 traces secondaires) (ID = 126128) 08:08: HKCR\clsid\{2306abe4-4d42-11d4-8a6d-0050da2ee1be}\ (11 traces secondaires) (ID = 126139) 08:08: HKCR\clsid\{c4fee4a7-4b8b-11d4-8a6d-0050da2ee1be}\ (11 traces secondaires) (ID = 126148) 08:08: HKCR\clsid\{d290d6e7-bf9d-42f0-9c1b-3bc8ae769b57}\ (9 traces secondaires) (ID = 126149) 08:08: HKCR\ezulaagent.ezulactrlhost.1\ (1 traces secondaires) (ID = 126152) 08:08: HKCR\ezulaagent.ezulactrlhost\ (3 traces secondaires) (ID = 126153) 08:08: HKCR\ezulaagent.ieobject.1\ (1 traces secondaires) (ID = 126154) 08:08: HKCR\ezulaagent.ieobject\ (3 traces secondaires) (ID = 126155) 08:08: HKCR\ezulaagent.plugprot.1\ (1 traces secondaires) (ID = 126156) 08:08: HKCR\ezulaagent.plugprot\ (3 traces secondaires) (ID = 126157) 08:08: HKCR\ezulaagent.toolbarband.1\ (1 traces secondaires) (ID = 126158) 08:08: HKCR\ezulaagent.toolbarband\ (1 traces secondaires) (ID = 126159) 08:08: HKCR\ezulabootexe.installctrl.1\ (1 traces secondaires) (ID = 126162) 08:08: HKCR\ezulabootexe.installctrl\ (3 traces secondaires) (ID = 126163) 08:08: HKCR\ezulafsearcheng.ezulacode.1\ (3 traces secondaires) (ID = 126164) 08:08: HKCR\ezulafsearcheng.ezulacode\ (5 traces secondaires) (ID = 126165) 08:08: HKCR\ezulafsearcheng.ezulahash.1\ (3 traces secondaires) (ID = 126166) 08:08: HKCR\ezulafsearcheng.ezulahash\ (5 traces secondaires) (ID = 126167) 08:08: HKCR\ezulafsearcheng.ezulasearch.1\ (3 traces secondaires) (ID = 126168) 08:08: HKCR\ezulafsearcheng.ezulasearch\ (5 traces secondaires) (ID = 126169) 08:08: HKCR\ezulafsearcheng.popupdisplay.1\ (3 traces secondaires) (ID = 126170) 08:08: HKCR\ezulafsearcheng.popupdisplay\ (5 traces secondaires) (ID = 126171) 08:08: HKCR\ezulafsearcheng.resulthelper.1\ (3 traces secondaires) (ID = 126172) 08:08: HKCR\ezulafsearcheng.resulthelper\ (5 traces secondaires) (ID = 126173) 08:08: HKCR\ezulafsearcheng.searchhelper.1\ (3 traces secondaires) (ID = 126174) 08:08: HKCR\ezulafsearcheng.searchhelper\ (5 traces secondaires) (ID = 126175) 08:08: HKCR\ezulamain.ezulasearchpipe.1\ (1 traces secondaires) (ID = 126178) 08:08: HKCR\ezulamain.ezulasearchpipe\ (3 traces secondaires) (ID = 126179) 08:08: HKCR\ezulamain.trayiconm.1\ (1 traces secondaires) (ID = 126180) 08:08: HKCR\ezulamain.trayiconm\ (3 traces secondaires) (ID = 126181) 08:08: HKCR\interface\{07f0a542-47ba-11d4-8a6d-0050da2ee1be}\ (8 traces secondaires) (ID = 126182) 08:08: HKCR\interface\{3d7247f1-5db8-11d4-8a72-0050da2ee1be}\ (8 traces secondaires) (ID = 126184) 08:08: HKCR\interface\{4fd8645f-9b3e-46c1-9727-9837842a84ab}\ (8 traces secondaires) (ID = 126185) 08:08: HKCR\interface\{7edc96e1-5dd3-11d4-b185-0050dab79376}\ (8 traces secondaires) (ID = 126186) 08:08: HKCR\interface\{8a0443a2-5da2-11d4-b185-0050dab79376}\ (8 traces secondaires) (ID = 126187) 08:08: HKCR\interface\{8ebb1743-9a2f-11d4-8a7e-0050da2ee1be}\ (8 traces secondaires) (ID = 126188) 08:08: HKCR\interface\{19dfb2ca-9b27-11d4-b192-0050dab79376}\ (8 traces secondaires) (ID = 126190) 08:08: HKCR\interface\{27bc6871-4d5a-11d4-8a6d-0050da2ee1be}\ (8 traces secondaires) (ID = 126191) 08:08: HKCR\interface\{1823bc4b-a253-4767-9cfc-9aca62a6b136}\ (8 traces secondaires) (ID = 126197) 08:08: HKCR\interface\{58359012-bf36-11d3-99a2-0050da2ee1be}\ (8 traces secondaires) (ID = 126200) 08:08: HKCR\interface\{c03351a3-6755-11d4-8a73-0050da2ee1be}\ (8 traces secondaires) (ID = 126201) 08:08: HKCR\interface\{c4fee4a6-4b8b-11d4-8a6d-0050da2ee1be}\ (8 traces secondaires) (ID = 126202) 08:08: HKCR\interface\{ef0372dc-f552-11d3-8528-0050dab79376}\ (8 traces secondaires) (ID = 126203) 08:08: HKLM\software\classes\appid\ezulabootexe.exe\ (1 traces secondaires) (ID = 126208) 08:08: HKLM\software\classes\appid\ezulamain.exe\ (1 traces secondaires) (ID = 126209) 08:08: HKLM\software\classes\appid\{8a044397-5da2-11d4-b185-0050dab79376}\ (1 traces secondaires) (ID = 126211) 08:08: HKLM\software\classes\appid\{c0335198-6755-11d4-8a73-0050da2ee1be}\ (1 traces secondaires) (ID = 126212) 08:08: HKLM\software\classes\clsid\{07f0a543-47ba-11d4-8a6d-0050da2ee1be}\ (11 traces secondaires) (ID = 126215) 08:08: HKLM\software\classes\clsid\{3d7247e8-5db8-11d4-8a72-0050da2ee1be}\ (11 traces secondaires) (ID = 126217) 08:08: HKLM\software\classes\clsid\{2306abe4-4d42-11d4-8a6d-0050da2ee1be}\ (11 traces secondaires) (ID = 126227) 08:08: HKLM\software\classes\clsid\{c4fee4a7-4b8b-11d4-8a6d-0050da2ee1be}\ (11 traces secondaires) (ID = 126235) 08:08: HKLM\software\classes\clsid\{d290d6e7-bf9d-42f0-9c1b-3bc8ae769b57}\ (9 traces secondaires) (ID = 126236) 08:08: HKLM\software\classes\ezulaagent.ezulactrlhost\ (3 traces secondaires) (ID = 126239) 08:08: HKLM\software\classes\ezulaagent.ieobject\ (3 traces secondaires) (ID = 126240) 08:08: HKLM\software\classes\ezulaagent.plugprot\ (3 traces secondaires) (ID = 126241) 08:08: HKLM\software\classes\ezulaagent.toolbarband\ (1 traces secondaires) (ID = 126242) 08:08: HKLM\software\classes\ezulabootexe.installctrl\ (3 traces secondaires) (ID = 126244) 08:08: HKLM\software\classes\ezulafsearcheng.ezulacode\ (5 traces secondaires) (ID = 126245) 08:08: HKLM\software\classes\ezulafsearcheng.ezulahash\ (5 traces secondaires) (ID = 126246) 08:08: HKLM\software\classes\ezulafsearcheng.ezulasearch\ (5 traces secondaires) (ID = 126247) 08:08: HKLM\software\classes\ezulafsearcheng.popupdisplay\ (5 traces secondaires) (ID = 126248) 08:08: HKLM\software\classes\ezulafsearcheng.resulthelper\ (5 traces secondaires) (ID = 126249) 08:08: HKLM\software\classes\ezulafsearcheng.searchhelper\ (5 traces secondaires) (ID = 126250) 08:08: HKLM\software\classes\ezulamain.ezulasearchpipe\ (3 traces secondaires) (ID = 126252) 08:08: HKLM\software\classes\ezulamain.trayiconm\ (3 traces secondaires) (ID = 126253) 08:08: HKLM\software\classes\interface\{07f0a544-47ba-11d4-8a6d-0050da2ee1be}\ (8 traces secondaires) (ID = 126254) 08:08: HKLM\software\classes\interface\{3d7247f1-5db8-11d4-8a72-0050da2ee1be}\ (8 traces secondaires) (ID = 126255) 08:08: HKLM\software\classes\interface\{4fd8645f-9b3e-46c1-9727-9837842a84ab}\ (8 traces secondaires) (ID = 126256) 08:08: HKLM\software\classes\interface\{8a0443a2-5da2-11d4-b185-0050dab79376}\ (8 traces secondaires) (ID = 126257) 08:08: HKLM\software\classes\interface\{8ebb1743-9a2f-11d4-8a7e-0050da2ee1be}\ (8 traces secondaires) (ID = 126258) 08:08: HKLM\software\classes\interface\{19dfb2ca-9b27-11d4-b192-0050dab79376}\ (8 traces secondaires) (ID = 126260) 08:08: HKLM\software\classes\interface\{27bc6871-4d5a-11d4-8a6d-0050da2ee1be}\ (8 traces secondaires) (ID = 126261) 08:08: HKLM\software\classes\interface\{1823bc4b-a253-4767-9cfc-9aca62a6b136}\ (8 traces secondaires) (ID = 126268) 08:08: HKLM\software\classes\interface\{58359012-bf36-11d3-99a2-0050da2ee1be}\ (8 traces secondaires) (ID = 126271) 08:08: HKLM\software\classes\interface\{c03351a3-6755-11d4-8a73-0050da2ee1be}\ (8 traces secondaires) (ID = 126272) 08:08: HKLM\software\classes\interface\{c4fee4a6-4b8b-11d4-8a6d-0050da2ee1be}\ (8 traces secondaires) (ID = 126273) 08:08: HKLM\software\classes\interface\{ef0372de-f552-11d3-8528-0050dab79376}\ (8 traces secondaires) (ID = 126274) 08:08: HKLM\software\classes\typelib\{07f0a536-47ba-11d4-8a6d-0050da2ee1be}\ (9 traces secondaires) (ID = 126276) 08:08: HKLM\software\classes\typelib\{083fa8f4-84f4-11d4-8a77-0050da2ee1be}\ (9 traces secondaires) (ID = 126277) 08:08: HKCR\typelib\{07f0a536-47ba-11d4-8a6d-0050da2ee1be}\ (9 traces secondaires) (ID = 126301) 08:08: HKCR\typelib\{083fa8f4-84f4-11d4-8a77-0050da2ee1be}\ (9 traces secondaires) (ID = 126302) 08:08: Trouvé Adware: flashtrack 08:08: HKCR\bredobj.bredobj.1\ (3 traces secondaires) (ID = 126519) 08:08: HKCR\bredobj.bredobj\ (3 traces secondaires) (ID = 126520) 08:08: HKCR\interface\{6e83ae1c-f69c-4aed-af98-d23c24c6fa4b}\ (8 traces secondaires) (ID = 126530) 08:08: HKLM\software\flt\ (7 traces secondaires) (ID = 126542) 08:08: HKLM\software\microsoft\windows\currentversion\uninstall\ftapp\ (2 traces secondaires) (ID = 126557) 08:08: HKCR\typelib\{7955ea20-e0d6-4a77-88b6-120674d979ea}\ (9 traces secondaires) (ID = 126564) 08:08: Trouvé Adware: gain-supported software 08:08: HKCR\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (9 traces secondaires) (ID = 126731) 08:08: HKLM\software\classes\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (9 traces secondaires) (ID = 126751) 08:08: Trouvé Adware: mindset interactive - favoriteman 08:08: HKCR\f1.organizer.1\ (3 traces secondaires) (ID = 135009) 08:08: HKCR\f1.organizer\ (5 traces secondaires) (ID = 135010) 08:08: HKLM\software\classes\f1.organizer\ (5 traces secondaires) (ID = 135015) 08:08: Trouvé Adware: shopathomeselect 08:08: HKLM\software\winsock2\layered provider sample\ (ID = 141736) 08:08: HKCR\ezulaagent.ezulactrlhost\ (3 traces secondaires) (ID = 385959) 08:08: HKCR\ezulaagent.ezulactrlhost\curver\ (1 traces secondaires) (ID = 385963) 08:08: HKCR\ezulaagent.ezulactrlhost.1\ (1 traces secondaires) (ID = 385965) 08:08: HKCR\ezulaagent.ieobject\ (3 traces secondaires) (ID = 385969) 08:08: HKCR\ezulaagent.ieobject\curver\ (1 traces secondaires) (ID = 385973) 08:08: HKCR\ezulaagent.ieobject.1\ (1 traces secondaires) (ID = 385975) 08:08: HKCR\ezulaagent.plugprot\ (3 traces secondaires) (ID = 385979) 08:08: HKCR\ezulaagent.plugprot\curver\ (1 traces secondaires) (ID = 385983) 08:08: HKCR\ezulaagent.plugprot.1\ (1 traces secondaires) (ID = 385985) 08:08: HKCR\ezulafsearcheng.searchhelper\ (5 traces secondaires) (ID = 386049) 08:08: HKCR\ezulafsearcheng.searchhelper\clsid\ (1 traces secondaires) (ID = 386051) 08:08: HKCR\ezulafsearcheng.searchhelper\curver\ (1 traces secondaires) (ID = 386053) 08:08: HKCR\ezulamain.ezulasearchpipe\ (3 traces secondaires) (ID = 386059) 08:08: HKCR\ezulamain.ezulasearchpipe\curver\ (1 traces secondaires) (ID = 386063) 08:08: HKCR\ezulamain.ezulasearchpipe.1\ (1 traces secondaires) (ID = 386065) 08:08: HKCR\ezulamain.trayiconm\ (3 traces secondaires) (ID = 386069) 08:08: HKCR\ezulamain.trayiconm\curver\ (1 traces secondaires) (ID = 386073) 08:08: HKCR\appid\ezulabootexe.exe\ (1 traces secondaires) (ID = 386101) 08:08: HKCR\appid\ezulabootexe.exe\ || appid (ID = 386102) 08:08: HKCR\appid\ezulamain.exe\ (1 traces secondaires) (ID = 386103) 08:08: HKCR\appid\ezulamain.exe\ || appid (ID = 386104) 08:08: HKLM\software\classes\ezulaagent.ezulactrlhost\ (3 traces secondaires) (ID = 386899) 08:08: HKLM\software\classes\ezulaagent.ezulactrlhost\curver\ (1 traces secondaires) (ID = 386903) 08:08: HKLM\software\classes\ezulaagent.ezulactrlhost.1\ (1 traces secondaires) (ID = 386905) 08:08: HKLM\software\classes\ezulafsearcheng.ezulahash\ (5 traces secondaires) (ID = 386949) 08:08: HKLM\software\classes\ezulafsearcheng.ezulahash\clsid\ (1 traces secondaires) (ID = 386951) 08:08: HKLM\software\classes\ezulafsearcheng.ezulahash\curver\ (1 traces secondaires) (ID = 386953) 08:08: HKLM\software\classes\ezulafsearcheng.ezulahash.1\ (3 traces secondaires) (ID = 386955) 08:08: HKLM\software\classes\ezulafsearcheng.ezulahash.1\clsid\ (1 traces secondaires) (ID = 386957) 08:08: HKLM\software\classes\ezulafsearcheng.ezulasearch.1\ (3 traces secondaires) (ID = 386965) 08:08: HKLM\software\classes\ezulafsearcheng.ezulasearch.1\clsid\ (1 traces secondaires) (ID = 386967) 08:08: HKLM\software\classes\ezulafsearcheng.resulthelper.1\ (3 traces secondaires) (ID = 386985) 08:08: HKLM\software\classes\ezulafsearcheng.searchhelper.1\ (3 traces secondaires) (ID = 386995) 08:08: HKLM\software\classes\ezulamain.trayiconm.1\ (1 traces secondaires) (ID = 387015) 08:08: HKCR\ezulafsearcheng.ezulahash.1\ (3 traces secondaires) (ID = 466528) 08:08: HKCR\ezulafsearcheng.ezulahash.1\clsid\ (1 traces secondaires) (ID = 466530) 08:08: HKCR\ezulafsearcheng.ezulahash\ (5 traces secondaires) (ID = 466532) 08:08: HKCR\ezulafsearcheng.ezulahash\clsid\ (1 traces secondaires) (ID = 466534) 08:08: HKCR\ezulafsearcheng.ezulahash\curver\ (1 traces secondaires) (ID = 466536) 08:08: HKCR\ezulafsearcheng.ezulasearch.1\ (3 traces secondaires) (ID = 466538) 08:08: HKCR\ezulafsearcheng.ezulasearch.1\clsid\ (1 traces secondaires) (ID = 466540) 08:08: HKCR\ezulafsearcheng.ezulasearch\ (5 traces secondaires) (ID = 466542) 08:08: HKCR\ezulafsearcheng.ezulasearch\clsid\ (1 traces secondaires) (ID = 466544) 08:08: HKCR\ezulafsearcheng.ezulasearch\curver\ (1 traces secondaires) (ID = 466546) 08:08: HKCR\ezulafsearcheng.resulthelper\ (5 traces secondaires) (ID = 466554) 08:08: HKCR\ezulafsearcheng.resulthelper\clsid\ (1 traces secondaires) (ID = 466556) 08:08: HKCR\ezulafsearcheng.resulthelper\curver\ (1 traces secondaires) (ID = 466558) 08:08: HKCR\ezulafsearcheng.ezulacode.1\ (3 traces secondaires) (ID = 466560) 08:08: HKCR\ezulafsearcheng.ezulacode.1\clsid\ (1 traces secondaires) (ID = 466562) 08:08: HKCR\ezulafsearcheng.ezulacode\ (5 traces secondaires) (ID = 466564) 08:08: HKCR\ezulafsearcheng.ezulacode\clsid\ (1 traces secondaires) (ID = 466566) 08:08: HKCR\ezulafsearcheng.ezulacode\curver\ (1 traces secondaires) (ID = 466568) 08:08: HKCR\ezulafsearcheng.popupdisplay.1\ (3 traces secondaires) (ID = 466570) 08:08: HKCR\ezulafsearcheng.popupdisplay.1\clsid\ (1 traces secondaires) (ID = 466572) 08:08: HKCR\ezulafsearcheng.popupdisplay\ (5 traces secondaires) (ID = 466574) 08:08: HKCR\ezulafsearcheng.popupdisplay\clsid\ (1 traces secondaires) (ID = 466576) 08:08: HKCR\ezulafsearcheng.popupdisplay\curver\ (1 traces secondaires) (ID = 466578) 08:08: HKCR\ezulabootexe.installctrl.1\ (1 traces secondaires) (ID = 466596) 08:08: HKCR\ezulabootexe.installctrl\ (3 traces secondaires) (ID = 466600) 08:08: HKCR\ezulabootexe.installctrl\curver\ (1 traces secondaires) (ID = 466604) 08:08: HKCR\ezulaagent.toolbarband.1\ (1 traces secondaires) (ID = 466626) 08:08: HKCR\ezulaagent.toolbarband\ (1 traces secondaires) (ID = 466630) 08:08: HKLM\software\classes\ezulafsearcheng.ezulasearch\ (5 traces secondaires) (ID = 466688) 08:08: HKLM\software\classes\ezulafsearcheng.ezulasearch\clsid\ (1 traces secondaires) (ID = 466690) 08:08: HKLM\software\classes\ezulafsearcheng.ezulasearch\curver\ (1 traces secondaires) (ID = 466692) 08:08: HKLM\software\classes\ezulafsearcheng.searchhelper\ (5 traces secondaires) (ID = 466694) 08:08: HKLM\software\classes\ezulafsearcheng.searchhelper\clsid\ (1 traces secondaires) (ID = 466696) 08:08: HKLM\software\classes\ezulafsearcheng.searchhelper\curver\ (1 traces secondaires) (ID = 466698) 08:08: HKLM\software\classes\ezulafsearcheng.resulthelper\ (5 traces secondaires) (ID = 466700) 08:08: HKLM\software\classes\ezulafsearcheng.resulthelper\clsid\ (1 traces secondaires) (ID = 466702) 08:08: HKLM\software\classes\ezulafsearcheng.resulthelper\curver\ (1 traces secondaires) (ID = 466704) 08:08: HKLM\software\classes\ezulafsearcheng.ezulacode.1\ (3 traces secondaires) (ID = 466706) 08:08: HKLM\software\classes\ezulafsearcheng.ezulacode.1\clsid\ (1 traces secondaires) (ID = 466708) 08:08: HKLM\software\classes\ezulafsearcheng.ezulacode\ (5 traces secondaires) (ID = 466710) 08:08: HKLM\software\classes\ezulafsearcheng.ezulacode\clsid\ (1 traces secondaires) (ID = 466712) 08:08: HKLM\software\classes\ezulafsearcheng.ezulacode\curver\ (1 traces secondaires) (ID = 466714) 08:08: HKLM\software\classes\ezulafsearcheng.popupdisplay.1\ (3 traces secondaires) (ID = 466716) 08:08: HKLM\software\classes\ezulafsearcheng.popupdisplay.1\clsid\ (1 traces secondaires) (ID = 466718) 08:08: HKLM\software\classes\ezulafsearcheng.popupdisplay\ (5 traces secondaires) (ID = 466720) 08:08: HKLM\software\classes\ezulafsearcheng.popupdisplay\clsid\ (1 traces secondaires) (ID = 466722) 08:08: HKLM\software\classes\ezulafsearcheng.popupdisplay\curver\ (1 traces secondaires) (ID = 466724) 08:08: HKLM\software\classes\ezulamain.trayiconm\ (3 traces secondaires) (ID = 466726) 08:08: HKLM\software\classes\ezulamain.trayiconm\curver\ (1 traces secondaires) (ID = 466730) 08:08: HKLM\software\classes\ezulabootexe.installctrl.1\ (1 traces secondaires) (ID = 466742) 08:08: HKLM\software\classes\ezulabootexe.installctrl\ (3 traces secondaires) (ID = 466746) 08:08: HKLM\software\classes\ezulabootexe.installctrl\curver\ (1 traces secondaires) (ID = 466750) 08:08: HKLM\software\classes\ezulamain.ezulasearchpipe.1\ (1 traces secondaires) (ID = 466752) 08:08: HKLM\software\classes\ezulamain.ezulasearchpipe\ (3 traces secondaires) (ID = 466756) 08:08: HKLM\software\classes\ezulamain.ezulasearchpipe\curver\ (1 traces secondaires) (ID = 466760) 08:08: HKLM\software\classes\ezulaagent.ieobject.1\ (1 traces secondaires) (ID = 466762) 08:08: HKLM\software\classes\ezulaagent.ieobject\ (3 traces secondaires) (ID = 466766) 08:08: HKLM\software\classes\ezulaagent.ieobject\curver\ (1 traces secondaires) (ID = 466770) 08:08: HKLM\software\classes\ezulaagent.toolbarband.1\ (1 traces secondaires) (ID = 466772) 08:08: HKLM\software\classes\ezulaagent.toolbarband\ (1 traces secondaires) (ID = 466776) 08:08: HKLM\software\classes\ezulaagent.plugprot.1\ (1 traces secondaires) (ID = 466780) 08:08: HKLM\software\classes\ezulaagent.plugprot\ (3 traces secondaires) (ID = 466784) 08:08: HKLM\software\classes\ezulaagent.plugprot\curver\ (1 traces secondaires) (ID = 466788) 08:08: HKLM\software\classes\appid\ezulamain.exe\ (1 traces secondaires) (ID = 466800) 08:08: HKLM\software\classes\appid\ezulamain.exe\ || appid (ID = 466801) 08:08: HKLM\software\classes\appid\ezulabootexe.exe\ (1 traces secondaires) (ID = 466802) 08:08: HKLM\software\classes\appid\ezulabootexe.exe\ || appid (ID = 466803) 08:08: HKCR\ezulafsearcheng.ezulahash\ (5 traces secondaires) (ID = 466816) 08:08: HKCR\ezulafsearcheng.ezulasearch\ (5 traces secondaires) (ID = 466817) 08:08: HKCR\ezulafsearcheng.searchhelper\ (5 traces secondaires) (ID = 466818) 08:08: HKCR\ezulafsearcheng.resulthelper\ (5 traces secondaires) (ID = 466819) 08:08: HKCR\ezulafsearcheng.ezulacode\ (5 traces secondaires) (ID = 466820) 08:08: HKCR\ezulafsearcheng.popupdisplay\ (5 traces secondaires) (ID = 466821) 08:08: HKCR\ezulamain.trayiconm\ (3 traces secondaires) (ID = 466822) 08:08: HKCR\ezulabootexe.installctrl\ (3 traces secondaires) (ID = 466824) 08:08: HKCR\ezulamain.ezulasearchpipe\ (3 traces secondaires) (ID = 466825) 08:08: HKCR\ezulaagent.ieobject\ (3 traces secondaires) (ID = 466826) 08:08: HKCR\ezulaagent.toolbarband\ (1 traces secondaires) (ID = 466827) 08:08: HKCR\ezulaagent.plugprot\ (3 traces secondaires) (ID = 466828) 08:08: HKCR\ezulaagent.ezulactrlhost\ (3 traces secondaires) (ID = 466829) 08:08: HKLM\software\gator.com\ (1461 traces secondaires) (ID = 528933) 08:08: Trouvé Adware: cydoor 08:08: HKLM\software\cydoor\ (3 traces secondaires) (ID = 639127) 08:08: HKCR\clsid\{07f0a543-47ba-11d4-8a6d-0050da2ee1be}\ (11 traces secondaires) (ID = 816730) 08:08: HKCR\clsid\{3d7247e8-5db8-11d4-8a72-0050da2ee1be}\ (11 traces secondaires) (ID = 816767)
  10. 5zoreil

    agent dx

    5zoreil a répondu à un(e) sujet de 5zoreil dans Analyses et éradication malwares

    Bonjour j'ai fait tout ça et le virus est toujours là: voici mon log Logfile of HijackThis v1.99.1 Scan saved at 18:41:52, on 15.11.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Booster Wanadoo\wanadoo_booster.exe C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Documents and Settings\Administrateur\Mes documents\highjack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [dk0GYwUx] C:\PROGRA~1\uvotvwpr\eoACD4xM.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - Global Startup: Booster Wanadoo.lnk = C:\Program Files\Booster Wanadoo\wanadoo_booster.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{B3362A03-3D4C-44AC-987D-CBD809F0A0FF}: NameServer = 192.168.0.1 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Merci de ton aide
  11. 5zoreil

    agent dx

    5zoreil a répondu à un(e) sujet de 5zoreil dans Analyses et éradication malwares

    Logfile of HijackThis v1.99.1 Scan saved at 18:02:58, on 14.11.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\highjackthis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - (no file) O2 - BHO: F1 Organizer Class - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\mpz300.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file) O2 - BHO: BRedObj Class - {665ACD90-4541-4836-9FE4-062386BB8F05} - c:\Program Files\Flt\Flt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [dk0GYwUx] C:\PROGRA~1\uvotvwpr\eoACD4xM.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - Global Startup: Booster Wanadoo.lnk = C:\Program Files\Booster Wanadoo\wanadoo_booster.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: myPrintMileage.lnk = C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_90.dll' missing O11 - Options group: [CommonName] CommonName O18 - Protocol hijack: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40} O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe voici mon log highjack après avoir scrupuleusement suivi tes consignes merci de ton aide
  12. 5zoreil

    agent dx

    5zoreil a répondu à un(e) sujet de 5zoreil dans Analyses et éradication malwares

    Bonjour d'abord merci pour ton aide. J'ai rajouté antivir sur mon pc pour les besoins du virus . En temps normal j'utilise AVG, n'ayant pas l'adsl, antivir est trop long à mettre à jour autrement. J'enlèverai (hélàs) antivir dès le virus enlevé. Merci merci de tes conseils, je m'y jette au plus vite et je reviens aux nouvelles merci
  13. 5zoreil
    bonjour j'ai agent dx sur mon pc et jz n'arrive pas à m'en défaire. Je mets ci-dessous le log de highjackthis. Ci quelqu'un peu m'aider à m'en sortir je le remercie d'avance Logfile of HijackThis v1.99.1 Scan saved at 22:07:46, on 11.11.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Booster Wanadoo\wanadoo_booster.exe C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\PROGRA~1\Wanadoo\ALERTM~1.EXE C:\Documents and Settings\Administrateur\Mes documents\highjack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - (no file) O2 - BHO: F1 Organizer Class - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\mpz300.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file) O2 - BHO: BRedObj Class - {665ACD90-4541-4836-9FE4-062386BB8F05} - c:\Program Files\Flt\Flt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [dk0GYwUx] C:\PROGRA~1\uvotvwpr\eoACD4xM.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - Global Startup: Booster Wanadoo.lnk = C:\Program Files\Booster Wanadoo\wanadoo_booster.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: myPrintMileage.lnk = C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_90.dll' missing O11 - Options group: [CommonName] CommonName O18 - Protocol hijack: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40} O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe merci
×
×
  • Créer...