Aller au contenu

subaman

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    35

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par subaman

  1. subaman
    Ok merci bien
  2. subaman
    c'est surtout pour la clartee en fait et la c'est bon c'est fini ? En tous MERCI
  3. subaman
    oui avec le passage de Mbam ca marche niquel Merci Mais jai passer mon raport sur http://www.hijackthis.de/fr#anl Et il reste des croix rouge mais ce sont les file missing c'est pour ca que je demandais ca
  4. subaman
    UP ?
  5. subaman
    en fait juste apres jai fait ce que tu a dit et jai reboot aussi je supose que tu va surment me redemandee un raport HJC alors le voila -- End of file - 7896 bytes je fix tous les (file missing) ?
  6. subaman
    Raport mbam Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2866 Windows 6.0.6000 28/09/2009 15:16:57 mbam-log-2009-09-28 (15-16-43).txt Type de recherche: Examen rapide Eléments examinés: 78315 Temps écoulé: 2 minute(s), 33 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 2 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\Program Files (x86)\PremierOpinion\components\pmxg.dll (Trojan.Agent) -> No action taken. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{eeb86aef-4a5d-4b75-9d74-f16d438fc286} (Adware.PremierOpinion) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. Dossier(s) infecté(s): C:\Program Files (x86)\premieropinion (Trojan.Agent) -> No action taken. C:\Program Files (x86)\premieropinion\components (Trojan.Agent) -> No action taken. Fichier(s) infecté(s): C:\Users\Subaman\AppData\Local\Temp\vista\Vista32.exe (Worm.VB) -> No action taken. C:\Users\Subaman\AppData\Local\Temp\vista\Vista64.exe (Trojan.Agent) -> No action taken. C:\Program Files (x86)\premieropinion\components\pmxg.dll (Trojan.Agent) -> No action taken.
  7. subaman
    Bonjours Voila depuis hier mon pc lag a mort (lag pas ram) En le rallument j'ai vu PremierOpinion (que je ne conais pas) qui me bloquai tous je pouvait rien faire juste ouvrir le gestionnaire des tache et paf ca plantais je suis donc partie en mode sans echec et supprimée l'exe pour pouvoir finir un truc important voici donc le rapport Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:09:09, on 27/09/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16890) Boot mode: Normal Running processes: C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe C:\Program Files (x86)\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Fraps\fraps.exe C:\program files (x86)\avira\antivir desktop\avcenter.exe C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe C:\Program Files (x86)\Java\jre6\bin\jucheck.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Subaman\AppData\Local\Temp\Rar$EX00.624\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PremierOpinion - Unknown owner - C:\Program Files (x86)\PremierOpinion\pmservice.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7753 bytes Bon si faut formatee je le ferait mais jaurait bien attendu de recevoir mon Windows 7 D'avance Merci !
  8. subaman
    je suis desole mais je peut pas rester terminer les opérations si sa ne te gène pas je serai la demain pour terminer merci d'avance
  9. subaman
    ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== C:\Program Files\SideFind moved successfully. ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10202008_204011 Files moved on Reboot... File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== C:\Program Files\SideFind moved successfully. ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10202008_204011 Files moved on Reboot... File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
  10. subaman
    -----------\\ ToolBar S&D 1.2.2 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : AMD Duron Processor ) BIOS : Version 1.00 USER : CAROLINE ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 7.0.0.2 (Activated) A:\ (USB) C:\ (Local Disk) - FAT32 - Total : 3 Go Free : 0 Go D:\ (Local Disk) - FAT32 - Total : 15 Go Free : 5 Go E:\ (CD or DVD) F:\ (CD or DVD) G:\ (Local Disk) - NTFS - Total : 27 Go Free : 25 Go H:\ (USB) - FAT - Total : 244 Mo Free : 0 Go "C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 ) Option : [1] ( 20/10/2008|20:02 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\SideFind C:\Program Files\SideFind\update C:\Program Files\SideFind\sfbho.dll -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.orange.fr/"'>http://www.orange.fr/" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 20/10/2008|20:03 - Option : [1] -----------\\ Fin du rapport a 20:03:48,18 ------------------------------------------------------------------------------------------------------------------------ -----------\\ ToolBar S&D 1.2.2 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : AMD Duron Processor ) BIOS : Version 1.00 USER : CAROLINE ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 7.0.0.2 (Activated) A:\ (USB) C:\ (Local Disk) - FAT32 - Total : 3 Go Free : 0 Go D:\ (Local Disk) - FAT32 - Total : 15 Go Free : 5 Go E:\ (CD or DVD) F:\ (CD or DVD) G:\ (Local Disk) - NTFS - Total : 27 Go Free : 25 Go H:\ (USB) - FAT - Total : 244 Mo Free : 0 Go "C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 ) Option : [2] ( 20/10/2008|20:05 ) -----------\\ SUPPRESSION Supprime! - C:\Program Files\SideFind\update Echec ! - C:\Program Files\SideFind\sfbho.dll Echec ! - C:\Program Files\SideFind -----------\\ DEUXIEME PASSAGE Echec ! - C:\Program Files\SideFind\sfbho.dll Echec ! - C:\Program Files\SideFind -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\SideFind C:\Program Files\SideFind\sfbho.dll -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.orange.fr/" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 20/10/2008|20:03 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 20/10/2008|20:07 - Option : [2] ---------------------------------------------------------------------------------------------------------------- SDFix: Version 1.236 Run by CAROLINE on 20/10/2008 at 20:14 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : AUTOEXEC.NT Restored from backups Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\SYSTEM32\FTPUPD.EXE - Deleted C:\WINDOWS\system32\TFTP2016 - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-20 20:17:12 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\System32\\nbsutk.exe"="C:\\WINDOWS\\System32\\nbsutk.exe:*:Enabled:nbsutk" "G:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="G:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 19 Aug 2004 1,667,584 ...H. --- "C:\Program Files\Messenger\msmsgs.exe" Thu 19 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Fri 13 Aug 2004 94,208 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe" Fri 13 Aug 2004 1,953,792 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe" Fri 13 Aug 2004 53,760 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll" Mon 16 Aug 2004 35,328 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll" Fri 13 Aug 2004 20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe" Thu 20 Dec 2001 10,198 A..H. --- "C:\Program Files\Microsoft Office\Office\Gestionnaire Office\Off2.tmp" Finished! J'ai toujours pas internet PS: Merci de maider
  11. subaman
    Salut tous le monde AntiVir PersonalEdition Classic Report file date: lundi 20 octobre 2008 18:40 Scanning for 835736 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: JG Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:30 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:52 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:48 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:22 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:16 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:56 ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 13:27:04 ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 13:27:14 AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 16:43:56 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:28 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:18 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:02 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:08 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:34 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:20 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:44 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:14 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:38 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:22 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: G:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 20 octobre 2008 18:40 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'WSCNTFY.EXE' - '1' Module(s) have been scanned Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'WinServSuit.exe' - '1' Module(s) have been scanned Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'WinServAd.exe' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 24 processes with 24 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'G:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '22' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\kb478616586.exe [DETECTION] Contains detection pattern of the dropper DR/LowZones.D [iNFO] The file was deleted! C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\SAHUninstall.exe [DETECTION] Is the Trojan horse TR/SAHAgent.A.3 [iNFO] The file was deleted! C:\WINDOWS\nem220.dll [DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.BH.1 [iNFO] The file was deleted! C:\WINDOWS\Downloaded Program Files\lsp_.dll [DETECTION] Is the Trojan horse TR/SAHAgent.A [iNFO] The file was deleted! C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/SAHAgent.A Backdoor server programs [iNFO] The file was deleted! C:\WINDOWS\Downloaded Program Files\SAHUninstall_.exe [DETECTION] Is the Trojan horse TR/SAHAgent.A.3 [iNFO] The file was deleted! C:\WINDOWS\Downloaded Program Files\SahHtml_.exe [DETECTION] Is the Trojan horse TR/SAHAgent.A.2 [iNFO] The file was deleted! C:\WINDOWS\Downloaded Program Files\WEBInstaller.dll [DETECTION] Is the Trojan horse TR/SAHAgent.A [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\iel.exe [DETECTION] Is the Trojan horse TR/Lowzones.D [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\x.bat [DETECTION] Is the Trojan horse TR/StartPage.ST.1 [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\install.exe [DETECTION] Is the Trojan horse TR/Lowzones.D.21 [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temp\sidefind.exe [DETECTION] Is the Trojan horse TR/Agent.V [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temp\iinstall.exe [DETECTION] Is the Trojan horse TR/Dldr.Agent.V [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temp\optimize.exe [DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.ds [iNFO] TR/Dldr.Dyfuca.ds:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer]:<DisplayIcon>=sz:optimize.exe [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0U78TIHD\actalert[1].exe [DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.DP [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\EWMLTSFF\sidefind13[1].dll [DETECTION] Is the Trojan horse TR/Dldr.IstBar.DLL [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\EWMLTSFF\istbar_mainstream[1].dll [DETECTION] Is the Trojan horse TR/IstBar.U [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TPMVQFLT\optimize312[1].exe [DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.ds [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TPMVQFLT\0006_regular[1].cab [0] Archive type: CAB (Microsoft) --> istactivex.dll [DETECTION] Is the Trojan horse TR/Click.Small.DN.2 [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TPMVQFLT\ncase_new[1].exe [DETECTION] Is the Trojan horse TR/Lowzones.B [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\EFERIPEN\istsvc[1].exe [DETECTION] Is the Trojan horse TR/Dldr.IstBar.er1 [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\EFERIPEN\nem220[1].dll [DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.BH.1 [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0LW5QZ0D\istrecover[1].exe [DETECTION] Is the Trojan horse TR/Dldr.IstBar.go [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0LW5QZ0D\wsem303[1].dll [DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.CN [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\6DOJIP25\sidefind[1].exe [DETECTION] Is the Trojan horse TR/Agent.V [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\C5IRST6J\winupdate2[1].exe [DETECTION] Is the Trojan horse TR/Click.Delf.AH.7 [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\C5IRST6J\prompt[1].html [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.IstBar.J [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\C5IRST6J\optimize[1].exe [DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.ds [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\KL6B0PEN\lca3[1].exe [DETECTION] Contains detection pattern of the dropper DR/LowZones.D [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\UNGZYB69\bunSetup[1].cab [0] Archive type: CAB (Microsoft) --> lsp_.dll [DETECTION] Is the Trojan horse TR/SAHAgent.A --> SAHAgent_.exe [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/SAHAgent.A Backdoor server programs --> SAHUninstall_.exe [DETECTION] Is the Trojan horse TR/SAHAgent.A.3 --> SahHtml_.exe [DETECTION] Is the Trojan horse TR/SAHAgent.A.2 --> WEBInstaller.dll [DETECTION] Is the Trojan horse TR/SAHAgent.A [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\MDZOHGJY\rogue[1].exe [DETECTION] Is the Trojan horse TR/DelProx.A [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\MDZOHGJY\a173aa[1].js [DETECTION] Contains detection pattern of the Java script virus JS/Small.AF [iNFO] The file was deleted! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\X3FJTXKE\installer[1].exe [DETECTION] Contains detection pattern of the dropper DR/LowZones.D.3 [iNFO] The file was deleted! C:\Program Files\SideFind\sidefind.dll [DETECTION] Is the Trojan horse TR/Dldr.IstBar.DLL [iNFO] The file was deleted! C:\Program Files\SideFind\update\sidefind.exe [DETECTION] Is the Trojan horse TR/Agent.V [iNFO] The file was deleted! C:\Program Files\SearchRelevant\uninstall.exe [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Genlot.E Backdoor server programs [iNFO] The file was deleted! C:\FOUND.000\FILE0001.CHK [DETECTION] Contains detection pattern of the dropper DR/LowZones.D [iNFO] The file was deleted! C:\temp\sahagent.exe [DETECTION] Contains detection pattern of the dropper DR/SAHAgent.A [iNFO] The file was deleted! Begin scan in 'D:\' Begin scan in 'G:\' End of the scan: lundi 20 octobre 2008 19:08 Used time: 27:30 min The scan has been done completely. 1896 Scanning directories 126103 Files were scanned 42 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 38 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 126061 Files not concerned 1305 Archives were scanned 2 Warnings 0 Notes Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:09:57, on 20/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Windows ServeAd\WinServAd.exe G:\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows ServeAd\WinServSuit.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe H:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing) O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [Windows Compliant] nbsutk.exe O4 - HKLM\..\Run: [sAHAgent] C:\WINDOWS\System32\SahAgent.exe O4 - HKLM\..\Run: [¢‰¸u0–4C }ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\heeax.exe O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]­ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\heeax.exe O4 - HKLM\..\Run: [Jtpujkx] C:\Program Files\Mrge\Aicht.exe O4 - HKLM\..\Run: [Weflfjcx] C:\Program Files\Nriqkr\Usdb.exe O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe O4 - HKLM\..\Run: [salm] c:\temp\salm.exe O4 - HKLM\..\Run: [QuickTime Task] "G:\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunServices: [Windows Compliant] nbsutk.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Windows Compliant] nbsutk.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\windows\system32\lsp.dll' missing O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYes...e/bridge-c7.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B5A3D299-A92C-4F7F-967B-29B8A17304D9}: NameServer = 80.10.246.2,80.10.246.129 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- End of file - 4425 bytes a cause de ca ya pus internet Merci
  12. subaman

    2 ISO 1 CD Possible ?

    subaman a répondu à un(e) sujet de subaman dans Software

    ca serait deux CD logiques sur un physique mais d'ou on pourait Booter de Ultimate Boot CD ET sur le linux
  13. subaman

    2 ISO 1 CD Possible ?

    subaman a posté un sujet dans Software

    Salut tous le monde je me demandais si je pouvais mettre 2 iso dans un seul CD Edit : Pour qu'il soit bootable sur les différent "CD" Exemple mettre Ultimate Boot cd plus un petit live cd (en iso) de linux Nlite le fait ca ? ou un autre prog ? On ma dit qui falait un genre de Grub qui serait sur le cd Merci d'avance
  14. subaman
    désolé je suis parti hier voici la suite SDFix: Version 1.220 Run by DAVID CARDOSO on 01/09/2008 at 19:03 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Restoring Default Desktop Wallpaper Restoring Default ScreenSaver value Restoring Windows Product ID To Remove Fake Virus Alert Restoring Time Format To Remove Fake Virus Alert Rebooting Checking Files : Trojan Files Found: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted C:\WINDOWS\system32\lphcr8uj0ecel.exe - Deleted C:\WINDOWS\system32\cbXPffFV.dll - Deleted C:\WINDOWS\system32\phcr8uj0ecel.bmp - Deleted C:\WINDOWS\system32\blphcr8uj0ecel.scr - Deleted C:\WINDOWS\EPGL.EXE - Deleted C:\Documents and Settings\DAVID CARDOSO\Application Data\Adobe\crc.dat - Deleted C:\Documents and Settings\DAVID CARDOSO\Application Data\Adobe\Manager.exe - Deleted C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe - Deleted C:\Documents and Settings\All Users\Application Data\System Doctor Free\Data\Abbr - Deleted C:\Documents and Settings\All Users\Application Data\System Doctor Free\Data\ActivationCode - Deleted C:\Documents and Settings\DAVID CARDOSO\Bureau\Error Cleaner.url - Deleted C:\Documents and Settings\DAVID CARDOSO\Favoris\Error Cleaner.url - Deleted C:\Documents and Settings\DAVID CARDOSO\Bureau\Privacy Protector.url - Deleted C:\Documents and Settings\DAVID CARDOSO\Favoris\Privacy Protector.url - Deleted C:\WINDOWS\privacy_danger\index.htm - Deleted C:\WINDOWS\privacy_danger\images\capt.gif - Deleted C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted C:\WINDOWS\privacy_danger\images\down.gif - Deleted C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted C:\Program Files\Microsoft Security Adviser\msavsc.exe - Deleted C:\Program Files\Microsoft Security Adviser\msctrl.exe - Deleted C:\Program Files\Microsoft Security Adviser\msctrl.log - Deleted C:\Program Files\Microsoft Security Adviser\msfw.exe - Deleted C:\Program Files\Microsoft Security Adviser\msiemon.exe - Deleted C:\Program Files\Microsoft Security Adviser\mssadv.exe - Deleted C:\Program Files\Microsoft Security Adviser\mssadv.log - Deleted C:\Program Files\Microsoft Security Adviser\mssadv_sp.log - Deleted C:\Program Files\Microsoft Security Adviser\msscan.exe - Deleted C:\Program Files\PCPrivacyCleaner\pcpc.exe - Deleted C:\DOCUME~1\DAVIDC~1\LOCALS~1\Temp\.tt215.tmp - Deleted C:\DOCUME~1\DAVIDC~1\LOCALS~1\Temp\.tt21E.tmp - Deleted C:\DOCUME~1\DAVIDC~1\LOCALS~1\Temp\.tt215.tmp.vbs - Deleted C:\DOCUME~1\DAVIDC~1\LOCALS~1\Temp\lwpwer.exe.bat - Deleted C:\DOCUME~1\DAVIDC~1\LOCALS~1\Temp\tmp11.tmp - Deleted C:\DOCUME~1\DAVIDC~1\LOCALS~1\Temp\tmp50.tmp - Deleted C:\WINDOWS\twmxbsqrobw.dll - Deleted C:\DOCUME~1\DAVIDC~1\LOCALS~1\Temp\79_003.exe - Deleted C:\DOCUME~1\DAVIDC~1\LOCALS~1\Temp\lwpwer.exe - Deleted C:\DOCUME~1\DAVIDC~1\LOCALS~1\Temp\removalfile.bat - Deleted C:\0xf9.exe - Deleted C:\WINDOWS\Fonts\Setup.exe - Deleted C:\WINDOWS\Fonts\svchost.exe - Deleted C:\WINDOWS\rafbsvnx.dll - Deleted C:\WINDOWS\system32\pac.txt - Deleted C:\WINDOWS\tqwolser.exe - Deleted C:\WINDOWS\tsxngabr.dll - Deleted C:\WINDOWS\vtqnxfko.dll - Deleted Folder C:\WINDOWS\Fonts\' - Removed Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed Folder C:\Documents and Settings\All Users\Application Data\Secure Solutions - Removed Folder C:\Documents and Settings\All Users\Application Data\System Doctor Free - Removed Folder C:\Program Files\Microsoft Security Adviser - Removed Folder C:\Program Files\PCPrivacyCleaner - Removed Folder C:\Program Files\VirusRemover2008 - Removed Folder C:\WINDOWS\privacy_danger - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-01 19:33:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:0000008e "TracesSuccessful"=dword:00000006 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb" "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray" "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Sat 24 Jun 2006 88 A.SHR --- "C:\i386\B1474129DF.sys" Sat 24 Jun 2006 2,828 A.SH. --- "C:\i386\KGyGaAvL.sys" Fri 12 Mar 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe" Fri 12 Mar 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe" Fri 12 Mar 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe" Sun 25 May 2008 88 ..SHR --- "C:\WINDOWS\system32\B1474129DF.sys" Sun 25 May 2008 3,766 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Sun 27 Aug 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 19 Aug 2008 15,019,089 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a04477c32a6fb7024bddf15f1c7beff3\BIT169.tmp" Tue 6 May 2008 24,758,792 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT4A.tmp" Sun 27 Aug 2006 4,348 ...H. --- "C:\Documents and Settings\DAVID CARDOSO\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak" Wed 21 Mar 2007 20 A..H. --- "C:\Documents and Settings\DAVID CARDOSO\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak" Mon 14 Aug 2006 312 A.SH. --- "C:\Documents and Settings\DAVID CARDOSO\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:38:08, on 01/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\System32\FTRTSVC.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe c:\program files\mcafee.com\vso\mcvsshld.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Rundll32.exe C:\PROGRA~1\mcafee.com\agent\McAgent.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe O4 - HKLM\..\Run: [bMebd5894f] Rundll32.exe "C:\WINDOWS\system32\psffwjto.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~2\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~2\Wanadoo Messager.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CC2B3925-8E2E-4874-AD31-085BDE44DCB8}: NameServer = 80.10.246.2,80.10.246.129 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 8283 bytes
  15. subaman
    Bonjours tous le monde j'ai besoin d'aide pour desinfecter le pc d'un pote aparament depuis la fin de de mac afee j'instalrait antivir a lin fin de la desinfection sauf si vous me conseiller de le metre avant Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:54: VIRUS ALERT!, on 31/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft Security Adviser\msctrl.exe C:\Program Files\Microsoft Security Adviser\msavsc.exe C:\Program Files\Microsoft Security Adviser\msscan.exe C:\Program Files\Microsoft Security Adviser\msiemon.exe C:\Program Files\Microsoft Security Adviser\msfw.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\Program Files\Microsoft Security Adviser\mssadv.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\program files\mcafee.com\agent\mcagent.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: rafbsvnx - {C091867D-17C0-4855-B6E5-797649ED7A9A} - C:\WINDOWS\rafbsvnx.dll O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~2\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~2\Wanadoo Messager.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CC2B3925-8E2E-4874-AD31-085BDE44DCB8}: NameServer = 80.10.246.2,80.10.246.129 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 9514 bytes Je sait que c'est bien infecter mais bon il prefere ne pas formater
  16. subaman
    vrai enfin si on veut c'est 3.5G pas 3G
  17. subaman

    Raport

    subaman a répondu à un(e) sujet de subaman dans Analyses et éradication malwares

    Alors un ami ma fait passer un coups de SmitfraudFix et MBAM et c'est bon ya tous qui a ete resolue Un grand merci a Falkra a Willy et a Zebulon pour leur forum PS:Pour Les prob du menu demarer c'estais tous con : clic droit -> propriété -> Menu demarer -> personnaliser ... et c'estais decocher ^^
  18. subaman

    Raport

    subaman a répondu à un(e) sujet de subaman dans Analyses et éradication malwares

    ok merci moi aussi je doit partir pour le moment merci encore Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoDrives"=dword:0000000c ⴭⴭⴭⴭⴭⴭഭ圊椀渀搀漀眀猀 刀攀最椀猀琀爀礀 䔀搀椀琀漀爀 嘀攀爀猀椀漀渀 㔀⸀  ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀漀昀琀眀愀爀攀尀䴀椀挀爀漀猀漀昀琀尀圀椀渀搀漀眀猀尀䌀甀爀爀攀渀琀嘀攀爀猀椀漀渀尀倀漀氀椀挀椀攀猀尀䔀砀瀀氀漀爀攀爀崀ഀ਀ഀ਀ⴀⴭⴭⴭⴭⴭⴭ਍ Moi ca me met juste des care dans le bloc note PS: le gestionaire de tache estais aussi desactiver et je l'ai reactiver avec le gpedit hier
  19. subaman

    Raport

    subaman a répondu à un(e) sujet de subaman dans Analyses et éradication malwares

    je vien de voir que c'est pas pareil sur toute les sesion yen a meme une qui a pas femer la sesion "clef jaune" c'est quois la racourci windows fermer la sesion ?
  20. subaman

    Raport

    subaman a répondu à un(e) sujet de subaman dans Analyses et éradication malwares

    oui parametre dafichage j'ai (eu sans redemarer) mais jai pas le menu demarer meme apres redemarage
  21. subaman

    Raport

    subaman a répondu à un(e) sujet de subaman dans Analyses et éradication malwares

    non ca n'as pas marcher meme apres un redemarage Mais hier javais du faire ca pour les proprieter du bureau (j'avais :ni Bureau ,ni Ecran de veille ,ni Parametre) javais du aller dans le meme truc gpedit.msc et la par contre ca avais marcher PS: je peut pas aller dans ajout supresion de programe jai pas Parametre
  22. subaman

    Raport

    subaman a répondu à un(e) sujet de subaman dans Analyses et éradication malwares

    non ca doit etre un reste car j'ai pus norton
  23. subaman

    Raport

    subaman a répondu à un(e) sujet de subaman dans Analyses et éradication malwares

    bah y rest juste le truc du menu demarer les icone qui manque et c'est bien chiant nan sinon rien d'autre
  24. subaman

    Raport

    subaman a répondu à un(e) sujet de subaman dans Analyses et éradication malwares

    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:27:30, on 28/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\LxrSII1s.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Fichiers communs\AOL\1186163380\ee\AOLSoftware.exe C:\Program Files\Neuf\Kit\WiFi\9wifi.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/5mefr_ms/157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: {8fdcdfe3-38ea-1648-ff64-1a34c3f65b7d} - {d7b56f3c-43a1-46ff-8461-ae833efdcdf8} - (no file) O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1186163380\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: SmartUI.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b28ba9a1ccc6419cb9db037268312b30 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b28ba9a1ccc6419cb9db037268312b30 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://emea-ml13.emea.csc.com/iNotes6W.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://guylwantz.spaces.live.com/PhotoUplo....cab?10,0,912,0 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{90CEFC5A-96CC-4C26-BC77-4D4C99674377}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 10313 bytes
  25. subaman

    Raport

    subaman a répondu à un(e) sujet de subaman dans Analyses et éradication malwares

    Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK
×
×
  • Créer...