deceiver
-
Compteur de contenus
66 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par deceiver
-
Bin mon alim est une Tagan 480W et c'est vrai que j'ai remarqué qu'un des deux ventilos ne marche plus c'est celui qui ventile a l'interieur ! J'espere que c'est ca ! Je vais testé et je vous en dit des nouvelles , merci beaucoup en tout cas .
-
logiciel malveillant
deceiver a répondu à un(e) sujet de deceiver dans Analyses et éradication malwares
Arf désolé ce n'est pas le meme pc , c'est pour celui d'un ami , c'est pour cela que je possede plusieurs postes . -
Voila j'ai un gros gros probleme , mon PC se fige a chaque fois que je veux le démarrer ou le redémarrer ! C'est a dire qu'il se lance normalement et d'un coup il s'arrete ca peut etre aussi bien pendant le chargement du bios, du boot sur un cd ou bien pendant le chargement de windows !! Je suis a bout de ner, le pire c'est qu'avant ca me l'avais jamais fait et q'une fois que windows a bien démarrer et correctement chargé tous les logiciels le pc carbure tres bien . Voici ma config si ca peut vous aidez : - CM : MSI K8N néo2 - CPU : AMD 3500+ 64 bits - CG : Gainward 6800 ultra 256Mo - 512Mo DDR1 PC 3200 - alim Tagan 480W - dd 120Go 8Mo cache - lecteur DVD + graveur CD Merci a ceux qui pourront ou essayeront de m'aider .
-
bcp de probleme !
deceiver a répondu à un(e) sujet de deceiver dans Analyses et éradication malwares
ok merci pour tout en tout cas -
bcp de probleme !
deceiver a répondu à un(e) sujet de deceiver dans Analyses et éradication malwares
Je pense qu'il a plus de probleme . Celui du reboot doit venir de l'épaisseur de poussier sur le rad du CPU je pense car il n'est pas tres bien ventilé a cause de l'alim qui est juste au dessus ( mal foutu cette tour !!) . Vous pensez que ca peut venir de là ? -
bcp de probleme !
deceiver a répondu à un(e) sujet de deceiver dans Analyses et éradication malwares
Voila l'URL : http://gsi.kaspersky.fr/lire.php?hl=fr&...ab=&search= ----------------------------------------------------------------------------------------------------- Logiciel(s) potentiellement incompatible(s) Programmes installés [3] => Sunbelt Personal Firewall Raison: [ Firewall / Product name ] => avast! Antivirus Raison: [ AntiVirus / Product name ] => AVG Anti-Spyware Raison: [ GRISOFT / Company ] Processus démarrés => Nom aswupdsv.exe - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ashserv.exe - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ashdisp.exe - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom avgas.exe - 7, 5, 0, 50 par: Anti-Malware Development a.s. - AVG Anti-Spyware Raison: [ spyware / Product name ] => Nom guard.exe - 7, 5, 0, 47 par: Anti-Malware Development a.s. - AVG Anti-Spyware Raison: [ spyware / Product name ] => Nom kpf4ss.exe - 4.5.916.0 par: Sunbelt Software - Sunbelt Personal Firewall Raison: [ Firewall / Product name ] => Nom ashmaisv.exe - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ashwebsv.exe - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom kpf4gui.exe - 4.5.916.0 par: Sunbelt Software - Sunbelt Personal Firewall Raison: [ Firewall / Product name ] => Nom kpf4gui.exe - 4.5.916.0 par: Sunbelt Software - Sunbelt Personal Firewall Raison: [ Firewall / Product name ] Pilotes démarrés dans ... aswupdsv.exe [3] => Nom aswcmns.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswcmnos.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswcmnb.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] ashserv.exe [20] => Nom aswaux.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswcmnb.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswcmnos.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswengin.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswscan.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswcmns.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ashbase.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ashtask.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswinteg.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswidle.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aavm4h.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom base.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ahresmai.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ahresmes.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ahresns.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ahresout.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ahresp2p.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ahresstd.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ahresws.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ashssqlt.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] ashdisp.exe [18] => Nom aswcmnos.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ashbase.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswcmnb.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswcmns.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ashtask.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswaux.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aavm4h.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom base.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom lang.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aavmrpch.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ahruimai.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ashuint.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ahruimes.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ahruins.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ahruiout.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ahruip2p.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ahruistd.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ahruiws.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] avgas.exe [1] => Nom engine.dll - 4, 2, 0, 15 par: Anti-Malware Development a.s. - anti-spyware engine Raison: [ spyware / Product name ] guard.exe [1] => Nom engine.dll - 4, 2, 0, 15 par: Anti-Malware Development a.s. - anti-spyware engine Raison: [ spyware / Product name ] kpf4ss.exe [8] => Nom pocofoundation.dll - (null) par: N/A - N/A Raison: [ Firewall / Product name ] => Nom pocoxml.dll - (null) par: N/A - N/A Raison: [ Firewall / Product name ] => Nom pocoext.dll - (null) par: N/A - N/A Raison: [ Firewall / Product name ] => Nom kfe.dll - 4.3.182.0 par: Sunbelt Software - Sunbelt Firewall Engine Raison: [ Firewall / Product name ] => Nom libeay32.dll - (null) par: N/A - N/A Raison: [ Firewall / Product name ] => Nom ssleay32.dll - (null) par: N/A - N/A Raison: [ Firewall / Product name ] => Nom curllib.dll - 7.15.2 par: The cURL library, http://curl.haxx.se/ - The cURL library Raison: [ Firewall / Product name ] => Nom kwsapi.dll - 4.3.182.0 par: Sunbelt Software - Sunbelt Firewall Engine Raison: [ Firewall / Product name ] ashmaisv.exe [14] => Nom ashbase.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswcmnos.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswcmnb.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswcmns.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aavm4h.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ashtask.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswaux.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ahresmai.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom base.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswengin.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswscan.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ashuint.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom lang.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom langmai.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] ashwebsv.exe [12] => Nom ashbase.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswcmnos.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswcmnb.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswcmns.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aavm4h.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ashtask.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswaux.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom base.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ashwsftr.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswscan.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ahresws.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom aswengin.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] kpf4gui.exe [6] => Nom libeay32.dll - (null) par: N/A - N/A Raison: [ Firewall / Product name ] => Nom ssleay32.dll - (null) par: N/A - N/A Raison: [ Firewall / Product name ] => Nom pocofoundation.dll - (null) par: N/A - N/A Raison: [ Firewall / Product name ] => Nom pocoxml.dll - (null) par: N/A - N/A Raison: [ Firewall / Product name ] => Nom pocoext.dll - (null) par: N/A - N/A Raison: [ Firewall / Product name ] => Nom gkh.dll - 4.5.916.0 par: Sunbelt Software - Sunbelt Personal Firewall Raison: [ Firewall / Product name ] firefox.exe [1] => Nom gkh.dll - 4.5.916.0 par: Sunbelt Software - Sunbelt Personal Firewall Raison: [ Firewall / Product name ] Pilotes démarrés => Nom avgascln.sys - 1.0.0.14 par: GRISOFT, s.r.o. - AVG7 Clean Driver Raison: [ GRISOFT / Company ] => Nom fwdrv.sys - 4.3.182.0 par: Sunbelt Software - Sunbelt Firewall Engine Raison: [ Firewall / Product name ] => Nom aswtdi.sys - 4.7.997.0 par: ALWIL Software - avast! Antivirus System Raison: [ ALWIL Software / Company ] => Nom khips.sys - 4.3.182.0 par: Sunbelt Software - Sunbelt Firewall Engine Raison: [ Firewall / Product name ] => Nom guard.sys - (null) par: N/A - N/A Raison: [ spyware / Product name ] => Nom aavmker4.sys - 4.7.997.0 par: ALWIL Software - avast! Antivirus System Raison: [ ALWIL Software / Company ] => Nom aswmon2.sys - 4.7.997.0 par: ALWIL Software - avast! Antivirus System Raison: [ ALWIL Software / Company ] => Nom aswrdr.sys - 4.7.997.0 par: ALWIL Software - avast! Antivirus System Raison: [ ALWIL Software / Company ] Registre *\Software\Microsoft\Windows*\CurrentVersion\Run* [2] => Nom ashdisp.exe - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom avgas.exe - 7, 5, 0, 50 par: Anti-Malware Development a.s. - AVG Anti-Spyware Raison: [ spyware / Product name ] HKLM\System\ControlSet???\Services\* [20] => Nom aswUpdSv.exe - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ashServ.exe - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ashMaiSv.exe - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ashWebSv.exe - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom guard.sys - (null) par: N/A - N/A Raison: [ spyware / Product name ] => Nom guard.exe - 7, 5, 0, 47 par: Anti-Malware Development a.s. - AVG Anti-Spyware Raison: [ spyware / Product name ] => Nom avgascln.sys - 1.0.0.14 par: GRISOFT, s.r.o. - AVG7 Clean Driver Raison: [ GRISOFT / Company ] => Nom fwdrv.sys - 4.3.182.0 par: Sunbelt Software - Sunbelt Firewall Engine Raison: [ Firewall / Product name ] => Nom khips.sys - 4.3.182.0 par: Sunbelt Software - Sunbelt Firewall Engine Raison: [ Firewall / Product name ] => Nom kpf4ss.exe - 4.5.916.0 par: Sunbelt Software - Sunbelt Personal Firewall Raison: [ Firewall / Product name ] => Nom aswUpdSv.exe - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ashServ.exe - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ashMaiSv.exe - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom ashWebSv.exe - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] => Nom guard.sys - (null) par: N/A - N/A Raison: [ spyware / Product name ] => Nom guard.exe - 7, 5, 0, 47 par: Anti-Malware Development a.s. - AVG Anti-Spyware Raison: [ spyware / Product name ] => Nom avgascln.sys - 1.0.0.14 par: GRISOFT, s.r.o. - AVG7 Clean Driver Raison: [ GRISOFT / Company ] => Nom fwdrv.sys - 4.3.182.0 par: Sunbelt Software - Sunbelt Firewall Engine Raison: [ Firewall / Product name ] => Nom khips.sys - 4.3.182.0 par: Sunbelt Software - Sunbelt Firewall Engine Raison: [ Firewall / Product name ] => Nom kpf4ss.exe - 4.5.916.0 par: Sunbelt Software - Sunbelt Personal Firewall Raison: [ Firewall / Product name ] *\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks [1] => Nom shellexecutehook.dll - 7, 5, 0, 47 par: Anti-Malware Development a.s. - AVG Anti-Spyware Raison: [ spyware / Product name ] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [1] => Nom ashshell.dll - 4, 7, 997, 0 par: ALWIL Software - avast! Antivirus Raison: [ ALWIL Software / Company ] Voila merci bcp . -
logiciel malveillant
deceiver a répondu à un(e) sujet de deceiver dans Analyses et éradication malwares
Bin il a pas de nom mais quand on clique dessus , on arive sur le site de "spycrush" de la pub pour un anti-malware . -
Voila j'ai un logiciel qui c'est installé tout seul et qui ne veut s'éffacer , voici le rapport hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 22:52:10, on 23/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Valve\Steam\Steam.exe C:\Program Files\eMule\emule.exe C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll (file missing) R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O2 - BHO: (no name) - {CDE8EAB9-CEF3-4885-B12F-26960A25C800} - C:\Program Files\Security Tools\iesplg.dll O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\DOCUME~1\boulade\LOCALS~1\Temp\juan.dll O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.4000.1001\fr\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe" O4 - HKLM\..\Run: [Overnet] C:\Program Files\Overnet\eDonkey2000.exe -t O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe O4 - HKLM\..\Run: [uWA6Pcw] "C:\Program Files\WinAntiVirus Pro 2006\UWA6Pcw.exe" -c O4 - HKLM\..\Run: [Emjysoft_Anti-spam] C:\Program Files\Emjysoft\Anti-Spam\antispam.exe O4 - HKLM\..\Run: [ipWins] C:\Program Files\ipwins\ipwins.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun O4 - HKCU\..\Run: [bash Win] C:\DOCUME~1\boulade\APPLIC~1\HTMBOO~1\Bolt Mail City.exe O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\boulade\LOCALS~1\Temp\4123984.exe O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [steam] C:\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe O4 - Global Startup: BlueSoleil.lnk = ? O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_fr.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_fr.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing) O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\k8js0i17e8.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
-
bcp de probleme !
deceiver a répondu à un(e) sujet de deceiver dans Analyses et éradication malwares
je vien de le faire , sur le rapport il me dit que je n'est aucune infection ! -
bcp de probleme !
deceiver a répondu à un(e) sujet de deceiver dans Analyses et éradication malwares
Voila le probleme qui ce pose c'est que mon PC s'éteind tout seul ! et je n'est donc pas le temps de terminer le scan complet de AVG ! je t'envoi donc le raport de Blaklight et de hijackthis : ------------------------------------------------------------------------------------------------------------------------------- 06/21/07 12:02:47 [info]: BlackLight Engine 1.0.61 initialized 06/21/07 12:02:47 [info]: OS: 5.1 build 2600 (Service Pack 2) 06/21/07 12:02:48 [Note]: 7019 4 06/21/07 12:02:48 [Note]: 7005 0 06/21/07 12:02:54 [Note]: 7006 0 06/21/07 12:02:54 [Note]: 7011 1956 06/21/07 12:02:55 [Note]: 7026 0 06/21/07 12:02:57 [Note]: 7026 0 06/21/07 12:03:09 [Note]: FSRAW library version 1.7.1021 06/21/07 12:12:34 [Note]: 7007 0 ---------------------------------------------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 12:16:20, on 21/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\vphc700.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe D:\Program Files\Daemon Tools\daemon.exe D:\Program Files\Flash Get\FlashGet.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\BelkinMonitor.exe C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\Flash Get\jccatch.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\Flash Get\getflash.dll O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\Daemon Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Flashget] "D:\Program Files\Flash Get\FlashGet.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk = C:\WINDOWS\system32\BelkinMonitor.exe O4 - Global Startup: TrayMin700.exe.lnk = ? O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\Flash Get\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\Flash Get\jc_link.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\Flash Get\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\Flash Get\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174153056842 O17 - HKLM\System\CCS\Services\Tcpip\..\{54DA18AE-EBD7-48DC-9C68-E90A4AE157C6}: NameServer = 212.27.54.252,212.27.32.177 O17 - HKLM\System\CS1\Services\Tcpip\..\{54DA18AE-EBD7-48DC-9C68-E90A4AE157C6}: NameServer = 212.27.54.252,212.27.32.177 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe Voila en te remerciant de ta prochaine réponse . -
bcp de probleme !
deceiver a répondu à un(e) sujet de deceiver dans Analyses et éradication malwares
snif ya personne pour m'aider . -
Voila le log , merci de m'aider a corriger tous ces problemes ------------------------------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 16:09:22, on 18/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\vphc700.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\Flash Get\jccatch.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\Flash Get\getflash.dll O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\Daemon Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Flashget] "D:\Program Files\Flash Get\FlashGet.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk = C:\WINDOWS\system32\BelkinMonitor.exe O4 - Global Startup: TrayMin700.exe.lnk = ? O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\Flash Get\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\Flash Get\jc_link.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\Flash Get\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\Flash Get\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174153056842 O17 - HKLM\System\CCS\Services\Tcpip\..\{54DA18AE-EBD7-48DC-9C68-E90A4AE157C6}: NameServer = 212.27.54.252,212.27.32.177 O17 - HKLM\System\CS1\Services\Tcpip\..\{54DA18AE-EBD7-48DC-9C68-E90A4AE157C6}: NameServer = 212.27.54.252,212.27.32.177 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
-
Un petit peu d'aide serait le bienvenue merci
-
Voila mon pc a du mal a booter , je m'explique : quand j'allume le pc le pc se fige une dizaine de fois( au debut j'arrive meme pas a dépasser le stade du bios ) avant de bien fonctionner . Et peut etre que ca peut venir de quelques intrusions puisqu'avant je n'avais pas ce probleme . Voila mon rapport : Logfile of HijackThis v1.99.1 Scan saved at 12:46:59, on 16/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\MSI\LAN Utility\DiagAP8169.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\explorer.exe C:\Program Files\MSI\Core Center\CoreCenter.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\eChanblard\emule.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {6069f6b4-865a-48da-b136-305472500936} - C:\WINDOWS\system32\GEARepl.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DiagAP8169] C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [steam] D:\Program Files\Valve\Steam\\Steam.exe -silent O4 - Startup: DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EF9E6079-F928-4A7F-8B6F-28095DDD7DA6}: NameServer = 212.27.54.252,212.27.32.177 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: O20 - Winlogon Notify: GEARepl - C:\WINDOWS\SYSTEM32\GEARepl.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
-
rapport hijackthis
deceiver a répondu à un(e) sujet de deceiver dans Analyses et éradication malwares
KASPERSKY ON-LINE SCANNER REPORT Tuesday, October 10, 2006 7:25:43 PM Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 10/10/2006 Enregistrements dans la base antivirus Kaspersky : 217059 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail A:\ C:\ D:\ E:\ F:\ Statistiques de l'analyse Total d'objets analysés 24271 Nombre de virus trouvés 4 Nombre d'objets infectés 13 / 0 Nombre d'objets suspects 0 Durée de l'analyse 00:23:23 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\o1jbzpvo.default\Cache\B14FB65Ed01 L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\o1jbzpvo.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\o1jbzpvo.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\o1jbzpvo.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\o1jbzpvo.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\o1jbzpvo.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\o1jbzpvo.default\formhistory.dat L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\o1jbzpvo.default\history.dat L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\o1jbzpvo.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\o1jbzpvo.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Skype\deceiver00\call256.dbb L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Skype\deceiver00\callmember256.dbb L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Skype\deceiver00\chat512.dbb L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Skype\deceiver00\chatmsg1024.dbb L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Skype\deceiver00\chatmsg256.dbb L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Skype\deceiver00\contactgroup256.dbb L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Skype\deceiver00\index2.dat L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Skype\deceiver00\profile256.dbb L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Skype\deceiver00\transfer512.dbb L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Application Data\Skype\deceiver00\user1024.dbb L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Local Settings\Historique\History.IE5\MSHist012006101020061011\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Local Settings\Temp\abm2.tmp L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Local Settings\Temp\wmv8.tmp L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Local Settings\Temp\~DFA642.tmp L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\Mes documents\Mes fichiers reçus\MsnMsgr.txt L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\deceiver\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\iTunes\iTunesHelper.exe Infecté : Trojan-Downloader.Win32.Agent.awf ignoré C:\Program Files\Messenger\msmsgs.exe Infecté : Trojan-Downloader.Win32.Agent.awf ignoré C:\Program Files\QuickTime\qttask.exe Infecté : Trojan-Downloader.Win32.Agent.awf ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\debug.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\debug.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\error.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\error.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\hips.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\hips.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\ids.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\ids.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\network.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\network.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\system.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\system.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\warning.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\warning.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\web.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\web.log.idx L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{D3CB660D-D87C-4F78-8A1E-2B37BE64B8B3}\RP12\A0004187.dll Infecté : not-virus:Hoax.Win32.Renos.dw ignoré C:\System Volume Information\_restore{D3CB660D-D87C-4F78-8A1E-2B37BE64B8B3}\RP12\A0004188.dll Infecté : Trojan-Downloader.Win32.Zlob.anu ignoré C:\System Volume Information\_restore{D3CB660D-D87C-4F78-8A1E-2B37BE64B8B3}\RP12\A0004189.exe Infecté : not-virus:Hoax.Win32.Renos.fh ignoré C:\System Volume Information\_restore{D3CB660D-D87C-4F78-8A1E-2B37BE64B8B3}\RP12\A0004190.dll Infecté : Trojan-Downloader.Win32.Zlob.anu ignoré C:\System Volume Information\_restore{D3CB660D-D87C-4F78-8A1E-2B37BE64B8B3}\RP12\A0004191.exe Infecté : Trojan-Downloader.Win32.Zlob.anu ignoré C:\System Volume Information\_restore{D3CB660D-D87C-4F78-8A1E-2B37BE64B8B3}\RP12\A0004192.exe Infecté : Trojan-Downloader.Win32.Zlob.anu ignoré C:\System Volume Information\_restore{D3CB660D-D87C-4F78-8A1E-2B37BE64B8B3}\RP12\A0004193.exe Infecté : not-virus:Hoax.Win32.Renos.fh ignoré C:\System Volume Information\_restore{D3CB660D-D87C-4F78-8A1E-2B37BE64B8B3}\RP12\A0004195.exe Infecté : not-virus:Hoax.Win32.Renos.fh ignoré C:\System Volume Information\_restore{D3CB660D-D87C-4F78-8A1E-2B37BE64B8B3}\RP12\A0004196.exe Infecté : not-virus:Hoax.Win32.Renos.fh ignoré C:\System Volume Information\_restore{D3CB660D-D87C-4F78-8A1E-2B37BE64B8B3}\RP12\A0004197.exe Infecté : not-virus:Hoax.Win32.Renos.fh ignoré C:\System Volume Information\_restore{D3CB660D-D87C-4F78-8A1E-2B37BE64B8B3}\RP12\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré D:\eChanblard\Temp\006.part L'objet est verrouillé ignoré D:\eChanblard\Temp\010.part L'objet est verrouillé ignoré D:\PHOTO\moi\ag04$0004.jpg L'objet est verrouillé ignoré D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré D:\System Volume Information\_restore{D3CB660D-D87C-4F78-8A1E-2B37BE64B8B3}\RP12\change.log L'objet est verrouillé ignoré Analyse terminée. -
rapport hijackthis
deceiver a répondu à un(e) sujet de deceiver dans Analyses et éradication malwares
SmitFraudFix v2.106 Rapport fait à 23:20:35,67, 09/10/2006 Executé à partir de C:\Documents and Settings\deceiver\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon" [HKEY_CLASSES_ROOT\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32] @="C:\WINDOWS\system32\gqagksr.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32] @="C:\WINDOWS\system32\gqagksr.dll" »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\system32\gqagksr.dll -> Hoax.Win32.Renos.gen.e C:\WINDOWS\system32\gqagksr.dll -> Deleted »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé C:\Program Files\VideosCodec\ supprimé »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin ------------------------------------------------------------------------------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 23:26:42, on 09/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\MSI\LAN Utility\DiagAP8169.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DiagAP8169] C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{EF9E6079-F928-4A7F-8B6F-28095DDD7DA6}: NameServer = 212.27.54.252,212.27.32.177 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -
rapport hijackthis
deceiver a répondu à un(e) sujet de deceiver dans Analyses et éradication malwares
SmitFraudFix v2.91 Rapport fait à 19:53:35,68, 09/10/2006 Executé à partir de C:\Documents and Settings\deceiver\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\deceiver\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT ! C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\deceiver\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon" [HKEY_CLASSES_ROOT\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32] @="C:\WINDOWS\system32\gqagksr.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32] @="C:\WINDOWS\system32\gqagksr.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin -
Logfile of HijackThis v1.99.1 Scan saved at 19:08:13, on 09/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\VideosCodec\isamonitor.exe C:\Program Files\VideosCodec\pmsngr.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\MSI\LAN Utility\DiagAP8169.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\VideosCodec\pmmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\VideosCodec\isamini.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe D:\eChanblard\emule.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\VideosCodec\isaddon.dll O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\VideosCodec\iesplugin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DiagAP8169] C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{EF9E6079-F928-4A7F-8B6F-28095DDD7DA6}: NameServer = 212.27.54.252,212.27.32.177 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: O21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
-
bcp bcp de beug --> infections ???
deceiver a répondu à un(e) sujet de deceiver dans Analyses et éradication malwares
non c un assemblé... carte mere msi et dd maxtor pross athlon 64 3500+ windows pro sp2 -
bcp bcp de beug --> infections ???
deceiver a répondu à un(e) sujet de deceiver dans Analyses et éradication malwares
Le probleme que j'ai c'est que mon pc ne veut plus du tout démarrer ya rien n'a faire j'ai "beau" essayer tout les modes avec f8 : débeugage , sans echec , derniere bonne configuration, .... Aucun des ses modes ne fonctionnent , apres le chargement de windows une érreur sur fond bleu s'affiche 1/2s ( pas le temps de lire ce qu'il ya d'inscrit ) et de nouveau le pc redemarre . Et ce probleme est arriver juste apres avoir redémarrer le pc suite a la manip dans msconfig de l'option SAFEBOOT que j'ai malheureusement cocher. Voila j'espere que j'ai bien expliquer mon probleme, maintenant apar formater mon pc je ne voit aucune solution mise a par qqe manipulations dans le bios peut etre mais vu que je n'y connait pas trop . Merci. -
bcp bcp de beug --> infections ???
deceiver a répondu à un(e) sujet de deceiver dans Analyses et éradication malwares
J'ai suivi ce lien pour booter mon pc en mode sans echec , mais maintenant aprés le chargement de windows il y a un écran bleu qui s'affiche 1/2s et le pc reboot automatiquement . http://service1.symantec.com/SUPPORT/INTER...020905112131924 Que dois je faire ????dans le bios peut etre ??? je vois que ca !!! Merci de m'aider. -
bcp bcp de beug --> infections ???
deceiver a répondu à un(e) sujet de deceiver dans Analyses et éradication malwares
Fixwareout ver 1.003 Last edited 8/11/2006 Post this report in the forums please Reg Entries that were deleted ... Microsoft ® Windows Script Host Version 5.6 Random Runs removed from HKLM ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... * csr.exe C:\WINDOWS\System32\CSREN.EXE »»»»» Search five digit cs, dm and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal C:\WINDOWS\SYSTEM32\CSREN.EXE 51 279 2006-08-13 C:\WINDOWS\SYSTEM32\DMKWR.EXE 62 001 2004-08-19 Other suspects. Directory of C:\WINDOWS\system32 »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. Logfile of HijackThis v1.99.1 Scan saved at 22:59:26, on 26/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\program files\valve\steam\steam.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: antipc.lnk = C:\WINDOWS\antipc.bat O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BlueSoleil.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7192C030-866D-49A8-B560-627119DD1A92}: NameServer = 85.255.115.4,85.255.112.15 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Add-on\wlancfg.exe ------------------------------------------------------- Smithfraud été éxécuté en mode normal parce que je n'arrivai pas a passer le mode sans echec -
bcp bcp de beug --> infections ???
deceiver a répondu à un(e) sujet de deceiver dans Analyses et éradication malwares
SmitFraudFix v2.100 Rapport fait à 20:14:40,78, 26/09/2006 Executé à partir de C:\Documents and Settings\deceiver\Mes documents\trojan\Nouveau dossier\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\system32\hp???.tmp supprimé C:\WINDOWS\system32\ld???.tmp supprimé »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Logfile of HijackThis v1.99.1 Scan saved at 20:21:42, on 26/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\eChanblard\emule.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: antipc.lnk = C:\WINDOWS\antipc.bat O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BlueSoleil.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7192C030-866D-49A8-B560-627119DD1A92}: NameServer = 85.255.115.4,85.255.112.15 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Add-on\wlancfg.exe -
bcp bcp de beug --> infections ???
deceiver a répondu à un(e) sujet de deceiver dans Analyses et éradication malwares
Voila j'ai pas pu rebooté en mode sans echec car mon pc redemarre automatiquement quand je coisit ce mode, j'ai donc fait un nettoyage avec smithfraud .Sinon mon fond écran a bien disparu . Pour le fix j'ai pas trop compris a quelle moment il intervient ??!! --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 19:02:04 26/09/2006 + Scan result: HKU\S-1-5-21-515967899-1960408961-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5753791B-F607-48CA-814E-91C14D081F9E} -> Adware.Generic : Cleaned with backup (quarantined). C:\eChanblard\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored. C:\eChanblard\config\last.zip/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored. :mozilla.304:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.7:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\deceiver\Cookies\deceiver@2o7[2].txt -> TrackingCookie.2o7 : Cleaned. :mozilla.226:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.227:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.29:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.30:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.51:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.52:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.53:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.344:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.55:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\deceiver\Cookies\deceiver@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.403:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.404:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.422:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.423:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.28:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Comclick : Cleaned. :mozilla.32:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Comclick : Cleaned. :mozilla.33:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Comclick : Cleaned. :mozilla.27:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.479:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Enhance : Cleaned. :mozilla.273:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Estat : Cleaned. C:\Documents and Settings\deceiver\Cookies\deceiver@estat[1].txt -> TrackingCookie.Estat : Cleaned. :mozilla.294:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.295:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.297:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.298:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.299:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\deceiver\Cookies\deceiver@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\deceiver\Local Settings\Temp\Cookies\deceiver@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned. :mozilla.508:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.407:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned. :mozilla.83:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned. :mozilla.290:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.456:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned. C:\Documents and Settings\deceiver\Cookies\deceiver@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.330:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.331:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.325:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.326:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.327:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.328:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.329:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\deceiver\Cookies\deceiver@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.100:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.101:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.102:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.103:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.104:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.105:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.106:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.107:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.108:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.109:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.110:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.111:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.112:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.113:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.114:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.115:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.116:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.117:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.118:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.119:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.120:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.121:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.122:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.123:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.124:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.125:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.126:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.127:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.128:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.129:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.130:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.131:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.132:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.133:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.134:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.135:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.136:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.137:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.138:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.139:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.140:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.141:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.142:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.143:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.144:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.145:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.146:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.97:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.98:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.99:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.237:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned. :mozilla.238:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned. :mozilla.239:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned. :mozilla.240:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned. :mozilla.34:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.35:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.36:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. C:\Documents and Settings\deceiver\Cookies\deceiver@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned. C:\Documents and Settings\deceiver\Local Settings\Temp\Cookies\deceiver@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.460:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Spylog : Cleaned. C:\Documents and Settings\deceiver\Cookies\deceiver@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.68:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Weborama : Cleaned. :mozilla.69:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Weborama : Cleaned. :mozilla.70:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Weborama : Cleaned. C:\Documents and Settings\deceiver\Cookies\deceiver@weborama[1].txt -> TrackingCookie.Weborama : Cleaned. C:\Documents and Settings\deceiver\Local Settings\Temp\Cookies\deceiver@weborama[1].txt -> TrackingCookie.Weborama : Cleaned. :mozilla.473:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Yadro : Cleaned. :mozilla.474:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Yadro : Cleaned. C:\Documents and Settings\deceiver\Cookies\deceiver@zedo[1].txt -> TrackingCookie.Zedo : Cleaned. ::Report end -
bcp bcp de beug --> infections ???
deceiver a répondu à un(e) sujet de deceiver dans Analyses et éradication malwares
SmitFraudFix v2.100 Rapport fait à 7:28:22,04, 26/09/2006 Executé à partir de C:\Documents and Settings\deceiver\Mes documents\trojan\Nouveau dossier\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\atmclk.exe PRESENT ! C:\WINDOWS\system32\dcomcfg.exe PRESENT ! C:\WINDOWS\system32\hp???.tmp PRESENT ! C:\WINDOWS\system32\hp????.tmp PRESENT ! C:\WINDOWS\system32\ld???.tmp PRESENT ! C:\WINDOWS\system32\ld????.tmp PRESENT ! C:\WINDOWS\system32\mzoeut.dll PRESENT ! C:\WINDOWS\system32\ot.ico PRESENT ! C:\WINDOWS\system32\regperf.exe PRESENT ! C:\WINDOWS\system32\simpole.tlb PRESENT ! C:\WINDOWS\system32\stdole3.tlb PRESENT ! C:\WINDOWS\system32\ts.ico PRESENT ! C:\WINDOWS\system32\vpxnk.dll PRESENT ! C:\WINDOWS\system32\1024\ PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\deceiver »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\deceiver\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT ! C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\deceiver\Favoris C:\DOCUME~1\deceiver\Favoris\Antivirus Test Online.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\eMedia Codec\ PRESENT ! C:\Program Files\IntCodec\ PRESENT ! C:\Program Files\MPVIDEOCODEC\ PRESENT ! C:\Program Files\SpyQuake2.com\ PRESENT ! C:\Program Files\ZipCodec\ PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "altmannsberger"="{210b4043-35ca-4aa0-8796-191f9663dfb3}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Par contre pour le logiciel Ewido, je n'arrive pas a faire la mise a jour , il me marque : not update was available