Deltaplaneur
-
Compteur de contenus
13 -
Inscription
-
Dernière visite
Deltaplaneur's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Bonjour Je viens d'installer Win Xp Coccinelle estivale et je navigue avec Mozilla(quoi que mon problème arrive aussi sous Internet Explorer). Lorsque je vais sur http://www.deltaplane.info/ je clique sur CFD --> résultat--> aile souple(ou rigide) la même page s'ouvre à côté du menu. Si quelqu'un sait d'où viens le problème et comment le résoudre je le remercie par avance. Stéphane
-
[Résolu]Portable infecté
Deltaplaneur a répondu à un(e) sujet de Deltaplaneur dans Analyses et éradication malwares
Désolé je n'ai pas de rapport à poster car il est vide Merci beaucoup et dit moi comment on fait pour reposter le titre avec "résolu" de marquer Stéphane -
[Résolu]Portable infecté
Deltaplaneur a répondu à un(e) sujet de Deltaplaneur dans Analyses et éradication malwares
Voilà le rapport Kasperssky Jeudi 6 juillet 2006 20:02:27 Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Version de Kaspersky On-line Scanner: 5.0.78.0 Dernière mise à jour de la base antivirus Kaspersky : 6/07/2006 Enregistrements dans la base antivirus Kaspersky : 193019 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie. vrai Cible de l'analyse Poste de travail C:\ D:\ F:\ G:\ H:\ Statistiques de l'analyse Total d'objets analysés : 61620 Nombre de virus trouvés 2 Nombre d'objets infectés 47 Nombre d'objets suspects 0 Durée de l'analyse 00:58:59 Nom de l'objet infecté Nom du virus Dernière action C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030269.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030270.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030272.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030273.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030274.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030275.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030276.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030277.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030278.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030279.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030280.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030281.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030282.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030283.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030284.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030285.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030287.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030288.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030290.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030291.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030292.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030293.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030294.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030295.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030296.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030297.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030299.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030300.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030301.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030302.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030303.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030304.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030305.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030306.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030307.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030308.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030310.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030311.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030312.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030313.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030314.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030315.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030316.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030317.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030318.exe Infecté: Packed.Win32.Klone.g ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030322.exe Infecté: Trojan-Downloader.Win32.Zlob.wn ignoré C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030403.dll Infecté: Packed.Win32.Klone.g ignoré Analyse terminé -
[Résolu]Portable infecté
Deltaplaneur a répondu à un(e) sujet de Deltaplaneur dans Analyses et éradication malwares
Bonjour Bruce Voilà les rapports avec un peu de retard.Désolé. --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 18:24:30 06/07/2006 + Scan result: C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030319.exe -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\hggfgdd.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\Documents and Settings\wollmann\Local Settings\Temporary Internet Files\Content.IE5\261W9A89\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup (quarantined). C:\Documents and Settings\wollmann\Local Settings\Temporary Internet Files\Content.IE5\5CHXNTLV\WinAntiVirusPro2006FreeInstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored. :mozilla.37:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.39:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\wollmann\Cookies\wollmann@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. :mozilla.18:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.154:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\wollmann\Cookies\wollmann@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.143:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.144:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\wollmann\Cookies\wollmann@com[1].txt -> TrackingCookie.Com : Cleaned. :mozilla.62:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.28:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Estat : Cleaned. C:\Documents and Settings\wollmann\Cookies\wollmann@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.58:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.59:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.60:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.61:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\wollmann\Cookies\wollmann@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.14:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Weborama : Cleaned. ::Report end Logfile of HijackThis v1.99.1 Scan saved at 18:40:19, on 06/07/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\The Cleaner\tca.exe C:\Program Files\The Cleaner\tcm.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\POP Peeper\POPPeeper.exe C:\Documents and Settings\wollmann\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redi...&key=SEARCH R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [LDM] \Program\ O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C0F43C05-FD23-424E-9ADA-9C6E3E3676E8}: NameServer = 212.27.32.5,212.228.0.168 O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe Merci pour ton aide Stéphane -
[Résolu]Portable infecté
Deltaplaneur a répondu à un(e) sujet de Deltaplaneur dans Analyses et éradication malwares
Je rajoute le rapport Antivir au cas ou AntiVir PersonalEdition Classic Report file date: mercredi 5 juillet 2006 16:03 Scanning for 445279 virus strains and unwanted programs. Licensed to: AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 1) [5.1.2600] Username: wollmann Computer name: MIETTE Version informations: AVSCAN.EXE : 7.0.0.42 557096 05/07/2006 10:17:41 AVSCAN.DLL : 7.0.0.42 53288 05/07/2006 10:17:41 LUKE.DLL : 7.0.0.42 118824 05/07/2006 10:17:43 LUKERES.DLL : 7.0.0.42 25640 05/07/2006 10:17:43 ANTIVIR0.VDF : 6.35.0.1 7371264 05/07/2006 10:17:40 ANTIVIR1.VDF : 6.35.0.147 700928 05/07/2006 10:17:40 ANTIVIR2.VDF : 6.35.0.148 2048 05/07/2006 10:17:40 ANTIVIR3.VDF : 6.35.0.149 2048 05/07/2006 10:17:40 AVEWIN32.DLL : 7.1.0.19 1544704 05/07/2006 10:17:40 AVPREF.DLL : 7.0.0.1 49192 05/07/2006 10:17:41 AVREP.DLL : 6.35.0.85 696360 05/07/2006 10:17:41 AVRPBASE.DLL : 7.0.0.0 2162728 05/07/2006 10:17:41 AVPACK32.DLL : 7.1.0.1 335912 05/07/2006 10:17:41 AVREG.DLL : 6.31.0.90 27688 05/07/2006 10:17:41 NETNT.DLL : 6.32.0.0 6696 05/07/2006 10:17:43 NETNW.DLL : 6.32.0.0 9768 05/07/2006 10:17:43 RCIMAGE.DLL : 7.0.0.71 1642536 05/07/2006 10:17:44 RCTEXT.DLL : 7.0.0.75 77864 05/07/2006 10:17:44 Configuration settings for the scan: Jobname: '%s'.................: Manual Selection Configuration file............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp Boot sectors..................: C Scan memory...................: 1 Process scan..................: 1 Scan all files................: 1 Scan archives.................: 1 Recursion depth...............: 20 Smart extensions..............: 1 Skipped archive types.........: 1000,1001,1002,1003,1004, Macro heuristic...............: 1 File heuristic................: 2 Primary action................: 1 Secondary action..............: 0 Start of the scan: mercredi 5 juillet 2006 16:03 The scan over running processes will be started 13 Processes was scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 24 files ). Starting the file scan: C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\wollmann\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\wollmann\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\wollmann\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\wollmann\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030289.exe [DETECTION] Is the Trojan horse TR/Dldr.Zlob.GK.1 [iNFO] The file was deleted! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030320.exe [DETECTION] Is the Trojan horse TR/Dldr.VB.abm.7 [iNFO] The file was deleted! C:\WINDOWS\system32\bayay.tmp [WARNING] The file could not be opened! C:\WINDOWS\system32\regperf.exe [DETECTION] Is the Trojan horse TR/Drop.Zlob.HB [iNFO] The file was deleted! C:\WINDOWS\system32\winexi32.dll [DETECTION] Is the Trojan horse TR/PCK.Klone.G.5 [WARNING] The file could not be deleted! C:\WINDOWS\system32\config\DEFAULT [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SOFTWARE [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SYSTEM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\etc\1.hosts [DETECTION] Is the Trojan horse TR/NoAvHost.A [iNFO] The file was deleted! C:\WINDOWS\system32\drivers\etc\2.hosts [DETECTION] Is the Trojan horse TR/NoAvHost.A [iNFO] The file was deleted! C:\WINDOWS\system32\drivers\etc\3.hosts [DETECTION] Is the Trojan horse TR/NoAvHost.A [iNFO] The file was deleted! C:\WINDOWS\system32\drivers\etc\hosts [DETECTION] Is the Trojan horse TR/NoAvHost.A [iNFO] The file was deleted! C:\WINDOWS\system32\drivers\etc\hosts.20050514-125051.backup [DETECTION] Is the Trojan horse TR/NoAvHost.A [iNFO] The file was deleted! C:\WINDOWS\system32\drivers\etc\hosts.20050623-204917.backup [DETECTION] Is the Trojan horse TR/NoAvHost.A [iNFO] The file was deleted! End of the scan: mercredi 5 juillet 2006 17:12 Used time: 1:08:25 min The scan has been done completely. 4928 Scanning directories 215011 Files were scanned 10 viruses and/or unwanted programs was found 9 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 8126 Archives were scanned 20 Warnings 2 Notes -
Bonjour le portable de ma copine est infecté. J'ai suivi la procédure décrite au début et voilà le rapport Hijack Logfile of HijackThis v1.99.1 Scan saved at 17:23:04, on 05/07/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\msiexec.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\drivers\Icon.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\wollmann\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redi...&key=SEARCH R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\drivers\Icon.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun O4 - HKLM\..\Run: [sans Espions] "C:\Program Files\SinEspias\No-Spy.exe" /autorun O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe O4 - HKCU\..\Run: [LDM] \Program\ O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C0F43C05-FD23-424E-9ADA-9C6E3E3676E8}: NameServer = 212.27.32.5,212.228.0.168 O18 - Protocol: bw+0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe Merci par avance pour votre aide$ Stéphane
-
[Résolu]PC Mega Infecté
Deltaplaneur a répondu à un(e) sujet de Deltaplaneur dans Analyses et éradication malwares
Bonjour Bruce Je connais effectivement le programme et pour Norton c'est fait. Merci beaucoup pout ton aide rapide et efficace. -
[Résolu]PC Mega Infecté
Deltaplaneur a répondu à un(e) sujet de Deltaplaneur dans Analyses et éradication malwares
Ayé je viens de compredre.Désolé Logfile of HijackThis v1.99.1 Scan saved at 18:48:17, on 28/04/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe C:\Program Files\POP Peeper\POPPeeper.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\OE-QuoteFix\oequotefix.exe C:\PROGRA~1\Pinnacle\SHARED~1\Filter\server.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Pinnacle\Pinnacle PCTV\Vision\Vision.exe C:\PROGRA~1\Pinnacle\SHARED~1\Filter\VBI_SE~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freebox.free.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [POP Peeper] C:\Program Files\POP Peeper\POPPeeper.exe min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE O4 - HKLM\..\Run: [iziLock] C:\Program Files\Maïdo Production\IziLock\IziLock.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Registration-PCTV.lnk = C:\Program Files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe O4 - Global Startup: Image Transfer.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/ O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB50} (Sony SNC-CS3 Image Viewer) - http://83.206.133.20/home/SonySncCs3View.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{593E1353-68A1-4244-9647-AA24D994FAB1}: NameServer = 217.27.32.5,213.228.0.168 O17 - HKLM\System\CS1\Services\Tcpip\..\{593E1353-68A1-4244-9647-AA24D994FAB1}: NameServer = 217.27.32.5,213.228.0.168 O17 - HKLM\System\CS2\Services\Tcpip\..\{593E1353-68A1-4244-9647-AA24D994FAB1}: NameServer = 217.27.32.5,213.228.0.168 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe -
[Résolu]PC Mega Infecté
Deltaplaneur a répondu à un(e) sujet de Deltaplaneur dans Analyses et éradication malwares
Logfile of HijackThis v1.99.1 Scan saved at 21:06:40, on 27/04/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freebox.free.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [POP Peeper] C:\Program Files\POP Peeper\POPPeeper.exe min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE O4 - HKLM\..\Run: [iziLock] C:\Program Files\Maïdo Production\IziLock\IziLock.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Registration-PCTV.lnk = C:\Program Files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe O4 - Global Startup: Image Transfer.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/ O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB50} (Sony SNC-CS3 Image Viewer) - http://83.206.133.20/home/SonySncCs3View.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{593E1353-68A1-4244-9647-AA24D994FAB1}: NameServer = 217.27.32.5,213.228.0.168 O17 - HKLM\System\CS1\Services\Tcpip\..\{593E1353-68A1-4244-9647-AA24D994FAB1}: NameServer = 217.27.32.5,213.228.0.168 O17 - HKLM\System\CS2\Services\Tcpip\..\{593E1353-68A1-4244-9647-AA24D994FAB1}: NameServer = 217.27.32.5,213.228.0.168 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe J'espère que ce coup ci sera la bonne -
[Résolu]PC Mega Infecté
Deltaplaneur a répondu à un(e) sujet de Deltaplaneur dans Analyses et éradication malwares
Désolé -
[Résolu]PC Mega Infecté
Deltaplaneur a répondu à un(e) sujet de Deltaplaneur dans Analyses et éradication malwares
Re Désolé pour le délais mais voilà les 2 rapports. --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 21:05:36, 27/04/2006 + Somme de contrôle: 23863C2 + Résultats du scan: :mozilla.21:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder :mozilla.22:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Estat : Nettoyer et sauvegarder :mozilla.24:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder :mozilla.25:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder :mozilla.34:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder :mozilla.43:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder :mozilla.44:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder :mozilla.45:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder :mozilla.50:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.51:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyer et sauvegarder :mozilla.52:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyer et sauvegarder :mozilla.53:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyer et sauvegarder :mozilla.54:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyer et sauvegarder :mozilla.55:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyer et sauvegarder :mozilla.56:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyer et sauvegarder :mozilla.57:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyer et sauvegarder :mozilla.58:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyer et sauvegarder :mozilla.59:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyer et sauvegarder :mozilla.60:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder :mozilla.62:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder :mozilla.63:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder :mozilla.67:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder :mozilla.68:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder :mozilla.69:C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\2i73nfzq.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder C:\Documents and Settings\Moi\Cookies\moi@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder C:\Documents and Settings\Moi\Cookies\moi@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder C:\Documents and Settings\Moi\Cookies\moi@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder ::Fin du rapport Logfile of HijackThis v1.99.1 Scan saved at 21:06:40, on 27/04/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freebox.free.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [POP Peeper] C:\Program Files\POP Peeper\POPPeeper.exe min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE O4 - HKLM\..\Run: [IziLock] C:\Program Files\Maïdo Production\IziLock\IziLock.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Registration-PCTV.lnk = C:\Program Files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe O4 - Global Startup: Image Transfer.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/ O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB50} (Sony SNC-CS3 Image Viewer) - http://83.206.133.20/home/SonySncCs3View.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{593E1353-68A1-4244-9647-AA24D994FAB1}: NameServer = 217.27.32.5,213.228.0.168 O17 - HKLM\System\CS1\Services\Tcpip\..\{593E1353-68A1-4244-9647-AA24D994FAB1}: NameServer = 217.27.32.5,213.228.0.168 O17 - HKLM\System\CS2\Services\Tcpip\..\{593E1353-68A1-4244-9647-AA24D994FAB1}: NameServer = 217.27.32.5,213.228.0.168 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe Merci pour la réctivités. -
[Résolu]PC Mega Infecté
Deltaplaneur a répondu à un(e) sujet de Deltaplaneur dans Analyses et éradication malwares
Bonsoir Le rapport a été fait après votre procédure mais le problème persiste Merci pour votre aide -
Hello la foule, J'ai comme la sensation que mon PC est plus qu'infecté par plusieurs virus... Voici mon rapport HijackThis, si vous y voyez un truc bizarre ce serait sympa de me tenir au courant. Logfile of HijackThis v1.99.1 Scan saved at 20:18:09, on 26/04/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe C:\Program Files\POP Peeper\POPPeeper.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Avant Browser\avant.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freebox.free.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [POP Peeper] C:\Program Files\POP Peeper\POPPeeper.exe min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto updat] crsrs.exe O4 - HKLM\..\Run: [blah service] msnmsgrr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE O4 - HKLM\..\Run: [IziLock] C:\Program Files\Maïdo Production\IziLock\IziLock.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe O4 - HKCU\..\Run: [Auto updat] crsrs.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Registration-PCTV.lnk = C:\Program Files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe O4 - Global Startup: Image Transfer.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe O8 - Extra context menu item: Bloquer ce serveur... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Rechercher sur le Web... - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Surligner - C:\Program Files\Avant Browser\Highlight.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/ O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB50} (Sony SNC-CS3 Image Viewer) - http://83.206.133.20/home/SonySncCs3View.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{593E1353-68A1-4244-9647-AA24D994FAB1}: NameServer = 217.27.32.5,213.228.0.168 O17 - HKLM\System\CS1\Services\Tcpip\..\{593E1353-68A1-4244-9647-AA24D994FAB1}: NameServer = 217.27.32.5,213.228.0.168 O17 - HKLM\System\CS2\Services\Tcpip\..\{593E1353-68A1-4244-9647-AA24D994FAB1}: NameServer = 217.27.32.5,213.228.0.168 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe Merci par avance...