directnico

Membres

Afficher le profil Afficher son activité

Compteur de contenus
28
Inscription
le 20 juin 2006
Dernière visite
le 29 mai 2010

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par directnico

Ptit soucis internet explorer et Increditmail

directnico a posté un sujet dans Internet & Réseaux

Salut !!! J'utilise incredit mail comme messagerie. La semaine dernière j'ai fait une mise à jour et depuis je crois qu'il m'a installer internet explorer 64 bit. Ca me dérrange car les vidéos ne s'affichent plus, il me demande d'installer adobe flash player 64 ??? ou quelque chose comme ça... En plus il m'a foutu une autre page de démarrage; je la change à chaque fois et dès que redémarre ça revient... En plus les améliorations Incredit mail sont lourdes et ininterressante Aidez moi SVP
- le 8 mai 2010
Une petite analyse SVP

directnico a posté un sujet dans Analyses et éradication malwares

Salut !!! J'ai un nouveau PC depuis 6 mois et j'aimerais savoir si tout va bien SVP Voici mon rapport Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:26:10, on 08/05/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\IncrediMail\bin\IncMail.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\IncrediMail\bin\IMApp.exe C:\Program Files (x86)\IncrediMail\bin\ImLpp.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Users\Emily & Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8H23H7L\HijackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...480rk5bg7612972 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mywwwsites.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?sourceid=navclient...p;ie=UTF-8#max4 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://mywwwsites.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://mywwwsites.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mywwwsites.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mywwwsites.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: mywebsites.pro-FR Toolbar - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmywe.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: mywebsites.pro-FR Toolbar - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmywe.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: mywebsites.pro-FR Toolbar - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmywe.dll O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [incrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE /FU "C:\Windows\TEMP\E_S45A7.tmp" /EF "HKCU" O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O16 - DPF: {094210B7-3A70-4FBF-9F60-10C0159EB38A} (FTCOPPSession Class) - http://cinemaseries.orange.fr/resources/OCS_9418.cab O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 24086 bytes
- le 8 mai 2010
- 1 réponse
[Résolu] Fin de validité Mc Afee

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares

Super MERCI !!!!!!!!!!!!!!!!!!!
- le 6 juin 2009
- 5 réponses
[Résolu] Fin de validité Mc Afee

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares

Salut Apollo, A priori tout est OK Malwarebytes' Anti-Malware 1.37 Version de la base de données: 2237 Windows 6.0.6001 Service Pack 1 06/06/2009 17:55:54 mbam-log-2009-06-06 (17-55-54).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|) Eléments examinés: 205934 Temps écoulé: 1 hour(s), 0 minute(s), 4 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
- le 6 juin 2009
- 5 réponses
[Résolu] Fin de validité Mc Afee

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares

Bonjour Apolo, Premièrement je tiens à te remercier et à remercier toute votre équipe, c'est GEANT ce que vous faites... Pour ce qui est de la desinstallation de Mc Afee et l'installation d'antivir c'est fait. Voici mon rapport antivir : Avira AntiVir Personal Date de création du fichier de rapport : samedi 6 juin 2009 15:40 La recherche porte sur 1456029 souches de virus. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows Vista Version de Windows : (Service Pack 1) [6.0.6001] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur : PC-DE-NICOLAS Informations de version : BUILD.DAT : 9.0.0.65 17959 Bytes 22/04/2009 12:06:00 AVSCAN.EXE : 9.0.3.6 466689 Bytes 21/04/2009 12:20:54 AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 19:33:26 ANTIVIR2.VDF : 7.1.4.38 2692096 Bytes 29/05/2009 13:30:44 ANTIVIR3.VDF : 7.1.4.64 218112 Bytes 06/06/2009 13:30:44 Version du moteur : 8.2.0.180 AEVDF.DLL : 8.1.1.1 106868 Bytes 06/06/2009 13:30:49 AESCRIPT.DLL : 8.1.2.0 389497 Bytes 06/06/2009 13:30:48 AESCN.DLL : 8.1.2.3 127347 Bytes 06/06/2009 13:30:48 AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 17:24:41 AEPACK.DLL : 8.1.3.18 401783 Bytes 06/06/2009 13:30:48 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 19:01:56 AEHEUR.DLL : 8.1.0.129 1761655 Bytes 06/06/2009 13:30:47 AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 19:01:56 AEGEN.DLL : 8.1.1.44 348532 Bytes 06/06/2009 13:30:45 AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40 AECORE.DLL : 8.1.6.12 180599 Bytes 06/06/2009 13:30:45 AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30 AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 10:39:26 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59 RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 17/02/2009 12:49:32 RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05 Configuration pour la recherche actuelle : Nom de la tâche...............................: Contrôle intégral du système Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp Documentation.................................: bas Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, D:, Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: marche Contrôle d'intégrité de fichiers système......: arrêt Fichier mode de recherche.....................: Tous les fichiers Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+SPR, Début de la recherche : samedi 6 juin 2009 15:40 La recherche d'objets cachés commence. '94499' objets ont été contrôlés, '0' objets cachés ont été trouvés. La recherche sur les processus démarrés commence : Processus de recherche 'FlashUtil10b.exe' - '1' module(s) sont contrôlés Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'notepad.exe' - '1' module(s) sont contrôlés Processus de recherche 'HijackThis.exe' - '1' module(s) sont contrôlés Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés Processus de recherche 'GoogleToolbarUser.exe' - '1' module(s) sont contrôlés Processus de recherche 'iexplore.exe' - '1' module(s) sont contrôlés Processus de recherche 'ieuser.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'wmpnetwk.exe' - '1' module(s) sont contrôlés Processus de recherche 'wmpnscfg.exe' - '1' module(s) sont contrôlés Processus de recherche 'WUDFHost.exe' - '1' module(s) sont contrôlés Processus de recherche 'SearchIndexer.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'RichVideo.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'SchedulerSvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'BackupSvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'LSSrvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'ETService.exe' - '1' module(s) sont contrôlés Processus de recherche 'eDSService.exe' - '1' module(s) sont contrôlés Processus de recherche 'Agentsvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'CLMSServer.exe' - '1' module(s) sont contrôlés Processus de recherche 'GoogleDesktop.exe' - '1' module(s) sont contrôlés Processus de recherche 'soffice.bin' - '1' module(s) sont contrôlés Processus de recherche 'soffice.exe' - '1' module(s) sont contrôlés Processus de recherche 'ehmsas.exe' - '1' module(s) sont contrôlés Processus de recherche 'ehtray.exe' - '1' module(s) sont contrôlés Processus de recherche 'E_FATIEDE.EXE' - '1' module(s) sont contrôlés Processus de recherche 'GoogleToolbarNotifier.exe' - '1' module(s) sont contrôlés Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés Processus de recherche 'GoogleDesktop.exe' - '1' module(s) sont contrôlés Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés Processus de recherche 'RtHDVCpl.exe' - '1' module(s) sont contrôlés Processus de recherche 'eDSLoader.exe' - '1' module(s) sont contrôlés Processus de recherche 'Framework.Launcher.exe' - '1' module(s) sont contrôlés Processus de recherche 'SysMonitor.exe' - '1' module(s) sont contrôlés Processus de recherche 'MSASCui.exe' - '1' module(s) sont contrôlés Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'dwm.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'SLsvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'audiodg.exe' - '0' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'nvvsvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsm.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'wininit.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '70' processus ont été contrôlés avec '70' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD1 [iNFO] Aucun virus trouvé ! [iNFO] Veuillez relancer la recherche avec les droits d'administrateur Secteur d'amorçage maître HD2 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD3 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'D:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '43' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' <ACER> C:\hiberfil.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. Recherche débutant dans 'D:\' <DATA> Fin de la recherche : samedi 6 juin 2009 16:16 Temps nécessaire: 36:35 Minute(s) La recherche a été effectuée intégralement 16644 Les répertoires ont été contrôlés 457730 Des fichiers ont été contrôlés 0 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 0 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 2 Impossible de contrôler des fichiers 457728 Fichiers non infectés 5426 Les archives ont été contrôlées 2 Avertissements 2 Consignes 94499 Des objets ont été contrôlés lors du Rootkitscan 0 Des objets cachés ont été trouvés Nouveau rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:20:26, on 06/06/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18226) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Acer\Empowering Technology\SysMonitor.exe C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEDE.EXE C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\System32\notepad.exe C:\Users\Nicolas\Documents\Securité\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_x1700 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_x1700 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_x1700 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_x1700 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [setresolution] C:\ACER\config\1680x1050.cmd O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\Windows\TEMP\E_S7732.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Startup: Barre latérale Google Desktop.lnk = C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O18 - Filter: x-sdch - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 8897 bytes
- le 6 juin 2009
- 5 réponses
[Résolu] Fin de validité Mc Afee

directnico a posté un sujet dans Analyses et éradication malwares

Bonjour, J'ai changé de PC, il y a peu. On m'a fourni un antivirus Mc Afee en essai gratuit. Aujourd'hui ma période d'essai a expiré et je cherche à savoir quoi installer pour me proteger efficacement sans manger toutes mes ressources. Je souhaiterais aussi une petite analyse. Merci d'avance... Voici mon rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:48:38, on 05/06/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18226) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Acer\Empowering Technology\SysMonitor.exe C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEDE.EXE C:\Windows\ehome\ehtray.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe C:\Users\Nicolas\Documents\Securité\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_x1700 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_x1700 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_x1700 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_x1700 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [setresolution] C:\ACER\config\1680x1050.cmd O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\Windows\TEMP\E_S7732.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Startup: Barre latérale Google Desktop.lnk = C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Filter: x-sdch - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 10407 bytes
- le 5 juin 2009
- 5 réponses
Acquisition numérique et gravure sur DVD

directnico a posté un sujet dans Software

Bonjour à tous! J'ai un camescope samsung DV, mon PC est équipé d'un port Fire Wire et j'ai acquis un film d'environ 20 minutes via Windows Movie Maker (WMM). J'ai obtenu 3 fichiers au format AVI de 3,99 Go - 3,43 Go et 677 Mo. J'ai réaliser un montage via WMM et j'ai obtenu un fichier .WMV (502Mo). Quand je veux enregistrer mon film en AVI, WMM me dit que ce n'ai pas possible car le fichier est suppérieur à 10 Go. J'ai donc utiliser plusieurs logiciels de convertion de fichier pour transformé le fichier .WMV en AVI mais les fichiers générés sont toujours trop gros ou illisibles. Le mieux que j'ai pu obtenir c'est un fichier de 4Go. Et le probleme quand j'ai voulu le graver via néro c'est que le mode ISO ne doit pas dépasser les 2Go, et en mode UDF les DVD sont illisibles sur mon lecteur DVD de salon. Comment faire SVP...
- le 29 octobre 2007
- 1 réponse
besoin d'aide pour l'analyse d'Hijackthis

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares

Salut Régis, Voici mon rapport Ewidoo: --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 13:32:39 04/10/2006 + Scan result: C:\Documents and Settings\Nicolas\Cookies\nicolas@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@weborama[2].txt -> TrackingCookie.Weborama : Cleaned. ::Report end Le rapport Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 14:24:25, on 05/10/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\PROGRA~1\TWINTO~1\MouseElf.EXE C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\Program Files\TwinTouch LuxeMate\EMouse.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\M6 Video\M6video.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\WANADOO\TaskBarIcon.exe C:\PROGRA~1\WANADOO\EspaceWanadoo.exe C:\WINDOWS\System32\devldr32.exe C:\PROGRA~1\WANADOO\ComComp.exe C:\PROGRA~1\WANADOO\Toaster.exe C:\PROGRA~1\WANADOO\Inactivity.exe C:\PROGRA~1\WANADOO\PollingModule.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\WANADOO\Watch.exe C:\PROGRA~1\WANADOO\WOOBrowser\WOOBrowser.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=e R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [vpiqywd.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\vpiqywd.dll,pknrzed O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/ O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://directnico.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://appldnld.apple.com.edgesuite.net/qt...meInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149678650500 O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.39.downloads.estara.co...228109OneCC.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149678959078 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version= O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1065_XP.cab O16 - DPF: {FA1D6D8F-C6ED-4752-8512-A33283240130} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1066_XP.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{27CA4AFB-B786-46A9-8353-7B013B03E2D5}: NameServer = 80.10.246.130 80.10.246.3 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe et le rapport egd.txt: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "mouseElf"="C:\\PROGRA~1\\TWINTO~1\\MouseElf.EXE" "LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE" "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe " "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe" "CnxDslTaskBar"="\"C:\\Program Files\\ZTE Corporation\\ZXDSL852\\CnxDslTb.exe\" \"ZTE Corporation\\ZXDSL852\"" "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot" "m6"="C:\\Program Files\\M6 Video\\M6video.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "WOOWATCH"="C:\\PROGRA~1\\WANADOO\\Watch.exe" "WOOTASKBARICON"="C:\\PROGRA~1\\WANADOO\\GestMaj.exe TaskBarIcon.exe" "vpiqywd.dll"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\vpiqywd.dll,pknrzed" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" Merci
- le 5 octobre 2006
- 25 réponses
besoin d'aide pour l'analyse d'Hijackthis

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares

Merci mille fois Regis d'accepter de m'aider à nouveau, c'est vraiment cool ce quevous faites!!! Voici mon rapport Ewidoo:--------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 13:57:14 29/09/2006 + Scan result: C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned. C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@advertising[1].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@weborama[2].txt -> TrackingCookie.Weborama : Cleaned. ::Report end Le rapprot Hijack: Logfile of HijackThis v1.99.1 Scan saved at 13:59:49, on 29/09/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\PROGRA~1\TWINTO~1\MouseElf.EXE C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\M6 Video\M6video.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\WANADOO\TaskBarIcon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Wanadoo\Watch.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=e R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: (no name) - {211F749C-4A04-97A3-5BF0-01BDC28A039A} - C:\WINDOWS\System32\mnduwvi.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [vpiqywd.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\vpiqywd.dll,pknrzed O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/ O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1064_XP.cab O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://directnico.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://appldnld.apple.com.edgesuite.net/qt...meInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149678650500 O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.39.downloads.estara.co...228109OneCC.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149678959078 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version= O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1065_XP.cab O16 - DPF: {E68718BB-5451-4F6F-B8B8-41B4AB672747} (IgbInstall Class) - http://www.internetgamebox.com/content/AxInst.cab O16 - DPF: {FA1D6D8F-C6ED-4752-8512-A33283240130} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1066_XP.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Et pour fini je ne parvient pas à installer correctement Fsecure (vérollé) Bon courrage et à bientot!
- le 29 septembre 2006
- 25 réponses
besoin d'aide pour l'analyse d'Hijackthis

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares

Salut régis je suis à nouveau infecté et je m'en veut un peu car nous avins presque fini Bref peux-tu m'aider encore? Voici mes dernières analyses: --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 15:18:40 17/09/2006 + Scan result: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access -> Dialer.Generic : Cleaned. HKU\S-1-5-21-2387590086-784569582-2966927733-1005\Software\egdhtml -> Dialer.Generic : Cleaned. C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\OD6NOHEJ\WinAntiVirusPro2006FreeInstall_fr[1].cab/UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned. C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@weborama[1].txt -> TrackingCookie.Weborama : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned. ::Report end Rapport Hijack: Logfile of HijackThis v1.99.1 Scan saved at 15:19:22, on 17/09/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=e R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: (no name) - {211F749C-4A04-97A3-5BF0-01BDC28A039A} - C:\WINDOWS\System32\mnduwvi.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ugstvwq] c:\windows\system32\ugstvwq.exe ugstvwq O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [vpiqywd.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\vpiqywd.dll,pknrzed O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [instant Access] rundll32.exe EGACCESS4_1065.dll,InstantAccess O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/ O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1064_XP.cab O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://appldnld.apple.com.edgesuite.net/qt...meInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149678650500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149678959078 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version= O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1065_XP.cab O16 - DPF: {E68718BB-5451-4F6F-B8B8-41B4AB672747} (IgbInstall Class) - http://www.internetgamebox.com/content/AxInst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Merci
- le 26 septembre 2006
- 25 réponses
A nouveau infecté

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares
- le 18 septembre 2006
- 7 réponses
A nouveau infecté

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares

Et voila,--------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 15:18:40 17/09/2006 + Scan result: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access -> Dialer.Generic : Cleaned. HKU\S-1-5-21-2387590086-784569582-2966927733-1005\Software\egdhtml -> Dialer.Generic : Cleaned. C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\OD6NOHEJ\WinAntiVirusPro2006FreeInstall_fr[1].cab/UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned. C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@weborama[1].txt -> TrackingCookie.Weborama : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned. ::Report end Rapport Hijack: Logfile of HijackThis v1.99.1 Scan saved at 15:19:22, on 17/09/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=e R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: (no name) - {211F749C-4A04-97A3-5BF0-01BDC28A039A} - C:\WINDOWS\System32\mnduwvi.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ugstvwq] c:\windows\system32\ugstvwq.exe ugstvwq O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [vpiqywd.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\vpiqywd.dll,pknrzed O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [instant Access] rundll32.exe EGACCESS4_1065.dll,InstantAccess O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/ O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1064_XP.cab O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://appldnld.apple.com.edgesuite.net/qt...meInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149678650500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149678959078 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version= O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1065_XP.cab O16 - DPF: {E68718BB-5451-4F6F-B8B8-41B4AB672747} (IgbInstall Class) - http://www.internetgamebox.com/content/AxInst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Merci
- le 17 septembre 2006
- 7 réponses
A nouveau infecté

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares

Je vais redémarrer en mode sans échec et lancé Ewido (je ne peut pas lancé Blacklight qui semble etre bloqué par un soft malin) et poster le rapport puis je vais reposter un nouveau rapport Hijack @+
- le 17 septembre 2006
- 7 réponses
A nouveau infecté

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares

OK Merci Voici mon rapport Hijack: Logfile of HijackThis v1.99.1 Scan saved at 13:52:46, on 17/09/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\PROGRA~1\TWINTO~1\MouseElf.EXE C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\M6 Video\M6video.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\WANADOO\TaskBarIcon.exe C:\PROGRA~1\WANADOO\EspaceWanadoo.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\WANADOO\ComComp.exe C:\PROGRA~1\WANADOO\Toaster.exe C:\PROGRA~1\WANADOO\Inactivity.exe C:\PROGRA~1\WANADOO\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\WANADOO\Watch.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=e R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: (no name) - {211F749C-4A04-97A3-5BF0-01BDC28A039A} - C:\WINDOWS\System32\mnduwvi.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [vpiqywd.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\vpiqywd.dll,pknrzed O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [instant Access] rundll32.exe EGACCESS4_1065.dll,InstantAccess O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/ O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1064_XP.cab O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://appldnld.apple.com.edgesuite.net/qt...meInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149678650500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149678959078 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version= O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1065_XP.cab O16 - DPF: {E68718BB-5451-4F6F-B8B8-41B4AB672747} (IgbInstall Class) - http://www.internetgamebox.com/content/AxInst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe D'avance merci
- le 17 septembre 2006
- 7 réponses
A nouveau infecté

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares

J'ai donc repris la procedure au début mais la date activir est passée et je ne peux faire de mise à jour
- le 16 septembre 2006
- 7 réponses
A nouveau infecté

directnico a posté un sujet dans Analyses et éradication malwares

Salut, je suis membre depuis quelques temps. Au moment ou je me suis inscrit, j'avais les mêmes problemes qu'aujourd'hui (des fenêtres de pubs qui s'ouvrent sans arrêt quand je suis sur internet) Regis m'a aider mais j'ai été trop préssé et je n'ai pas été jusqu'au bout de la procedure Bref aujourd'hui nencore Aidez-moi SVP !!!!
- le 16 septembre 2006
- 7 réponses
besoin d'aide pour l'analyse d'Hijackthis

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares

Salut Boris, Je ne le dirais jamais assé MMMEEERRRCCCIII !!! Bizarement je n'avais pas hopeme~1\ Voici le rapport findlop: [TRACE] Enumerating jobs and queues [TRACE] Activating job 'FRU Task #Hewlett-Packard#hp psc 1200 series#1109677550 .job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe' Parameters: '-I "#Hewlett-Packard#hp psc 1200 series#1109677550"' WorkingDirectory: '' Comment: '' Creator: 'Nicolas' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 07/01/2006 12:46:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 04/01/2005 EndDate: 00/00/0000 StartTime: 12:46 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'WebReg 20050319210217.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe' Parameters: '/TaskName 20050319210217 /N "HP psc 1200 Series" /M Q1662A /S MY4ARG22NRT0 /AP 303 /F /T ' WorkingDirectory: '' Comment: '' Creator: 'Nicolas' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 06/30/2006 21:02:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 03/20/2005 EndDate: 00/00/0000 StartTime: 21:02 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 et le rapport Hijack: Logfile of HijackThis v1.99.1 Scan saved at 13:15:13, on 30/06/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\WANADOO\TaskBarIcon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\M6 Video\M6video.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\System32\7f338e6f.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\WANADOO\EspaceWanadoo.exe C:\PROGRA~1\WANADOO\ComComp.exe C:\PROGRA~1\WANADOO\Toaster.exe C:\PROGRA~1\WANADOO\Inactivity.exe C:\PROGRA~1\WANADOO\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\WANADOO\Watch.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\PROGRA~1\WANADOO\WOOBrowser\WOOBrowser.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=e R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [7f338e6f.exe] C:\WINDOWS\System32\7f338e6f.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [7f338e6f.exe] C:\Documents and Settings\Nicolas\Local Settings\Application Data\7f338e6f.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/ O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149678650500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149678959078 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{27CA4AFB-B786-46A9-8353-7B013B03E2D5}: NameServer = 80.10.246.1 80.10.246.132 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Bon courage !!!
- le 30 juin 2006
- 25 réponses
besoin d'aide pour l'analyse d'Hijackthis

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares

Bonjour Regis Voici le rapport findlop: [TRACE] Enumerating jobs and queues [TRACE] Activating job 'FRU Task #Hewlett-Packard#hp psc 1200 series#1109677550 .job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe' Parameters: '-I "#Hewlett-Packard#hp psc 1200 series#1109677550"' WorkingDirectory: '' Comment: '' Creator: 'Nicolas' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 06/30/2006 12:46:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 04/01/2005 EndDate: 00/00/0000 StartTime: 12:46 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'WebReg 20050319210217.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe' Parameters: '/TaskName 20050319210217 /N "HP psc 1200 Series" /M Q1662A /S MY4ARG22NRT0 /AP 303 /F /T ' WorkingDirectory: '' Comment: '' Creator: 'Nicolas' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 06/29/2006 21:02:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 03/20/2005 EndDate: 00/00/0000 StartTime: 21:02 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'AFF2997E91850ABE.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\nicolas\applic~1\hopeme~1\OwnsFourLicense.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Nicolas' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 06/20/2006 22:00:00 NextRun: 06/29/2006 13:00:00 StartError: 0x80070003 ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 02/21/1996 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 Bon courage ...
- le 29 juin 2006
- 25 réponses
besoin d'aide pour l'analyse d'Hijackthis

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares

Salut Régis Je n'ai pas pu faire analyser ce fichier C:\WINDOWS\System32\rdkxcx.exe (inexistant) J'ai donc suivi la procédure et voici mon nouveau rapport: StartupList report, 28/06/2006, 14:28:47 StartupList version: 1.52.2 Started from : C:\Program Files\HijackThis\HijackThis.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\PROGRA~1\WANADOO\TaskBarIcon.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\M6 Video\M6video.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\PROGRA~1\WANADOO\Watch.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\PROGRA~1\WANADOO\EspaceWanadoo.exe C:\PROGRA~1\WANADOO\ComComp.exe C:\PROGRA~1\WANADOO\Toaster.exe C:\PROGRA~1\WANADOO\Inactivity.exe C:\PROGRA~1\WANADOO\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\HijackThis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Nicolas\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SoundMan = SOUNDMAN.EXE SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe WOOWATCH = C:\PROGRA~1\WANADOO\Watch.exe WOOTASKBARICON = C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe mouseElf = C:\PROGRA~1\TWINTO~1\MouseElf.EXE LVCOMSX = C:\WINDOWS\System32\LVCOMSX.EXE LogitechVideoRepair = C:\Program Files\Logitech\Video\ISStart.exe LogitechVideoTray = C:\Program Files\Logitech\Video\LogiTray.exe CnxDslTaskBar = "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852" TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime m6 = C:\Program Files\M6 Video\M6video.exe !ewido = "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WOOKIT = C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe LogitechSoftwareUpdate = "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Remove.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\ssmypics.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: *No BHO's found* -------------------------------------------------- Enumerating Task Scheduler jobs: FRU Task #Hewlett-Packard#hp psc 1200 series#1109677550.job WebReg 20050319210217.job AFF2997E91850ABE.job -------------------------------------------------- Enumerating Download Program Files: [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [QuickTime Object] InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [installerObj Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\installer2.dll CODEBASE = http://m6video.m6.fr/1click/install/files/installer2.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\System32\wuweb.dll CODEBASE = http://update.microsoft.com/windowsupdate/...b?1149678650500 [MUWebControl Class] InProcServer32 = C:\WINDOWS\System32\muweb.dll CODEBASE = http://update.microsoft.com/microsoftupdat...b?1149678959078 [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab [{D27CDB6E-AE6D-11CF-96B8-444553540002}] CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Pilote d'unité 61883: System32\DRIVERS\61883.sys (manual start) Pilote ACPI Microsoft: System32\DRIVERS\ACPI.sys (system) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (autostart) Service for WDM 3D Audio Driver: system32\drivers\ALCXSENS.SYS (manual start) Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start) Avertissement: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Protocole client ARP 1394: System32\DRIVERS\arp1394.sys (manual start) ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start) Pilote de média asynchrone RAS: System32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: System32\DRIVERS\atapi.sys (system) Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart) ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start) Protocole client ATM ARP: System32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: System32\DRIVERS\audstub.sys (manual start) Périphérique AVC: System32\DRIVERS\avc.sys (manual start) Service de transfert intelligent en arrière-plan: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Explorateur d'ordinateur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) C4C_BSC2: System32\DRIVERS\C4C_BSC2.sys (manual start) Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start) Pilote de CD-ROM: System32\DRIVERS\cdrom.sys (system) Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (manual start) ZTE ZXDSL852 Adapter Filter Driver: System32\DRIVERS\CnxEtP.sys (manual start) ZTE ZXDSL852 Interface Device Driver: System32\DRIVERS\CnxEtU.sys (manual start) ZTE ZXDSL852 WAN PPPoA Adapter Driver: System32\DRIVERS\CnxTgNW.sys (manual start) Application système COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Creative SBLive! Port de jeux: System32\DRIVERS\ctljystk.sys (manual start) Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote de disque: System32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) DMSKSSRh: \??\C:\DOCUME~1\Nicolas\LOCALS~1\Temp\DMSKSSRh.sys (manual start) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart) ElbyDelay: System32\Drivers\ElbyDelay.sys (manual start) Creative SB Live! (WDM): system32\drivers\emu10k1m.sys (manual start) Pilote du Gestionnaire d'interface Creative (WDM): system32\drivers\ctlfacem.sys (manual start) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) ewido anti-spyware 4.0 driver: \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys (system) ewido anti-spyware 4.0 guard: C:\Program Files\ewido anti-spyware 4.0\guard.exe (autostart) Fallback: System32\DRIVERS\C4C_FALL.sys (autostart) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote de contrôleur de lecteur de disquettes: System32\DRIVERS\fdc.sys (manual start) Pilote de lecteur de disquettes: System32\DRIVERS\flpydisk.sys (manual start) Fsks: System32\DRIVERS\C4C_FSKS.sys (autostart) Pilote du Gestionnaire de volume: System32\DRIVERS\ftdisk.sys (system) France Telecom Routing Table Service: C:\WINDOWS\System32\FTRTSVC.exe (disabled) Énumérateur de port jeu: System32\DRIVERS\gameenum.sys (manual start) USB Scroll Mouse Driver: System32\DRIVERS\gflmouhid.sys (manual start) Classificateur de paquets générique: System32\DRIVERS\msgpc.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote de classe HID Microsoft: System32\DRIVERS\hidusb.sys (manual start) IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start) Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start) USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start) Pilote pour clavier i8042 et souris sur port PS/2: System32\DRIVERS\i8042prt.sys (system) InstallDriver Table Manager: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start) Pilote de filtre de gravure CD: System32\DRIVERS\imapi.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start) Pilote de filtre de trafic IP: System32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: System32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: System32\DRIVERS\ipnat.sys (manual start) Pilote IPSEC: System32\DRIVERS\ipsec.sys (system) Service énumérateur IR: System32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: System32\DRIVERS\isapnp.sys (system) K56: System32\DRIVERS\C4C_K56K.sys (autostart) Pilote de la classe Clavier: System32\DRIVERS\kbdclass.sys (system) Pilote HID de clavier: System32\DRIVERS\kbdhid.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Serveur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Logitech USB Monitor Filter: system32\drivers\lvusbsta.sys (manual start) mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart) Affichage des messages: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Partage de Bureau à distance NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Pilote de la classe Souris: System32\DRIVERS\mouclass.sys (system) Pilote HID de souris: System32\DRIVERS\mouhid.sys (manual start) Redirecteur client WebDav: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Microsoft DV Camera and VCR: System32\DRIVERS\msdv.sys (manual start) Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start) NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start) Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start) Pilote TAPI NDIS d'accès distant: System32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: System32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: System32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: System32\DRIVERS\netbios.sys (system) NetBIOS sur TCP/IP: System32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) Ouverture de session réseau: %SystemRoot%\System32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote réseau 1394: System32\DRIVERS\nic1394.sys (manual start) NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Upper Class Filter Driver: System32\DRIVERS\NTIDrvr.sys (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\System32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote de filtre de trafic IPX: System32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: System32\DRIVERS\nwlnkfwd.sys (manual start) Contrôleur hôte compatible IEE 1394 VIA OHCI: System32\DRIVERS\ohci1394.sys (system) oreans32: \??\C:\WINDOWS\system32\drivers\oreans32.sys (system) Pilote de port parallèle: System32\DRIVERS\parport.sys (manual start) PCI Bus Driver: System32\DRIVERS\pci.sys (system) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (manual start) Services IPSEC: %SystemRoot%\System32\lsass.exe (autostart) Miniport réseau étendu (PPTP): System32\DRIVERS\raspptp.sys (manual start) Pilote processeur: System32\DRIVERS\processr.sys (system) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: System32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: System32\DRIVERS\ptilink.sys (manual start) Logitech QuickCam Express: System32\DRIVERS\OVCD.sys (manual start) Logitech QuickCam Communicate: System32\DRIVERS\LVCM.sys (manual start) Pilote de connexion automatique d'accès distant: System32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: System32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) Pilote de filtre de lecture digitale de CD audio: System32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Rksample: System32\DRIVERS\C4C_SAMP.sys (manual start) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\System32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver: System32\DRIVERS\Rtlnic51.sys (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Prise en charge des cartes à puces: %SystemRoot%\System32\SCardSvr.exe (manual start) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (manual start) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de filtre Serenum: System32\DRIVERS\serenum.sys (manual start) Pilote de port série: System32\DRIVERS\serial.sys (system) Pilote du Gestionnaire SoundFont Creative (WDM): system32\drivers\sfmanm.sys (manual start) Pare-feu de connexion Internet (ICF) / Partage de connexion Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start) SoftFax: System32\DRIVERS\C4C_FAXX.sys (autostart) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Pilote de filtre de restauration système: System32\DRIVERS\sr.sys (system) Service de restauration système: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Acquisition d'image Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start) Pilote de bus logiciel: System32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{8473017C-42BF-4359-B17A-DA07161E55AC} (manual start) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: System32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: System32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Tones: System32\DRIVERS\C4C_TONE.sys (autostart) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart) Pilote de mise à jour microcode: System32\DRIVERS\update.sys (manual start) Gestionnaire de téléchargement: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Onduleur: %SystemRoot%\System32\ups.exe (manual start) Pilote USB audio (WDM): system32\drivers\usbaudio.sys (manual start) Pilote parent générique USB Microsoft: System32\DRIVERS\usbccgp.sys (manual start) Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft: System32\DRIVERS\usbehci.sys (manual start) Concentrateur USB2: System32\DRIVERS\usbhub.sys (manual start) Classe d'imprimantes USB Microsoft: System32\DRIVERS\usbprint.sys (manual start) Pilote de scanneur USB: System32\DRIVERS\usbscan.sys (manual start) Pilote de stockage de masse USB: System32\DRIVERS\USBSTOR.SYS (manual start) Pilote miniport de contrôleur hôte universel USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start) Service Messenger Sharing USN Journal Reader: C:\WINDOWS\System32\svchost.exe -k usnsvc (manual start) V124: System32\DRIVERS\C4C_V124.sys (autostart) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system) ViaIde: System32\DRIVERS\viaide.sys (system) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: System32\DRIVERS\wanarp.sys (manual start) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) winachsf: System32\DRIVERS\HSF_CNXT.sys (manual start) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Service de numéro de série du lecteur multimédia portable: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte de performance WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled) World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run WinUpdate.exe = C:\Program Files\Windows\WinUpdate.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 35 757 bytes Report generated in 0,078 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Merci
- le 28 juin 2006
- 25 réponses
besoin d'aide pour l'analyse d'Hijackthis

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares

Voici le rapport ActivScan Incident Statut Analyse Adware:Adware/CommAd No Désinfecté C:\WINDOWS\Tmljb2xhcw\nA53vZU1wT.vbs Adware:adware/dollarrevenue No Désinfecté C:\WINDOWS\keyboard231.dat Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\SITE EQ MEAL SCR\bashreadme.exe Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Nicolas\Cookies\nicolas@doubleclick[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Nicolas\Cookies\nicolas@xiti[1].txt Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Nicolas\Cookies\nicolas@mediaplex[1].txt Spyware:Cookie/888 No Désinfecté C:\Documents and Settings\Nicolas\Cookies\nicolas@888[3].txt Spyware:Cookie/888 No Désinfecté C:\Documents and Settings\Nicolas\Cookies\nicolas@888[1].txt Spyware:Cookie/Cassava No Désinfecté C:\Documents and Settings\Nicolas\Cookies\nicolas@cassava[1].txt Spyware:Cookie/Rn11 No Désinfecté C:\Documents and Settings\Nicolas\Cookies\nicolas@rn11[2].txt Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Nicolas\Cookies\nicolas@realmedia[1].txt Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Nicolas\Cookies\nicolas@weborama[2].txt Spyware:Cookie/ErrorSafe No Désinfecté C:\Documents and Settings\Nicolas\Cookies\nicolas@errorsafe[2].txt Spyware:Cookie/ErrorSafe No Désinfecté C:\Documents and Settings\Nicolas\Cookies\nicolas@www.errorsafe[1].txt Spyware:Cookie/Apmebf No Désinfecté C:\Documents and Settings\Nicolas\Cookies\nicolas@apmebf[2].txt Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Nicolas\Cookies\nicolas@atdmt[2].txt Spyware:Cookie/Hbmediapro No Désinfecté C:\Documents and Settings\Nicolas\Cookies\nicolas@adopt.hbmediapro[2].txt Spyware:Cookie/OfferOptimizer No Désinfecté C:\Documents and Settings\Nicolas\Cookies\nicolas@offeroptimizer[1].txt Spyware:Cookie/WinFixer No Désinfecté C:\Documents and Settings\Nicolas\Cookies\nicolas@winfixer[2].txt Spyware:Cookie/Adrevolver No Désinfecté C:\Documents and Settings\Nicolas\Cookies\nicolas@adrevolver[2].txt Spyware:Cookie/DelfinMedia No Désinfecté C:\Documents and Settings\Nicolas\Cookies\nicolas@delfinproject[2].txt Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Nicolas\Application Data\hopemessbook\cphlmwhl.exe Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Nicolas\Application Data\hopemessbook\Software bone dupe funk.exe Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Nicolas\Application Data\hopemessbook\gfgtqyli.exe Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Emilie\Cookies\emilie@xiti[1].txt
- le 25 juin 2006
- 25 réponses
besoin d'aide pour l'analyse d'Hijackthis

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares

Nouveau rapport HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 23:04:54, on 25/06/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\PROGRA~1\WANADOO\TaskBarIcon.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\M6 Video\M6video.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\PROGRA~1\WANADOO\EspaceWanadoo.exe C:\PROGRA~1\WANADOO\ComComp.exe C:\PROGRA~1\WANADOO\Toaster.exe C:\PROGRA~1\WANADOO\Inactivity.exe C:\PROGRA~1\WANADOO\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\WANADOO\Watch.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=e R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [nqvqd] C:\WINDOWS\System32\rdkxcx.exe reg_run O4 - HKCU\..\Run: [quru] C:\PROGRA~1\FICHIE~1\quru\qurum.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/ O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.mmohsix.com O15 - Trusted Zone: *.sxload.com O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149678650500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149678959078 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Tmljb2xhcw\command.exe (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Rapport Ewido: --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 22:58:00 25/06/2006 + Scan result: C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030110.dll -> Adware.Look2Me : Cleaned. C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030111.dll -> Adware.Look2Me : Cleaned. C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\OHUJSD6N\ErrorSafeScannerInstallFR[1].cab/UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned. C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned. C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned. C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned. C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\OHUJSD6N\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned. C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\OHUJSD6N\send_car_int[2].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@weborama[2].txt -> TrackingCookie.Weborama : Cleaned. ::Report end Je ne vois aucun disfonctionnement apparent Je vous remercie encore du fond du coeur pour tous ce que vous faites, c'est génial...
- le 25 juin 2006
- 25 réponses
besoin d'aide pour l'analyse d'Hijackthis

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares

Je ne trouve pas shigndo.exe (ni en recherche, ni en manuel)
- le 25 juin 2006
- 25 réponses
besoin d'aide pour l'analyse d'Hijackthis

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares

Voici le nouveau rapport d'Ewido --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 17:23:27 25/06/2006 + Scan result: C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030035.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030036.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030037.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030038.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030039.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030040.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030041.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030042.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030043.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030044.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030045.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030046.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030047.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030048.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030049.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030050.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030051.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030052.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030053.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030054.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030055.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030056.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030057.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030058.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030059.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030060.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030061.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030062.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030063.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030064.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030065.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030066.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030067.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030093.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\m6lslg3716.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\uuildll.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030073.exe -> Adware.Lop : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030070.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030071.exe -> Adware.MediaMotor : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030068.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030069.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030072.dll -> Adware.TargetServer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030034.exe -> Downloader.VB.fi : Cleaned with backup (quarantined). C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\OHUJSD6N\ErrorSafeScannerInstallFR[1].cab/UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored. C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored. C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\OHUJSD6N\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored. C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\OHUJSD6N\send_car_int[2].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored. C:\Documents and Settings\Nicolas\Cookies\nicolas@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@weborama[2].txt -> TrackingCookie.Weborama : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end Un nouveau log HijackThis Logfile of HijackThis v1.99.1 Scan saved at 17:32:04, on 25/06/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\PROGRA~1\WANADOO\TaskBarIcon.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\M6 Video\M6video.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\PROGRA~1\WANADOO\EspaceWanadoo.exe C:\PROGRA~1\WANADOO\ComComp.exe C:\PROGRA~1\WANADOO\Toaster.exe C:\PROGRA~1\WANADOO\Inactivity.exe C:\PROGRA~1\WANADOO\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\WANADOO\Watch.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=e R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,shigndo.exe O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [nqvqd] C:\WINDOWS\System32\rdkxcx.exe reg_run O4 - HKCU\..\Run: [quru] C:\PROGRA~1\FICHIE~1\quru\qurum.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/ O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.mmohsix.com O15 - Trusted Zone: *.sxload.com O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\Nicolas\LOCALS~1\Temp\mma.chm::/alien.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149678650500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149678959078 O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.errorsafe.com/pages/scanner_fr/E...erInstallFR.cab O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/b...a17b04ac0f14ce1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\uuildll.dll (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Tmljb2xhcw\command.exe (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Et le rapport de : C:\egd.txt Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe" "WOOWATCH"="C:\\PROGRA~1\\WANADOO\\Watch.exe" "WOOTASKBARICON"="C:\\PROGRA~1\\WANADOO\\GestMaj.exe TaskBarIcon.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "mouseElf"="C:\\PROGRA~1\\TWINTO~1\\MouseElf.EXE" "LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE" "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe " "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe" "CnxDslTaskBar"="\"C:\\Program Files\\ZTE Corporation\\ZXDSL852\\CnxDslTb.exe\" \"ZTE Corporation\\ZXDSL852\"" "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot" "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "m6"="C:\\Program Files\\M6 Video\\M6video.exe" "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" Bon courrage
- le 25 juin 2006
- 25 réponses
besoin d'aide pour l'analyse d'Hijackthis

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares

Merci encore pour tout ce que vous faites... J'ai eu le message suivant en lançant BlackLight : F. Secure BlackLight could not acquire necessary priviles (SeDebugPrivilege) - Your computer setting may prevent acquiring these privileges - A malicious program might have disabled these privileges Voici le rapport Ewido --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 15:00:42 25/06/2006 + Scan result: C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025541.dll -> Adware.CommAd : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022297.exe -> Adware.HotBar : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022298.dll -> Adware.HotBar : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022299.dll -> Adware.HotBar : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022300.exe -> Adware.HotBar : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022304.EXE -> Adware.Hotbar : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022311.exe -> Adware.Hotbar : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022312.dll -> Adware.HotBar : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022313.dll -> Adware.HotBar : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024821.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024851.DLL -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024878.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024886.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024893.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP179\A0024900.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP179\A0024908.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP179\A0024915.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP179\A0024925.DLL -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP179\A0024929.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP179\A0024937.DLL -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP179\A0024962.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP179\A0024970.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP179\A0024978.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0024985.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0024995.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0025001.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0025046.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0025051.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0025060.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0025065.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0025076.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0025083.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0025091.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0025115.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025140.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025149.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025155.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025165.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025170.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025539.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025542.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025545.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP182\A0025562.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP182\A0025627.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP182\A0025640.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP183\A0025645.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP183\A0025653.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP184\A0025663.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP184\A0027672.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP185\A0028663.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP185\A0028692.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP186\A0028707.DLL -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028718.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028724.DLL -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028738.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028739.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028740.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028757.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028762.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028789.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028799.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028802.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP188\A0028818.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP188\A0028823.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP188\A0028828.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP188\A0028837.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP188\A0028842.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP188\A0028998.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP188\A0029011.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP189\A0029020.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030016.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030024.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\Axdio3D.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\Aydiodev.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\LUDIS11n.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\OKCodec2.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\TSskKeyHook.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\WRDMPS.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\agl71.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\arvapi32.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\cgl3d32.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\cxdial32.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\dHtime.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\dnnm0151e.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\e002lado1d0c.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\fp8803lue.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\hrj2051oe.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\i060lajm1doa.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\il50_32.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\ir40l5hm1.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\jbmd400.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\k608lgdu1608.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\k8lq0i35e8.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\l44q0eh5eh4.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\m4pole731h.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\m6rm0g91e6.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\mcrepl40.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\mhlbui.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\mqc42loc.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\mrratelc.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\mtwsock.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\mwvidctl.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\npmsdba.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\rHsppp.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\voa64k.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\wvv8dmod.dll -> Adware.Look2Me : Cleaned with backup (quarantined). [608] C:\WINDOWS\system32\ccmuid.dll -> Adware.Look2Me : Error during cleaning. [668] C:\WINDOWS\system32\WRDMPS.dll -> Adware.Look2Me : Error during cleaning. C:\Program Files\Adverts\uninst.exe -> Adware.Lop : Cleaned with backup (quarantined). C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined). C:\WINDOWS\LastGood\Downloaded Program Files\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined). C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024873.exe -> Adware.MediaTickets : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP126\A0020029.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP126\A0020038.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP127\A0020839.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP127\A0020866.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP127\A0020885.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP127\A0020894.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP128\A0020919.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP128\A0020937.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP128\A0020949.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP129\A0020959.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP129\A0020967.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP129\A0021969.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP130\A0021981.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP130\A0021990.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP130\A0021998.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP130\A0022028.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP130\A0022040.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP130\A0022048.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP131\A0022067.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP131\A0022101.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022267.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022275.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022286.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022329.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022338.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022346.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022357.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022363.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022371.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022381.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022391.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022396.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022405.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP133\A0022413.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP133\A0022662.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP133\A0022670.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP133\A0022676.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP133\A0022688.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP133\A0022701.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP133\A0022711.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP133\A0022728.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP133\A0022755.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP134\A0022771.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP134\A0022834.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP134\A0022842.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP134\A0022857.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP135\A0022869.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP136\A0022880.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP136\A0022890.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP137\A0022905.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP137\A0022918.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP137\A0022930.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP138\A0022946.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP138\A0022954.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP138\A0023057.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP138\A0023074.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP139\A0023106.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP139\A0023115.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP140\A0023128.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP140\A0023150.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP140\A0023157.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP141\A0023178.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP141\A0023182.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP143\A0023249.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP144\A0023267.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP144\A0023279.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP146\A0023288.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP146\A0023299.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP146\A0023312.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP146\A0023324.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP146\A0023335.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP146\A0023345.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP146\A0023354.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP146\A0023362.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP147\A0023377.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP147\A0023385.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP148\A0023394.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP149\A0023408.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP152\A0023420.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP152\A0023550.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP152\A0023568.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP153\A0023585.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP153\A0023593.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP156\A0023831.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP156\A0023853.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP156\A0023859.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP157\A0023874.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP157\A0023879.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP157\A0023891.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP158\A0023908.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP158\A0023918.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP158\A0023923.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP158\A0023929.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP158\A0023960.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP158\A0023989.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP159\A0024056.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP159\A0024065.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP163\A0024112.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP163\A0024141.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP163\A0024157.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\WINDOWS\system32\msplock32.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024859.DLL -> Adware.PurityScan : Cleaned with backup (quarantined). C:\Program Files\Fichiers communs\quru\qurud\quruc.dll -> Adware.TargetServer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP177\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP177\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP177\snapshot\MFEX-7.DAT -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024825.dll -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024874.EXE -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024875.DLL -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024876.DLL -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024877.exe -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\snapshot\MFEX-7.DAT -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025532.EXE -> Downloader.VB.fi : Cleaned with backup (quarantined). C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP184\A0027668.exe -> Downloader.VB.fi : Cleaned with backup (quarantined). C:\WINDOWS\logon.exe -> Downloader.VB.fi : Cleaned with backup (quarantined). C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\01234567\ABoxInst_int14[1].exe -> Downloader.VB.ft : Cleaned with backup (quarantined). C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\W1270L6B\ABoxInst_int14[1].exe -> Downloader.VB.ft : Cleaned with backup (quarantined). C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored. C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored. C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\OHUJSD6N\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored. C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\OHUJSD6N\send_car_int[2].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored. C:\Documents and Settings\Emilie\Cookies\emilie@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned. C:\Documents and Settings\Emilie\Cookies\emilie@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@adtech[2].txt -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@advertising[1].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Emilie\Cookies\emilie@adviva[1].txt -> TrackingCookie.Adviva : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Emilie\Cookies\emilie@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@banner.clubdicecasino[2].txt -> TrackingCookie.Clubdicecasino : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@clubdicecasino[1].txt -> TrackingCookie.Clubdicecasino : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned. C:\Documents and Settings\Emilie\Cookies\emilie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Emilie\Cookies\emilie@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@estat[1].txt -> TrackingCookie.Estat : Cleaned. C:\Documents and Settings\Emilie\Cookies\emilie@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@www.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@ehg-osiris.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@lop[2].txt -> TrackingCookie.Lop : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Emilie\Cookies\emilie@overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Emilie\Cookies\emilie@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned. C:\Documents and Settings\Emilie\Cookies\emilie@www.smartadserver[3].txt -> TrackingCookie.Smartadserver : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@weborama[2].txt -> TrackingCookie.Weborama : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Nicolas\Cookies\nicolas@zedo[2].txt -> TrackingCookie.Zedo : Cleaned. ::Report end Et le nouveau rapport HijackThis! Logfile of HijackThis v1.99.1 Scan saved at 15:17:18, on 25/06/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\PROGRA~1\WANADOO\TaskBarIcon.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\M6 Video\M6video.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\PROGRA~1\WANADOO\EspaceWanadoo.exe C:\PROGRA~1\WANADOO\ComComp.exe C:\PROGRA~1\WANADOO\Toaster.exe C:\PROGRA~1\WANADOO\Inactivity.exe C:\PROGRA~1\WANADOO\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\WANADOO\Watch.exe C:\PROGRA~1\WANADOO\WOOBrowser\WOOBrowser.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=e R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,shigndo.exe O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [nqvqd] C:\WINDOWS\System32\rdkxcx.exe reg_run O4 - HKCU\..\Run: [quru] C:\PROGRA~1\FICHIE~1\quru\qurum.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/ O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.mmohsix.com O15 - Trusted Zone: *.sxload.com O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\Nicolas\LOCALS~1\Temp\mma.chm::/alien.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149678650500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149678959078 O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1061_XP.cab O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.errorsafe.com/pages/scanner_fr/E...erInstallFR.cab O16 - DPF: {C80B7FF6-CE60-4079-935E-520C045C30A6} - http://www.mailskinner.com/binaries/msaxsetup.cab O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/b...a17b04ac0f14ce1 O17 - HKLM\System\CCS\Services\Tcpip\..\{27CA4AFB-B786-46A9-8353-7B013B03E2D5}: NameServer = 80.10.246.1 80.10.246.132 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\ccmuid.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Tmljb2xhcw\command.exe (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Merci On va les avoirs
- le 25 juin 2006
- 25 réponses
besoin d'aide pour l'analyse d'Hijackthis

directnico a répondu à un(e) sujet de directnico dans Analyses et éradication malwares

Est-ce que quelqu'un peut analyser ça Merci Logfile of HijackThis v1.99.1 Scan saved at 14:20:49, on 23/06/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\PROGRA~1\WANADOO\TaskBarIcon.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\M6 Video\M6video.exe C:\WINDOWS\logon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=e R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,shigndo.exe O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [nqvqd] C:\WINDOWS\System32\rdkxcx.exe reg_run O4 - HKCU\..\Run: [quru] C:\PROGRA~1\FICHIE~1\quru\qurum.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/ O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.mmohsix.com O15 - Trusted Zone: *.sxload.com O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\Nicolas\LOCALS~1\Temp\mma.chm::/alien.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149678650500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149678959078 O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1061_XP.cab O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.errorsafe.com/pages/scanner_fr/E...erInstallFR.cab O16 - DPF: {C80B7FF6-CE60-4079-935E-520C045C30A6} - http://www.mailskinner.com/binaries/msaxsetup.cab O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/b...a17b04ac0f14ce1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\jt6607jse.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Tmljb2xhcw\command.exe (file missing) O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Est-ce que quelqu'un peut analyser ça Merci Logfile of HijackThis v1.99.1 Scan saved at 14:20:49, on 23/06/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\PROGRA~1\WANADOO\TaskBarIcon.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\M6 Video\M6video.exe C:\WINDOWS\logon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=e R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,shigndo.exe O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [nqvqd] C:\WINDOWS\System32\rdkxcx.exe reg_run O4 - HKCU\..\Run: [quru] C:\PROGRA~1\FICHIE~1\quru\qurum.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/ O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.mmohsix.com O15 - Trusted Zone: *.sxload.com O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\Nicolas\LOCALS~1\Temp\mma.chm::/alien.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149678650500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149678959078 O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1061_XP.cab O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.errorsafe.com/pages/scanner_fr/E...erInstallFR.cab O16 - DPF: {C80B7FF6-CE60-4079-935E-520C045C30A6} - http://www.mailskinner.com/binaries/msaxsetup.cab O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/b...a17b04ac0f14ce1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\jt6607jse.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Tmljb2xhcw\command.exe (file missing) O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
- le 25 juin 2006
- 25 réponses

Connexion

directnico

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par directnico

Ptit soucis internet explorer et Increditmail

Une petite analyse SVP

[Résolu] Fin de validité Mc Afee

[Résolu] Fin de validité Mc Afee

[Résolu] Fin de validité Mc Afee

[Résolu] Fin de validité Mc Afee

Acquisition numérique et gravure sur DVD

besoin d'aide pour l'analyse d'Hijackthis

besoin d'aide pour l'analyse d'Hijackthis

besoin d'aide pour l'analyse d'Hijackthis

A nouveau infecté

A nouveau infecté

A nouveau infecté

A nouveau infecté

A nouveau infecté

A nouveau infecté

besoin d'aide pour l'analyse d'Hijackthis

besoin d'aide pour l'analyse d'Hijackthis

besoin d'aide pour l'analyse d'Hijackthis

besoin d'aide pour l'analyse d'Hijackthis

besoin d'aide pour l'analyse d'Hijackthis

besoin d'aide pour l'analyse d'Hijackthis

besoin d'aide pour l'analyse d'Hijackthis

besoin d'aide pour l'analyse d'Hijackthis

besoin d'aide pour l'analyse d'Hijackthis

Zebulon

Outils en ligne

Naviguer