Meato

Membres

Afficher le profil Afficher son activité

Compteur de contenus
9
Inscription
le 7 août 2006
Dernière visite
le 1 octobre 2006

Autres informations

Mes langues
Francais

Meato's Achievements

Junior Member (3/12)

Réputation sur la communauté

Lenteur démarrage XP 5mn

Meato a posté un sujet dans Optimisation, Trucs & Astuces

Le temps de démarrage est passé de 2mn à 5mn. Je ne comprends pas pourquoi. Config Pentium 4 2.53Gz, 1Mo, 2 DD 120Mo, Ati 9800. Après démarage les performances correctes. Depuis environ 15 jours. Pas de d'install particulières qui expliquerait, sauf peut être Nero 7. Nettoyage, purge, défragmentation sans résultats. Occupation DD=25%. Pas d'infection. Beaucoup de programes au démarrage : 17 dans démarrage et 77 dans services. 54 process dansl e gestionnaire de taches. Je joins un log Hijackthis. Merci de votre aide. C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe C:\PROGRA~1\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\WINDOWS\system32\bgswitch.exe C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\Shove-it\Shove-it.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Maxthon\Maxthon.exe C:\Documents and Settings\JM\Mes documents\_Télécharg\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Shove-it.lnk = C:\Program Files\Shove-it\Shove-it.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...wlscbase969.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F56E1F92-C662-453C-80A6-6B5596A70CA6}: NameServer = 84.103.237.145 86.64.145.145 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0787.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0787.00.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR1\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR1\RpcSandraSrv.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\Symantec Shared\Script Blocking\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.EXE O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
- le 18 septembre 2006
- 4 réponses
winpsa32 et rapport HijackThis

Meato a répondu à un(e) sujet de Meato dans Analyses et éradication malwares

Pas de dysfonctionnment avec les 20 logiciels que j'utilise le plus souvent. Il existe un fichier lido.ocx dans le dossier windows. Que faire du lido.dll sur le bureau ?
- le 10 août 2006
- 14 réponses
winpsa32 et rapport HijackThis

Meato a répondu à un(e) sujet de Meato dans Analyses et éradication malwares

Voila le rapport : Service load: 0% 100% File: lido.dll Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) MD5 f3d6a8214ed7c19ae788871ec6fdafef Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VirusBuster Found nothing VBA32 Found nothing
- le 10 août 2006
- 14 réponses
winpsa32 et rapport HijackThis

Meato a répondu à un(e) sujet de Meato dans Analyses et éradication malwares

Ta réponse m'a bluffé. Je suis aussi impressionné par ton savoir Voici les deux rapports : (((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log ))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\SYSTEM32\AWTST.DLL C:\WINDOWS\SYSTEM32\TSTWA.INI * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * C:\WINDOWS\SYSTEM32\TSTWA.INI 18:53:03.82 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-07-28 01:32:24 40973 ( ..SH. ) "C:\WINDOWS\system32\ddcaxwu.dll" 2006-07-27 16:46:32 1265664 ( A.... ) "C:\WINDOWS\lido.dll" 2006-07-27 16:46:26 ( .D... ) "C:\Program Files\vahelp" 2006-07-27 16:44:48 461 ( A.... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\spell.cfg" 2006-07-27 16:36:40 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\hm" 2006-07-27 15:26:20 679424 ( A.... ) "C:\WINDOWS\system32\inetcomm.dll" 2006-07-25 13:10:30 25992 ( A.... ) "C:\WINDOWS\system32\pgdfgsvc.exe" 2006-07-24 18:20:44 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\aignes" 2006-07-23 14:34:00 90112 ( A.... ) "C:\WINDOWS\Updreg.EXE" 2006-07-22 21:56:22 6480 ( A.... ) "C:\WINDOWS\movexe.exe" 2006-07-22 21:56:04 ( .D... ) "C:\Program Files\Shove-it" 2006-07-22 20:30:32 ( .D... ) "C:\Program Files\Fichiers communs\Raxco" 2006-07-22 20:29:40 ( .D... ) "C:\Program Files\RAXCO" 2006-07-22 17:07:42 34308 ( A.... ) "C:\WINDOWS\system32\BASSMOD.dll" 2006-07-22 14:25:16 ( .D... ) "C:\Program Files\Fichiers communs\Corel" 2006-07-22 14:25:16 ( .D... ) "C:\Program Files\Corel" 2006-07-22 12:11:02 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\Help" 2006-07-21 10:27:28 72704 ( A.... ) "C:\WINDOWS\system32\hlink.dll" 2006-07-14 17:41:06 332288 ( A.... ) "C:\WINDOWS\system32\netapi32.dll" 2006-07-13 15:36:02 8509952 ( A.... ) "C:\WINDOWS\system32\shell32.dll" 2006-07-05 12:56:38 1049088 ( A.... ) "C:\WINDOWS\system32\kernel32.dll" 2006-06-26 19:41:32 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll" 2006-06-26 19:41:32 8192 ( A.... ) "C:\WINDOWS\system32\rasadhlp.dll" 2006-06-22 16:08:52 ( .D... ) "C:\Program Files\Praxisoft" 2006-06-20 19:16:50 48268 ( A.... ) "C:\WINDOWS\system32\ptoys-uninst.exe" 2006-06-20 13:07:04 7314334 ( A.... ) "C:\WINDOWS\system32\WinTemp20584.exe" 2006-06-20 12:03:46 ( .D... ) "C:\Program Files\Ahead" 2006-06-20 10:07:44 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\ArcSoft" 2006-06-20 10:06:34 ( .D... ) "C:\Program Files\ArcSoft" 2006-06-19 20:56:58 ( .D... ) "C:\Program Files\Alcohol Soft" 2006-06-19 20:25:58 ( .D... ) "C:\Program Files\Tap'Touche 5" 2006-06-19 19:52:14 ( .D... ) "C:\Program Files\Microsoft Reference" 2006-06-19 18:52:38 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\vlc" 2006-06-19 18:51:20 ( .D... ) "C:\Program Files\VideoLAN" 2006-06-19 17:56:24 ( .D... ) "C:\Program Files\xp-AntiSpy" 2006-06-19 17:23:08 ( .D... ) "C:\Program Files\Microsoft Bootvis" 2006-06-19 17:17:20 ( .D... ) "C:\Program Files\PerformanceTest 5.0" 2006-06-19 17:10:42 ( .D... ) "C:\Program Files\SiSoftware" 2006-06-19 17:07:22 ( .D... ) "C:\Program Files\Lavalys" 2006-06-19 17:04:54 ( .D... ) "C:\Program Files\TuneUp Utilities 2006" 2006-06-19 17:04:54 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\TuneUp Software" 2006-06-19 16:56:30 ( .D... ) "C:\Program Files\MP3Gain" 2006-06-19 16:53:48 ( .D... ) "C:\Program Files\CDex_150" 2006-06-19 16:41:26 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\Media Player Classic" 2006-06-19 16:41:20 ( .D... ) "C:\Program Files\Media Player Classic" 2006-06-19 16:35:22 ( .D... ) "C:\Program Files\K-Lite Codec Pack" 2006-06-19 16:35:22 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\Real" 2006-06-19 16:21:38 ( .D... ) "C:\Program Files\SimpleCopier" 2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll" 2006-06-19 16:08:26 ( .D... ) "C:\Program Files\Acro Software" 2006-06-19 16:07:26 ( .D... ) "C:\Program Files\GNUGS" 2006-06-19 16:02:00 ( .D... ) "C:\Program Files\Fichiers communs\Nikon" 2006-06-19 16:01:32 ( .D... ) "C:\Program Files\Microsoft Digital Image 2006" 2006-06-19 15:50:40 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\CyberLink" 2006-06-19 15:45:10 ( .D... ) "C:\Program Files\CyberLink" 2006-06-19 15:12:40 ( .D... ) "C:\Program Files\Canon" 2006-06-19 12:54:38 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\ACD Systems" 2006-06-19 12:51:38 ( .D... ) "C:\Program Files\Fichiers communs\ACD Systems" 2006-06-19 12:51:38 ( .D... ) "C:\Program Files\ACD Systems" 2006-06-19 12:20:50 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\EPSON" 2006-06-19 12:16:16 3766 ( A.SH. ) "C:\WINDOWS\system32\KGyGaAvL.sys" 2006-06-19 12:16:14 56 ( ..SHR ) "C:\WINDOWS\system32\CC8D00D81E.sys" 2006-06-19 11:59:58 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\Corel" 2006-06-19 11:40:42 ( .D... ) "C:\Program Files\Spybot - Search & Destroy" 2006-06-19 11:25:20 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\Lavasoft" 2006-06-19 11:23:20 ( .D... ) "C:\Program Files\Lavasoft" 2006-06-19 09:43:28 ( .D... ) "C:\Program Files\Maxthon" 2006-06-18 18:36:04 ( .D... ) "C:\Program Files\RegSupreme Pro" 2006-06-18 14:55:32 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\Ahead" 2006-06-18 14:54:00 ( .D... ) "C:\Program Files\Fichiers communs\Ahead" 2006-06-18 14:38:14 ( .D... ) "C:\Program Files\Nero" 2006-06-18 14:17:12 ( .D... ) "C:\Program Files\Siber Systems" 2006-06-18 14:09:36 ( .D... ) "C:\Program Files\DVDInfoPro" 2006-06-18 14:02:50 ( .D... ) "C:\Program Files\CDCheck" 2006-06-18 13:56:48 ( .D... ) "C:\Program Files\Common Files" 2006-06-18 13:56:44 ( .D... ) "C:\Program Files\UltraISO" 2006-06-18 13:42:00 ( .D... ) "C:\Program Files\Lupas Rename 2000" 2006-06-18 13:14:42 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\Leadertech" 2006-06-18 13:14:04 ( .D... ) "C:\Program Files\Palm" 2006-06-18 12:47:26 ( .D... ) "C:\Program Files\WhereIsIt" 2006-06-18 12:08:24 ( .D... ) "C:\Program Files\WinRAR" 2006-06-17 14:29:14 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\IsolatedStorage" 2006-06-17 12:49:04 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\ATI" 2006-06-17 11:52:28 ( .D... ) "C:\Program Files\OfficeUpdate11" 2006-06-17 11:13:24 ( .D... ) "C:\Program Files\Windows Media Connect 2" 2006-06-17 00:23:02 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\Macromedia" 2006-06-16 23:28:52 ( .D... ) "C:\Program Files\Fichiers communs\FTL Shared" 2006-06-16 23:28:50 ( .D... ) "C:\Program Files\Friendly Technologies" 2006-06-16 23:28:44 ( .D... ) "C:\Program Files\Kit ADSL" 2006-06-16 22:56:26 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\Symantec" 2006-06-16 22:55:46 ( .D... ) "C:\Program Files\Symantec" 2006-06-16 22:55:38 ( .D... ) "C:\Program Files\Fichiers communs\Symantec Shared" 2006-06-16 22:52:50 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\AdobeUM" 2006-06-16 22:52:16 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\Adobe" 2006-06-16 22:47:30 ( .D... ) "C:\Program Files\Fichiers communs\Adobe" 2006-06-16 22:46:26 ( .D... ) "C:\Program Files\Adobe" 2006-06-16 22:36:30 ( .D... ) "C:\Program Files\Microsoft Money 2005" 2006-06-16 22:25:18 ( .D... ) "C:\Program Files\Microsoft.NET" 2006-06-16 22:24:46 ( .D... ) "C:\Program Files\Fichiers communs\DESIGNER" 2006-06-16 22:24:44 ( .D... ) "C:\Program Files\Microsoft Works" 2006-06-16 22:24:40 ( .D... ) "C:\Program Files\Microsoft Visual Studio" 2006-06-16 22:24:28 ( .D... ) "C:\Program Files\Microsoft Office" 2006-06-16 22:19:12 ( .D... ) "C:\Program Files\CONEXANT" 2006-06-16 22:13:36 ( .D... ) "C:\Program Files\Creative" 2006-06-16 22:09:54 ( .D... ) "C:\Program Files\Microsoft IntelliType Pro" 2006-06-16 22:09:20 ( .D... ) "C:\Program Files\Microsoft IntelliType Pro 5.5" 2006-06-16 21:49:56 ( .D... ) "C:\Program Files\Fichiers communs\ODBC" 2006-06-16 21:49:54 ( .D... ) "C:\Program Files\Fichiers communs\SpeechEngines" 2006-06-16 21:49:54 ( .D... ) "C:\Program Files\Fichiers communs\Microsoft Shared" 2006-06-16 21:49:54 ( .D... ) "C:\Program Files\Fichiers communs" 2006-06-16 21:49:30 62 ( A.SH. ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\desktop.ini" 2006-06-16 21:24:34 ( .D... ) "C:\Program Files\Intel" 2006-06-16 21:24:06 ( .D.H. ) "C:\Program Files\InstallShield Installation Information" 2006-06-16 21:23:56 ( .D... ) "C:\Program Files\Fichiers communs\InstallShield" 2006-06-16 20:09:22 ( .D... ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\Identities" 2006-06-16 20:09:20 ( .D.H. ) "C:\Program Files\Uninstall Information" 2006-06-16 20:09:14 ( .DS.. ) "C:\Documents and Settings\Jean-Marie BLAYA\Application Data\Microsoft" 2006-06-16 20:04:00 ( .D... ) "C:\Program Files\xerox" 2006-06-16 20:04:00 ( .D... ) "C:\Program Files\microsoft frontpage" 2006-06-16 20:03:40 0 ( A.... ) "C:\AUTOEXEC.BAT" 2006-06-16 20:02:18 ( .D.H. ) "C:\Program Files\WindowsUpdate" 2006-06-16 20:02:16 ( .D... ) "C:\Program Files\Services en ligne" 2006-06-16 20:01:26 ( .D... ) "C:\Program Files\Fichiers communs\Services" 2006-06-16 20:01:22 ( .D... ) "C:\Program Files\Fichiers communs\MSSoap" 2006-06-16 20:01:08 ( .D... ) "C:\Program Files\Movie Maker" 2006-06-16 20:00:54 ( .D... ) "C:\Program Files\NetMeeting" 2006-06-16 20:00:48 ( .D... ) "C:\Program Files\Outlook Express" 2006-06-16 20:00:42 ( .D... ) "C:\Program Files\Internet Explorer" 2006-06-16 20:00:42 ( .D... ) "C:\Program Files\Fichiers communs\System" 2006-06-16 20:00:06 ( .D... ) "C:\Program Files\ComPlus Applications" 2006-06-16 19:59:52 ( .D... ) "C:\Program Files\Windows Media Player" 2006-06-16 19:59:52 ( .D... ) "C:\Program Files\Online Services" 2006-06-16 19:59:48 ( .D... ) "C:\Program Files\Messenger" 2006-06-16 19:59:42 ( .D... ) "C:\Program Files\MSN Gaming Zone" 2006-06-16 19:59:08 ( .D... ) "C:\Program Files\MSN" 2006-06-16 19:59:06 ( .D... ) "C:\Program Files\Windows NT" 2006-06-06 12:37:54 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll" 2006-05-19 15:23:36 112128 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll" 2006-05-19 15:23:36 95744 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll" 2006-05-10 02:51:14 269824 ( A.... ) "C:\WINDOWS\system32\Audiodev.dll" 2006-05-10 02:51:10 7767040 ( A.... ) "C:\WINDOWS\system32\wmploc.dll" 2006-05-10 02:19:46 3750912 ( ..... ) "C:\WINDOWS\system32\WpdShext.dll" 2006-05-10 02:19:42 97792 ( A.... ) "C:\WINDOWS\system32\wmpshell.dll" 2006-05-10 02:19:26 260608 ( A.... ) "C:\WINDOWS\system32\wmerror.dll" 2006-05-10 02:18:16 7680 ( A.... ) "C:\WINDOWS\system32\asferror.dll" 2006-05-09 22:36:46 6656 ( A.... ) "C:\WINDOWS\system32\WdfMgr.exe" 2006-05-09 22:36:46 6656 ( A.... ) "C:\WINDOWS\system32\uWDF.exe" 2006-05-09 22:26:34 1641472 ( A.... ) "C:\WINDOWS\system32\wmpencen.dll" 2006-05-09 22:26:34 1280000 ( A.... ) "C:\WINDOWS\system32\WMSPDMOE.dll" 2006-05-09 22:26:34 1063424 ( A.... ) "C:\WINDOWS\system32\WMADMOE.dll" 2006-05-09 22:26:34 992256 ( A.... ) "C:\WINDOWS\system32\WMNetMgr.dll" 2006-05-09 22:26:34 705024 ( A.... ) "C:\WINDOWS\system32\WMADMOD.dll" 2006-05-09 22:26:34 564736 ( A.... ) "C:\WINDOWS\system32\WMSPDMOD.dll" 2006-05-09 22:26:34 433152 ( ..... ) "C:\WINDOWS\system32\wmpeffects.dll" 2006-05-09 22:26:34 417280 ( A.... ) "C:\WINDOWS\system32\wmdrmdev.dll" 2006-05-09 22:26:34 337408 ( A.... ) "C:\WINDOWS\system32\wmdrmnet.dll" 2006-05-09 22:26:34 306688 ( A.... ) "C:\WINDOWS\system32\MSWMDM.dll" 2006-05-09 22:26:34 301056 ( A.... ) "C:\WINDOWS\system32\wmpdxm.dll" 2006-05-09 22:26:34 237056 ( A.... ) "C:\WINDOWS\system32\wmpasf.dll" 2006-05-09 22:26:34 221696 ( A.... ) "C:\WINDOWS\system32\wmasf.dll" 2006-05-09 22:26:34 219648 ( A.... ) "C:\WINDOWS\system32\CEWMDM.dll" 2006-05-09 22:26:34 212480 ( A.... ) "C:\WINDOWS\system32\msnetobj.dll" 2006-05-09 22:26:34 203776 ( A.... ) "C:\WINDOWS\system32\wmpsrcwp.dll" 2006-05-09 22:26:34 201728 ( A.... ) "C:\WINDOWS\system32\qasf.dll" 2006-05-09 22:26:34 165376 ( A.... ) "C:\WINDOWS\system32\MsPMSP.dll" 2006-05-09 22:26:34 155136 ( A.... ) "C:\WINDOWS\system32\wmidx.dll" 2006-05-09 22:26:34 135680 ( ..... ) "C:\WINDOWS\system32\wmpps.dll" 2006-05-09 22:26:34 36864 ( A.... ) "C:\WINDOWS\system32\WMDMPS.dll" 2006-05-09 22:26:34 31744 ( A.... ) "C:\WINDOWS\system32\WMDMLOG.dll" 2006-05-09 22:26:34 26112 ( A.... ) "C:\WINDOWS\system32\MsPMSNSv.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmvdmoe2.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmvdmod.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\WMVADVE.DLL" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\WMVADVD.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmsdmoe2.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmsdmod.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wdfApi.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\MPG4DMOD.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\MP4SDMOD.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\MP43DMOD.dll" 2006-05-09 22:26:32 9728 ( A.... ) "C:\WINDOWS\system32\LAPRXY.dll" 2006-05-09 22:22:32 2463744 ( A.... ) "C:\WINDOWS\system32\wmvcore.dll" 2006-05-09 21:02:02 84480 ( A.... ) "C:\WINDOWS\system32\logagent.exe" 2006-05-09 21:01:06 1463808 ( ..... ) "C:\WINDOWS\system32\WMVDECOD.dll" 2006-05-09 21:01:06 1359360 ( ..... ) "C:\WINDOWS\system32\WMVSDECD.dll" 2006-05-09 21:00:58 1455616 ( ..... ) "C:\WINDOWS\system32\WMVENCOD.dll" 2006-05-09 21:00:58 770560 ( ..... ) "C:\WINDOWS\system32\WMVSENCD.dll" 2006-05-09 21:00:58 299520 ( ..... ) "C:\WINDOWS\system32\MP4SDECD.dll" 2006-05-09 21:00:58 241152 ( ..... ) "C:\WINDOWS\system32\MPG4DECD.dll" 2006-05-09 21:00:56 636928 ( ..... ) "C:\WINDOWS\system32\WMVXENCD.dll" 2006-05-09 21:00:56 241152 ( ..... ) "C:\WINDOWS\system32\MP43DECD.dll" 2006-05-09 21:00:22 546816 ( ..... ) "C:\WINDOWS\system32\wmpmde.dll" 2006-05-09 21:00:08 382976 ( ..... ) "C:\WINDOWS\system32\MFPLAT.dll" 2006-05-09 21:00:02 1350656 ( A.... ) "C:\WINDOWS\system32\drmv2clt.dll" 2006-05-09 20:59:34 513536 ( ..... ) "C:\WINDOWS\system32\wmdrmsdk.dll" 2006-05-09 20:59:20 417280 ( A.... ) "C:\WINDOWS\system32\MSSCP.dll" 2006-05-09 20:59:18 229376 ( ..... ) "C:\WINDOWS\system32\drmupgds.exe" 2006-05-09 20:59:14 585216 ( A.... ) "C:\WINDOWS\system32\blackbox.dll" 2006-05-09 20:58:54 52224 ( ..... ) "C:\WINDOWS\system32\WPDShServiceObj.dll" 2006-05-09 20:58:54 13824 ( ..... ) "C:\WINDOWS\system32\wpdshextautoplay.exe" 2006-05-09 20:58:50 670208 ( A.... ) "C:\WINDOWS\system32\wpd_ci.dll" 2006-05-09 20:58:50 103424 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWiaCompat.dll" 2006-05-09 20:58:48 345600 ( ..... ) "C:\WINDOWS\system32\PortableDeviceApi.dll" 2006-05-09 20:58:48 188928 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWMDRM.dll" 2006-05-09 20:58:48 101376 ( ..... ) "C:\WINDOWS\system32\PortableDeviceClassExtension.dll" 2006-05-09 20:58:46 343552 ( A.... ) "C:\WINDOWS\system32\WPDSp.dll" 2006-05-09 20:58:40 144896 ( A.... ) "C:\WINDOWS\system32\wpdmtp.dll" 2006-05-09 20:58:40 55808 ( A.... ) "C:\WINDOWS\system32\wpdmtpus.dll" 2006-05-09 20:58:40 35840 ( A.... ) "C:\WINDOWS\system32\wpdconns.dll" 2006-05-09 20:58:38 168960 ( ..... ) "C:\WINDOWS\system32\PortableDeviceTypes.dll" 2006-05-09 20:58:38 13312 ( A.... ) "C:\WINDOWS\system32\wpdtrace.dll" 2006-05-09 20:57:06 11264 ( ..... ) "C:\WINDOWS\system32\ehETW.dll" 2006-05-09 20:45:20 304640 ( ..... ) "C:\WINDOWS\system32\MSDelta.dll" 2006-05-09 20:00:48 22752 ( A.... ) "C:\WINDOWS\system32\spupdsvc.exe" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-08-07 19:04 53ÿ248 C:\WINDOWS\system32\Process.exe 2006-08-07 19:04 42ÿ496 C:\WINDOWS\system32\swreg.exe 2006-08-07 19:04 40ÿ960 C:\WINDOWS\system32\swsc.exe 2006-08-07 19:04 288ÿ417 C:\WINDOWS\system32\SrchSTS.exe 2006-07-28 01:32 40ÿ973 C:\WINDOWS\system32\ddcaxwu.dll 2006-07-27 16:35 1ÿ265ÿ664 C:\WINDOWS\lido.dll 2006-07-26 12:13 371ÿ424 C:\WINDOWS\system32\updspapi.dll 2006-07-25 13:10 25ÿ992 C:\WINDOWS\system32\pgdfgsvc.exe 2006-07-24 15:34 91ÿ904 C:\WINDOWS\system32\S32EVNT1.DLL (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SymNetDrv\\SNDMon.exe /Consumer" "POINTER"="C:\\Program Files\\Microsoft Hardware\\Mouse\\point32.exe" "NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroCheck.exe" "itype"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\"" "IS CfgWiz"="C:\\Program Files\\Norton Internet Security\\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE \"REBOOT\"" "diagent"="\"C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1036" "ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\"" "BackgroundSwitcher"="C:\\WINDOWS\\system32\\bgswitch.exe" "%FP%Friendly fts.exe"="\"C:\\Program Files\\Friendly Technologies\\BroadbandAccess\\fts.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz" "FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex] "flags"=dword:00000008 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "ishost.exe"="ishost.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "{6C1A9C19-09DC-1036-0923-030212310021}"="\"C:\\Program Files\\Fichiers communs\\{6C1A9C19-09DC-1036-0923-030212310021}\\Update.exe\" mc-110-12-0000272" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000004 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,55,00,00,00,00,00,00,00,ab,04,00,00,c6,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=dword:40000004 "OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "UpdReg"="C:\\WINDOWS\\UpdReg.EXE" "Norton Ghost 9.0"="C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\Agent\\GhostTray.exe" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system DisableRegistryTools REG_DWORD 0 (0x0) Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Maintenance en 1 clic.job C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur - Jean-Marie BLAYA.job C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job C:\WINDOWS\tasks\Symantec Drmc.job C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\SyncBackSE _Groupe Sauvegarde.job Completion time: 09/08/2006 18:53:18.26 ComboFix ver 06.07.15/29 - This logfile is located at C:\ComboFix.txt Logfile of HijackThis v1.99.1 Scan saved at 18:59:37, on 09/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cscript.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\system32\bgswitch.exe C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\Shove-it\Shove-it.exe C:\Documents and Settings\Jean-Marie BLAYA\Mes documents\_Télécharg\Virus\hijackthis\Copie de HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {06D15D86-41D7-469B-9496-4B248525ACE6} - C:\WINDOWS\system32\awtst.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe /Consumer O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [iS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe" O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Shove-it.lnk = C:\Program Files\Shove-it\Shove-it.exe O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150495822421 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0787.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0787.00.dll O20 - Winlogon Notify: awtst - C:\WINDOWS\system32\awtst.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR1\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR1\RpcSandraSrv.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\Script Blocking\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.EXE O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
- le 9 août 2006
- 14 réponses
winpsa32 et rapport HijackThis

Meato a répondu à un(e) sujet de Meato dans Analyses et éradication malwares

Je pensais que c'était fini. Voici le rapport scanner.exe Logfile of HijackThis v1.99.1 Scan saved at 23:23:44, on 08/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\system32\bgswitch.exe C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\Shove-it\Shove-it.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\System32\alg.exe D:\eMule\emule.exe C:\Program Files\Microsoft Money 2005\MNYCoreFiles\mnybbsvc.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Maxthon\Maxthon.exe C:\Documents and Settings\Jean-Marie BLAYA\Mes documents\_Télécharg\Virus\hijackthis\Scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {34424C77-66E6-4432-AC24-8D505E6D6E26} - C:\WINDOWS\system32\awtst.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe /Consumer O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [iS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe" O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Shove-it.lnk = C:\Program Files\Shove-it\Shove-it.exe O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150495822421 O17 - HKLM\System\CCS\Services\Tcpip\..\{F56E1F92-C662-453C-80A6-6B5596A70CA6}: NameServer = 86.64.145.146 84.103.237.146 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0787.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0787.00.dll O20 - Winlogon Notify: awtst - C:\WINDOWS\system32\awtst.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR1\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR1\RpcSandraSrv.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\Script Blocking\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.EXE O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe Je pensais que c'était fini. Voici le rapport scanner.exe Logfile of HijackThis v1.99.1 Scan saved at 23:23:44, on 08/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\system32\bgswitch.exe C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\Shove-it\Shove-it.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\System32\alg.exe D:\eMule\emule.exe C:\Program Files\Microsoft Money 2005\MNYCoreFiles\mnybbsvc.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Maxthon\Maxthon.exe C:\Documents and Settings\Jean-Marie BLAYA\Mes documents\_Télécharg\Virus\hijackthis\Scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {34424C77-66E6-4432-AC24-8D505E6D6E26} - C:\WINDOWS\system32\awtst.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe /Consumer O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [iS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe" O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Shove-it.lnk = C:\Program Files\Shove-it\Shove-it.exe O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150495822421 O17 - HKLM\System\CCS\Services\Tcpip\..\{F56E1F92-C662-453C-80A6-6B5596A70CA6}: NameServer = 86.64.145.146 84.103.237.146 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0787.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0787.00.dll O20 - Winlogon Notify: awtst - C:\WINDOWS\system32\awtst.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR1\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR1\RpcSandraSrv.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\Script Blocking\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.EXE O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
- le 8 août 2006
- 14 réponses
winpsa32 et rapport HijackThis

Meato a répondu à un(e) sujet de Meato dans Analyses et éradication malwares

Erreur de manip
- le 8 août 2006
- 14 réponses
winpsa32 et rapport HijackThis

Meato a répondu à un(e) sujet de Meato dans Analyses et éradication malwares

Alors là je dis Chapeau. Respect à Malekal_morte. Voici les deux rapports. Je pense que les problèmes sont réglés. VundoFix V5.1.7 Running as SYSTEM from c:\windows\system32\VundoFix.exe Checking Java version... Sun Java not detected Scan started at 18:09:04 08/08/2006 Listing files found while scanning.... No infected files were found. Beginning removal... --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 17:59:12 08/08/2006 + Scan result: C:\Documents and Settings\Jean-Marie BLAYA\Cookies\jean-marie blaya@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined). C:\Documents and Settings\Jean-Marie BLAYA\Cookies\jean-marie [email protected][1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined). C:\Documents and Settings\Jean-Marie BLAYA\Cookies\jean-marie [email protected][1].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined). C:\Documents and Settings\Jean-Marie BLAYA\Cookies\jean-marie blaya@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined). C:\Documents and Settings\Jean-Marie BLAYA\Cookies\jean-marie blaya@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). C:\Documents and Settings\Jean-Marie BLAYA\Cookies\jean-marie blaya@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup (quarantined). C:\Documents and Settings\Jean-Marie BLAYA\Cookies\jean-marie blaya@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined). C:\Documents and Settings\Jean-Marie BLAYA\Cookies\jean-marie blaya@weborama[1].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined). C:\Documents and Settings\Jean-Marie BLAYA\Cookies\jean-marie [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). C:\Documents and Settings\Jean-Marie BLAYA\Local Settings\Temporary Internet Files\Content.IE5\8HMJKP2R\srvtvf[1].exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined). C:\WINDOWS\system32\cool.exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined). ::Report end
- le 8 août 2006
- 14 réponses
winpsa32 et rapport HijackThis

Meato a répondu à un(e) sujet de Meato dans Analyses et éradication malwares

Merci de ta réponse rapide. Voici le résultat de Chercher.cmd J'espère que les nombreux éléments trouvés ne sont pas malveillants. C:\WINDOWS\System32\tstwa.ini -->07/08/2006 21:15:32 C:\WINDOWS\System32\url.dat -->07/08/2006 21:12:28 C:\WINDOWS\System32\cool.exe -->07/08/2006 19:26:23 C:\WINDOWS\System32\wpa.dbl -->07/08/2006 18:29:03 C:\WINDOWS\System32\awtst.dll -->28/07/2006 01:37:53 C:\WINDOWS\System32\ddcaxwu.dll -->28/07/2006 01:32:23 C:\WINDOWS\System32\winpsa32.dll -->28/07/2006 01:32:19 C:\WINDOWS\System32\perfh00C.dat -->26/07/2006 11:46:25 C:\WINDOWS\System32\perfh009.dat -->26/07/2006 11:46:25 C:\WINDOWS\System32\perfc00C.dat -->26/07/2006 11:46:25 C:\WINDOWS\System32\perfc009.dat -->26/07/2006 11:46:25 C:\WINDOWS\System32\PerfStringBackup.INI -->26/07/2006 11:46:24 C:\WINDOWS\System32\pgdfgsvc.exe -->25/07/2006 13:10:28 C:\WINDOWS\System32\LuResult.txt -->24/07/2006 15:48:41 C:\WINDOWS\System32\BASSMOD.dll -->22/07/2006 17:07:40 C:\WINDOWS\System32\nscompat.tlb -->22/07/2006 12:38:43 C:\WINDOWS\System32\amcompat.tlb -->22/07/2006 12:38:43 C:\WINDOWS\System32\MRT.exe -->07/07/2006 03:21:46 C:\WINDOWS\System32\d3d8caps.dat -->30/06/2006 15:41:23 C:\WINDOWS\System32\d3d9caps.dat -->27/06/2006 18:54:30 C:\WINDOWS\System32\ptoys-uninst.exe -->20/06/2006 19:16:48 C:\WINDOWS\System32\WinTemp20584.exe -->20/06/2006 13:07:02 C:\WINDOWS\System32\FNTCACHE.DAT -->19/06/2006 20:59:18 C:\WINDOWS\System32\WgaLogon.dll -->19/06/2006 16:20:42 C:\WINDOWS\System32\LegitCheckControl.dll -->19/06/2006 16:19:42 C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt -->07/08/2006 21:15:37 C:\WINDOWS\wmsetup.log -->07/08/2006 21:12:25 C:\WINDOWS\WindowsUpdate.log -->07/08/2006 21:12:25 C:\WINDOWS\NeroDigital.ini -->07/08/2006 20:13:49 C:\WINDOWS\wiadebug.log -->07/08/2006 20:11:49 C:\WINDOWS\0.log -->07/08/2006 18:27:46 C:\WINDOWS\wiaservc.log -->07/08/2006 18:27:25 C:\WINDOWS\bootstat.dat -->07/08/2006 18:26:36 C:\WINDOWS\ntbtlog.txt -->07/08/2006 17:49:10 C:\WINDOWS\SchedLgU.Txt -->07/08/2006 17:38:19 C:\WINDOWS\boxworld.ini -->05/08/2006 22:56:31 C:\WINDOWS\setupact.log -->28/07/2006 00:39:04 C:\WINDOWS\CDPLAYER.INI -->27/07/2006 18:33:20 C:\WINDOWS\lidu.lx -->27/07/2006 16:46:33 C:\WINDOWS\lidq.lx -->27/07/2006 16:46:33 Le volume dans le lecteur C s'appelle Dali Le numéro de série du volume est 6C1A-9C19 Répertoire de C:\WINDOWS\system32 04/08/2004 01:54 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 39 314 120 704 octets libres Le volume dans le lecteur C s'appelle Dali Le numéro de série du volume est 6C1A-9C19 Répertoire de C:\Program Files 07/08/2006 18:26 <REP> . 07/08/2006 18:26 <REP> .. 22/07/2006 17:07 <REP> 2BrightSparks 19/06/2006 12:51 <REP> ACD Systems 19/06/2006 16:08 <REP> Acro Software 16/06/2006 22:46 <REP> Adobe 20/06/2006 12:03 <REP> Ahead 19/06/2006 20:56 <REP> Alcohol Soft 20/06/2006 10:06 <REP> ArcSoft 24/06/2006 13:29 <REP> ATI Technologies 19/06/2006 15:17 <REP> Canon 18/06/2006 14:04 <REP> CDCheck 26/06/2006 23:08 <REP> CDex_150 18/06/2006 13:56 <REP> Common Files 16/06/2006 20:00 <REP> ComPlus Applications 17/06/2006 11:10 <REP> CONEXANT 22/07/2006 14:25 <REP> Corel 16/06/2006 22:14 <REP> Creative 19/06/2006 15:45 <REP> CyberLink 22/07/2006 17:32 <REP> DAEMON Tools 18/06/2006 14:09 <REP> DVDInfoPro 26/07/2006 13:27 <REP> Easy CD-DA Extractor 9 07/08/2006 19:21 <REP> ewido anti-spyware 4.0 07/08/2006 18:26 <REP> Fichiers communs 16/06/2006 23:28 <REP> Friendly Technologies 19/06/2006 16:07 <REP> GNUGS 25/07/2006 12:52 <REP> Intel 17/06/2006 11:11 <REP> Internet Explorer 22/07/2006 16:43 <REP> K-Lite Codec Pack 16/06/2006 23:28 <REP> Kit ADSL 19/06/2006 17:07 <REP> Lavalys 19/06/2006 11:23 <REP> Lavasoft 18/06/2006 13:42 <REP> Lupas Rename 2000 19/06/2006 09:43 <REP> Maxthon 26/06/2006 23:08 <REP> Media Player Classic 17/06/2006 11:03 <REP> Messenger 24/07/2006 21:10 <REP> Microsoft Bootvis 19/06/2006 16:04 <REP> Microsoft Digital Image 2006 16/06/2006 20:03 <REP> microsoft frontpage 30/06/2006 17:26 <REP> Microsoft Hardware 30/06/2006 17:08 <REP> Microsoft IntelliPoint 4.12 30/06/2006 17:24 <REP> Microsoft IntelliPoint 5.5 16/06/2006 22:09 <REP> Microsoft IntelliType Pro 16/06/2006 22:09 <REP> Microsoft IntelliType Pro 5.5 22/07/2006 16:53 <REP> Microsoft Money 2005 22/07/2006 11:27 <REP> Microsoft Office 19/06/2006 19:52 <REP> Microsoft Reference 16/06/2006 22:24 <REP> Microsoft Visual Studio 16/06/2006 22:29 <REP> Microsoft Works 16/06/2006 22:25 <REP> Microsoft.NET 16/06/2006 20:01 <REP> Movie Maker 19/06/2006 16:59 <REP> MP3Gain 16/06/2006 19:59 <REP> MSN 16/06/2006 19:59 <REP> MSN Gaming Zone 24/07/2006 16:44 <REP> MSN Messenger 18/06/2006 14:53 <REP> Nero 16/06/2006 20:01 <REP> NetMeeting 03/08/2006 12:37 <REP> Norton Internet Security 07/08/2006 17:29 <REP> Norton SystemWorks 25/07/2006 13:41 <REP> OfficeUpdate11 16/06/2006 19:59 <REP> Online Services 17/06/2006 10:59 <REP> Outlook Express 18/06/2006 13:25 <REP> Palm 24/07/2006 23:40 <REP> PerformanceTest 23/06/2006 18:14 <REP> PerformanceTest 5.0 22/06/2006 16:08 <REP> Praxisoft 22/07/2006 20:30 <REP> RAXCO 18/06/2006 18:38 <REP> RegSupreme Pro 16/06/2006 20:02 <REP> Services en ligne 22/07/2006 21:58 <REP> Shove-it 18/06/2006 14:17 <REP> Siber Systems 19/06/2006 16:21 <REP> SimpleCopier 19/06/2006 17:10 <REP> SiSoftware 19/06/2006 11:46 <REP> Spybot - Search & Destroy 24/07/2006 16:10 <REP> Symantec 24/07/2006 16:09 <REP> SymNetDrv 23/06/2006 10:07 <REP> Tap'Touche 5 21/07/2006 23:13 <REP> TuneUp Utilities 2006 18/06/2006 13:59 <REP> UltraISO 27/07/2006 16:46 <REP> vahelp 19/06/2006 18:51 <REP> VideoLAN 18/06/2006 12:49 <REP> WhereIsIt 17/06/2006 11:13 <REP> Windows Media Connect 2 22/07/2006 12:38 <REP> Windows Media Player 16/06/2006 19:59 <REP> Windows NT 18/06/2006 12:18 <REP> WinRAR 16/06/2006 20:03 <REP> xerox 19/06/2006 17:56 <REP> xp-AntiSpy 23/07/2006 18:54 <REP> YourWare Solutions 0 fichier(s) 0 octets 89 Rép(s) 39 314 116 608 octets libres Le volume dans le lecteur C s'appelle Dali Le numéro de série du volume est 6C1A-9C19 Répertoire de C:\Program Files\fichiers communs 07/08/2006 18:26 <REP> . 07/08/2006 18:26 <REP> .. 19/06/2006 12:51 <REP> ACD Systems 26/06/2006 23:08 <REP> Adobe 18/06/2006 14:55 <REP> Ahead 22/07/2006 14:25 <REP> Corel 16/06/2006 22:24 <REP> DESIGNER 16/06/2006 23:28 <REP> FTL Shared 19/06/2006 11:59 <REP> InstallShield 27/06/2006 17:55 <REP> Jasc Software Inc 24/07/2006 16:44 <REP> Microsoft Shared 16/06/2006 20:01 <REP> MSSoap 19/06/2006 16:01 <REP> Nikon 16/06/2006 21:49 <REP> ODBC 22/07/2006 20:30 <REP> Raxco 16/06/2006 20:01 <REP> Services 16/06/2006 21:49 <REP> SpeechEngines 27/06/2006 17:59 <REP> SWF Studio 07/08/2006 01:09 <REP> Symantec Shared 17/06/2006 10:59 <REP> System 0 fichier(s) 0 octets 20 Rép(s) 39 314 112 512 octets libres Le volume dans le lecteur C s'appelle Dali Le numéro de série du volume est 6C1A-9C19 Répertoire de C:\Program Files\common files 18/06/2006 13:56 <REP> . 18/06/2006 13:56 <REP> .. 18/06/2006 13:56 <REP> EZB Systems 0 fichier(s) 0 octets 3 Rép(s) 39 314 112 512 octets libres c:\Documents and Settings\Jean-Marie BLAYA\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe c:\Documents and Settings\Jean-Marie BLAYA\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe c:\Documents and Settings\Jean-Marie BLAYA\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe c:\Documents and Settings\Jean-Marie BLAYA\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe c:\Documents and Settings\Jean-Marie BLAYA\Application Data\Microsoft\Installer\{9B52B30C-F65C-4244-ABCE-215E46E27AF0}\ARPPRODUCTICON.exe c:\Documents and Settings\Jean-Marie BLAYA\Application Data\Microsoft\Installer\{9B52B30C-F65C-4244-ABCE-215E46E27AF0}\NewShortcut5_3.exe c:\Documents and Settings\Jean-Marie BLAYA\Application Data\Microsoft\Installer\{9B52B30C-F65C-4244-ABCE-215E46E27AF0}\NewShortcut5_4.exe c:\Documents and Settings\Jean-Marie BLAYA\Application Data\Microsoft\Installer\{9B52B30C-F65C-4244-ABCE-215E46E27AF0}\NewShortcut5_6.exe c:\Documents and Settings\Jean-Marie BLAYA\Application Data\Microsoft\Installer\{9B52B30C-F65C-4244-ABCE-215E46E27AF0}\NewShortcut7.exe c:\Documents and Settings\Jean-Marie BLAYA\Application Data\Microsoft\Installer\{9B52B30C-F65C-4244-ABCE-215E46E27AF0}\PalmDesktopShortcut.exe c:\Documents and Settings\Jean-Marie BLAYA\Application Data\Microsoft\Installer\{9B52B30C-F65C-4244-ABCE-215E46E27AF0}\QuickTourShortcut.exe c:\Documents and Settings\Jean-Marie BLAYA\Bureau\chercher\LFiles.exe c:\Documents and Settings\Jean-Marie BLAYA\Local Settings\Temporary Internet Files\Content.IE5\8L4561QF\srvjmn[1].exe c:\Documents and Settings\Jean-Marie BLAYA\Mes documents\Fichier\ECalc\ecalc.exe c:\Documents and Settings\Jean-Marie BLAYA\Mes documents\Travail\KEY 128MO (K)\Dstress\stress.exe c:\Documents and Settings\Jean-Marie BLAYA\Mes documents\_Télécharg\ewido-setup_4.0.0.172b.exe c:\Documents and Settings\Jean-Marie BLAYA\Mes documents\_Télécharg\HelpMaker 7.2.15.0\vahelp72015.exe c:\Documents and Settings\Jean-Marie BLAYA\Mes documents\_Télécharg\hijackthis\HijackThis.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\Jean-Marie BLAYA\Local Settings\Application Data\SCPSS.DLL c:\Documents and Settings\Jean-Marie BLAYA\Local Settings\Application Data\scpsv.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll Vérifications de quelques clefs Recherche de clefs EGDACCESS HKLM\SOFTWARE\Microsoft\Windows\explorer\SharedTaskScheduler
- le 7 août 2006
- 14 réponses
winpsa32 et rapport HijackThis

Meato a posté un sujet dans Analyses et éradication malwares

Norton sigale winpsa32.dll. Je n'arrive pas à m'en débarasser sous Dos en mode sans échac. Adaware, Spybot et Norton sont inneficaces. Je ne vois rien d'anormal sur le rapport. Pouvez-vous m'aider ? Logfile of HijackThis v1.99.1 Scan saved at 19:05:54, on 07/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\system32\bgswitch.exe C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\Shove-it\Shove-it.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Maxthon\Maxthon.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\TEMP\win5C.tmp.exe C:\Documents and Settings\Jean-Marie BLAYA\Mes documents\_Télécharg\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe /Consumer O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [iS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Shove-it.lnk = C:\Program Files\Shove-it\Shove-it.exe O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150495822421 O17 - HKLM\System\CCS\Services\Tcpip\..\{F56E1F92-C662-453C-80A6-6B5596A70CA6}: NameServer = 86.64.145.145 84.103.237.145 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0787.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0787.00.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR1\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR1\RpcSandraSrv.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\Script Blocking\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.EXE O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
- le 7 août 2006
- 14 réponses

Connexion

Meato

Compteur de contenus

Inscription

Dernière visite

Autres informations

Meato's Achievements

Junior Member (3/12)

Réputation sur la communauté

Lenteur démarrage XP 5mn

winpsa32 et rapport HijackThis

winpsa32 et rapport HijackThis

winpsa32 et rapport HijackThis

winpsa32 et rapport HijackThis

winpsa32 et rapport HijackThis

winpsa32 et rapport HijackThis

winpsa32 et rapport HijackThis

winpsa32 et rapport HijackThis

Zebulon

Outils en ligne

Naviguer