Maxi40
-
Compteur de contenus
18 -
Inscription
-
Dernière visite
Maxi40's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
Pas de réponse -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
je n'arrive pas à accéder au site de MAD (php peut-être) je vais vérifier sa -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
1 MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) 2 OK 3 PK 4 OK 5 OK Voilà Merci -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
C:\WINDOWS\System32\Com\comrereg.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\Com\comrepl.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\DX9\dxsetup.exe -->09/07/2004 04:08:36 C:\WINDOWS\System32\npp\nppagent.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\oobe\oobebaln.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\oobe\msoobe.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\Restore\srdiag.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\Restore\rstrui.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\URTTemp\regtlib.exe -->21/02/2003 05:16:08 C:\WINDOWS\System32\usmt\migwiz_a.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\usmt\migwiz.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\usmt\migload.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\wbem\wmiprvse.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\wbem\wmic.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\wbem\wmiapsrv.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\wbem\wmiadap.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\wbem\winmgmt.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\wbem\wbemtest.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\wbem\unsecapp.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\wbem\scrcons.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\wbem\mofcomp.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\ZoneLabs\vsmon.exe -->16/03/2006 11:33:12 C:\WINDOWS\System32\ZoneLabs\isafe.exe -->23/06/2005 16:57:12 C:\WINDOWS\System32\ZoneLabs\cafix.exe -->07/12/2003 09:33:34 C:\WINDOWS\System32\myeufal.exe -->17/08/2006 16:40:58 C:\WINDOWS\System32\kernel1.exe -->15/08/2006 23:16:32 C:\WINDOWS\System32\MRT.exe -->03/08/2006 03:22:50 C:\WINDOWS\System32\Ati2mdxx.exe -->19/07/2006 04:53:03 C:\WINDOWS\System32\ati2evxx.exe -->19/07/2006 04:51:42 C:\WINDOWS\System32\ati2sgag.exe -->18/07/2006 21:05:00 C:\WINDOWS\System32\WgaTray.exe -->19/06/2006 16:19:26 C:\WINDOWS\System32\SpoonUninstall.exe -->08/06/2006 20:52:12 C:\WINDOWS\System32\javaws.exe -->03/05/2006 02:56:58 C:\WINDOWS\System32\javaw.exe -->03/05/2006 01:19:40 C:\WINDOWS\System32\java.exe -->03/05/2006 01:19:30 C:\WINDOWS\System32\verclsid.exe -->17/03/2006 02:38:01 C:\WINDOWS\System32\pxinsa64.exe -->05/12/2005 07:12:26 C:\WINDOWS\System32\pxhpinst.exe -->05/12/2005 07:12:26 C:\WINDOWS\System32\pxcpya64.exe -->05/12/2005 07:12:26 C:\WINDOWS\System32\spupdsvc.exe -->28/06/2005 10:21:34 C:\WINDOWS\System32\Nx.exe -->14/06/2005 15:21:08 C:\WINDOWS\System32\spoolsv.exe -->11/06/2005 01:53:32 C:\WINDOWS\System32\wuauclt1.exe -->26/05/2005 04:16:30 C:\WINDOWS\System32\wuauclt.exe -->26/05/2005 04:16:30 C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe -->05/08/2004 14:00:00 C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe -->04/08/2004 01:07:10 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe -->05/08/2004 14:00:00 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe -->05/08/2004 14:00:00 C:\WINDOWS\$NtUninstallKB896358$\hh.exe -->05/08/2004 14:00:00 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe -->05/08/2004 14:00:00 C:\WINDOWS\$NtUninstallKB896428$\telnet.exe -->05/08/2004 14:00:00 C:\WINDOWS\$NtUninstallKB902400$\migregdb.exe -->05/08/2004 14:00:00 C:\WINDOWS\$NtUninstallKB912812$\iedw.exe -->05/08/2004 14:00:00 C:\WINDOWS\$NtUninstallKB916281$\iedw.exe -->04/03/2006 02:39:06 C:\WINDOWS\$NtUninstallKB918899$\iedw.exe -->09/05/2006 13:00:37 C:\WINDOWS\inf\unregmp2.exe -->11/08/2004 20:49:10 C:\WINDOWS\msagent\agentsvr.exe -->05/08/2004 14:00:00 C:\WINDOWS\San Andreas Mod Installer\uninstall.exe -->31/05/2006 13:42:07 C:\WINDOWS\speech\vcmd.exe -->12/01/1999 15:09:36 C:\WINDOWS\system32\myeufal.exe -->17/08/2006 16:40:58 C:\WINDOWS\system32\kernel1.exe -->15/08/2006 23:16:32 C:\WINDOWS\system32\MRT.exe -->03/08/2006 03:22:50 C:\WINDOWS\system32\Ati2mdxx.exe -->19/07/2006 04:53:03 C:\WINDOWS\system32\ati2evxx.exe -->19/07/2006 04:51:42 C:\WINDOWS\system32\ati2sgag.exe -->18/07/2006 21:05:00 C:\WINDOWS\system32\WgaTray.exe -->19/06/2006 16:19:26 C:\WINDOWS\system32\SpoonUninstall.exe -->08/06/2006 20:52:12 C:\WINDOWS\system32\javaws.exe -->03/05/2006 02:56:58 C:\WINDOWS\system32\javaw.exe -->03/05/2006 01:19:40 C:\WINDOWS\system32\java.exe -->03/05/2006 01:19:30 C:\WINDOWS\system32\verclsid.exe -->17/03/2006 02:38:01 C:\WINDOWS\system32\pxinsa64.exe -->05/12/2005 07:12:26 C:\WINDOWS\system32\pxhpinst.exe -->05/12/2005 07:12:26 C:\WINDOWS\system32\pxcpya64.exe -->05/12/2005 07:12:26 C:\WINDOWS\system32\spupdsvc.exe -->28/06/2005 10:21:34 C:\WINDOWS\system32\Nx.exe -->14/06/2005 15:21:08 C:\WINDOWS\system32\spoolsv.exe -->11/06/2005 01:53:32 C:\WINDOWS\system32\wuauclt1.exe -->26/05/2005 04:16:30 C:\WINDOWS\system32\wuauclt.exe -->26/05/2005 04:16:30 C:\WINDOWS\Temp\NSIS_Install_IGB.exe -->17/08/2006 16:40:24 C:\WINDOWS\Temp\KPF-4-3-268-T-0-0.exe -->01/08/2006 09:12:32 C:\WINDOWS\AMUninst01c.exe -->07/05/2006 20:34:29 C:\WINDOWS\Setup1.exe -->07/05/2006 08:37:16 C:\WINDOWS\ST6UNST.EXE -->07/05/2006 08:37:13 C:\WINDOWS\zllsputility.exe -->16/03/2006 11:34:12 C:\WINDOWS\hh.exe -->27/05/2005 01:22:01 C:\WINDOWS\CmiPCIUninstall.exe -->20/08/2004 12:04:06 C:\WINDOWS\winhlp32.exe -->05/08/2004 14:00:00 C:\WINDOWS\winhelp.exe -->05/08/2004 14:00:00 C:\WINDOWS\twunk_32.exe -->05/08/2004 14:00:00 C:\WINDOWS\twunk_16.exe -->05/08/2004 14:00:00 C:\WINDOWS\TASKMAN.EXE -->05/08/2004 14:00:00 C:\WINDOWS\regedit.exe -->05/08/2004 14:00:00 C:\WINDOWS\NOTEPAD.EXE -->05/08/2004 14:00:00 C:\WINDOWS\explorer.exe -->05/08/2004 14:00:00 C:\WINDOWS\shutdown.exe -->07/01/2003 02:00:00 C:\WINDOWS\P101bCfg.exe -->30/04/2002 03:00:00 C:\WINDOWS\CtDrvIns.exe -->20/03/2002 03:24:00 C:\WINDOWS\VfwUpd.exe -->04/10/2001 12:26:00 C:\WINDOWS\CTREGRUN.EXE -->11/10/1999 03:01:00 C:\WINDOWS\p_9904.exe -->27/07/1999 17:42:28 C:\Documents and Settings\PIF\local settings\temp\ICD1.tmp\SpSubRx.exe -->16/08/2006 07:02:46 C:\Documents and Settings\PIF\local settings\temp\ICD1.tmp\SpyMD.inf -->20/04/2006 09:24:42 C:\Documents and Settings\PIF\local settings\temp\isp8C.tmp\_Setup.dll -->01/08/2006 10:12:29 C:\Documents and Settings\PIF\local settings\temp\OfficeUpdate\OU(00001).xml -->29/07/2006 11:13:31 C:\Documents and Settings\PIF\local settings\temp\OfficeUpdate\OU(00001)_Msi.log -->29/07/2006 11:13:07 C:\Documents and Settings\PIF\local settings\temp\WAS5D8.tmp\pimeer_eq_led.png -->27/07/2006 15:33:39 C:\Documents and Settings\PIF\local settings\temp\WAS5D8.tmp\skin.xml -->27/07/2006 15:33:37 C:\Documents and Settings\PIF\local settings\temp\WFPVR\CS007.bmp -->04/08/2006 23:18:13 C:\Documents and Settings\PIF\local settings\temp\WFPVR\CP.bmp -->04/08/2006 23:18:13 C:\Documents and Settings\PIF\local settings\temp\WFPVR\CS023.bmp -->04/08/2006 23:18:12 C:\Documents and Settings\PIF\local settings\temp\WFPVR\CS026.bmp -->04/08/2006 23:18:07 C:\Documents and Settings\PIF\local settings\temp\WFPVR\CS020.bmp -->04/08/2006 23:18:03 C:\Documents and Settings\PIF\local settings\temp\WFPVR\CS018.bmp -->04/08/2006 23:17:57 C:\Documents and Settings\PIF\local settings\temp\~rnsetup\pnrs3260.dll -->28/01/2006 02:39:04 C:\Documents and Settings\PIF\local settings\temp\~rnsetup\pncrt.dll -->23/06/2001 02:31:20 C:\Documents and Settings\PIF\local settings\temp\~DFC245.tmp -->19/08/2006 17:23:01 C:\Documents and Settings\PIF\local settings\temp\StatusRx.log -->19/08/2006 15:44:01 C:\Documents and Settings\PIF\local settings\temp\jusched.log -->18/08/2006 18:27:19 C:\Documents and Settings\PIF\local settings\temp\Perflib_Perfdata_f00.dat -->18/08/2006 18:25:26 C:\Documents and Settings\PIF\local settings\temp\Perflib_Perfdata_1b0.dat -->18/08/2006 18:25:26 C:\Documents and Settings\PIF\local settings\temp\~DF8AE0.tmp -->18/08/2006 18:24:13 C:\Documents and Settings\PIF\local settings\temp\Perflib_Perfdata_9e0.dat -->18/08/2006 18:23:28 C:\Documents and Settings\PIF\local settings\temp\Perflib_Perfdata_ba4.dat -->18/08/2006 18:11:35 C:\Documents and Settings\PIF\local settings\temp\~DF98D6.tmp -->18/08/2006 18:10:26 C:\Documents and Settings\PIF\local settings\temp\Perflib_Perfdata_874.dat -->18/08/2006 18:09:13 C:\Documents and Settings\PIF\local settings\temp\Perflib_Perfdata_934.dat -->18/08/2006 17:34:09 C:\Documents and Settings\PIF\local settings\temp\Perflib_Perfdata_9cc.dat -->18/08/2006 17:34:08 C:\Documents and Settings\PIF\local settings\temp\~DFD4C4.tmp -->18/08/2006 17:32:20 C:\Documents and Settings\PIF\local settings\temp\Perflib_Perfdata_a0c.dat -->18/08/2006 17:31:25 C:\Documents and Settings\PIF\local settings\temp\java_install_reg.log -->18/08/2006 13:19:34 C:\Documents and Settings\PIF\local settings\temp\~DF8DDA.tmp -->17/08/2006 22:23:39 C:\Documents and Settings\PIF\local settings\temp\~DF5E4E.tmp -->17/08/2006 22:17:02 C:\Documents and Settings\PIF\local settings\temp\~DF8162.tmp -->17/08/2006 20:53:18 C:\Documents and Settings\PIF\local settings\temp\~DF9907.tmp -->17/08/2006 20:37:36 C:\Documents and Settings\PIF\local settings\temp\~DF56E5.tmp -->17/08/2006 20:34:29 -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
Non toujours rien Jreposte un scan hijacthis : Logfile of HijackThis v1.99.1 Scan saved at 17:45:52, on 19/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Fast.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\fast.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\taskswitch.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\KO Approach\Approach.exe C:\Documents and Settings\PIF\Mes documents\OnLineForever.exe C:\Program Files\TaskbarEx\TaskbarEx.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\eMule\emule.exe C:\Program Files\WinFast\WFTVFM\WFFM.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Hijackthis\Maxi40.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [DXM6Patch_9904] C:\WINDOWS\p_9904.exe /Q:A O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [iPConnect] C:\Documents and Settings\PIF\Bureau\IPConnect.exe O4 - HKLM\..\Run: [Desk-Com] C:\Program Files\Desk-Com\Ghost Recon\Desk-Com.exe O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe O4 - HKLM\..\Run: [ea4405dd.exe] C:\WINDOWS\system32\ea4405dd.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [E06FXLRD_17770532] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: KO Approach.lnk = C:\Program Files\KO Approach\Approach.exe O4 - Startup: Raccourci vers OnLineForever.lnk = C:\Documents and Settings\PIF\Mes documents\OnLineForever.exe O4 - Startup: Raccourci vers TaskbarEx.lnk = C:\Program Files\TaskbarEx\TaskbarEx.exe O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154163549680 O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...AdSignerADP.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winxka32 - winxka32.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
No spyware found Merci -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
au fait j'ai oublié de vous signaler que le problème de l'explorateur a été résolu donc merci beaucoup. il ne nous reste plus que les 2 fichiers fantôme -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
sa marche pas non plus -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
je parvient pas à trouver ces fichiers. Pourtant j'ai modifié les option des dossiers. -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
Voila tout: 1: --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 17:24:08 18/08/2006 + Scan result: C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup (quarantined). C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Cleaned with backup (quarantined). C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned with backup (quarantined). HKU\S-1-5-21-1606980848-1383384898-1343024091-1003\Software\Classes\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5} -> Adware.Generic : Cleaned with backup (quarantined). HKU\S-1-5-21-1606980848-1383384898-1343024091-1003\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf} -> Adware.Generic : Cleaned with backup (quarantined). HKU\S-1-5-21-1606980848-1383384898-1343024091-1003_Classes\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5} -> Adware.Generic : Cleaned with backup (quarantined). HKU\S-1-5-21-1606980848-1383384898-1343024091-1003_Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf} -> Adware.Generic : Cleaned with backup (quarantined). HKU\S-1-5-21-1606980848-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup (quarantined). C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\themexp\Themexp.org File\SetupInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\Fichiers communs\Synacast\SynaLive\EvID4226Patch.exe -> Backdoor.Virkel.A : Cleaned with backup (quarantined). C:\Documents and Settings\PIF\Cookies\pif@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@ad.adocean[2].txt -> TrackingCookie.Adocean : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@gde.adocean[2].txt -> TrackingCookie.Adocean : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@cliks[2].txt -> TrackingCookie.Cliks : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@www.etracker[1].txt -> TrackingCookie.Etracker : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@need2find[1].txt -> TrackingCookie.Need2find : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@valuead[2].txt -> TrackingCookie.Valuead : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@weborama[2].txt -> TrackingCookie.Weborama : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@yadro[2].txt -> TrackingCookie.Yadro : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld113D.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld16B8.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld2576.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld37D4.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld40A7.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld429.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld4BA9.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld4D1B.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld4F5D.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld500A.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld568F.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld5AFE.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld64AD.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld6BE.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld75CA.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld7638.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld789D.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld7A4D.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld829C.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld8791.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld87E.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld87EC.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld89E1.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld90F7.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld99C3.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldA10B.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldA3C3.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldA65C.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldAB3A.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldAF94.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldB52B.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldB580.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldBA38.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldBC19.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldBC1F.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldC1FB.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldD35C.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldD469.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldE0BC.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldE6A7.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldEB94.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldFC75.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldFD05.tmp -> Trojan.Small : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned with backup (quarantined). HKU\S-1-5-21-1606980848-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F79FD28E-36EE-4989-AA61-9DD8E30A82FA} -> Trojan.Small : Cleaned with backup (quarantined). ::Report end 2: 08/18/06 20:22:14 [info]: BlackLight Engine 1.0.46 initialized 08/18/06 20:22:14 [info]: OS: 5.1 build 2600 (Service Pack 2) 08/18/06 20:22:15 [Note]: 7019 4 08/18/06 20:22:15 [Note]: 7005 0 08/18/06 20:22:17 [Note]: 7006 0 08/18/06 20:22:19 [Note]: 7011 1832 08/18/06 20:22:20 [Note]: 7026 0 08/18/06 20:22:20 [Note]: 7026 0 08/18/06 20:22:37 [Note]: FSRAW library version 1.7.1019 08/18/06 20:56:25 [Note]: 7007 0 3: Logfile of HijackThis v1.99.1 Scan saved at 20:56:58, on 18/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Fast.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\fast.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\taskswitch.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\KO Approach\Approach.exe C:\Documents and Settings\PIF\Mes documents\OnLineForever.exe C:\Program Files\TaskbarEx\TaskbarEx.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\MeuhMeuhTV\MeuhMeuhTV.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Hijackthis\Maxi40.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [DXM6Patch_9904] C:\WINDOWS\p_9904.exe /Q:A O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [iPConnect] C:\Documents and Settings\PIF\Bureau\IPConnect.exe O4 - HKLM\..\Run: [Desk-Com] C:\Program Files\Desk-Com\Ghost Recon\Desk-Com.exe O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe O4 - HKLM\..\Run: [ea4405dd.exe] C:\WINDOWS\system32\ea4405dd.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [E06FXLRD_17770532] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: KO Approach.lnk = C:\Program Files\KO Approach\Approach.exe O4 - Startup: Raccourci vers OnLineForever.lnk = C:\Documents and Settings\PIF\Mes documents\OnLineForever.exe O4 - Startup: Raccourci vers TaskbarEx.lnk = C:\Program Files\TaskbarEx\TaskbarEx.exe O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154163549680 O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...AdSignerADP.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winxka32 - winxka32.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Merci encore -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
C:\Program Files\TaskbarEx\TaskbarEx.exe OK -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
C:\Documents and Settings\PIF\Mes documents\OnLineForever.exe OK c mon log pour éviter les déconnections -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
C:\WINDOWS\system32\ea4405dd.exe je le trouve pas -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
Au fait vous parlez de deux site or il n'y a q'un seul lien bon c pas grave alors our p-9904.exe c'est ok il n'ont rien trouvé Là ya un PB C:\Docs et Set\pif\bureau\ipconect.exe(ou un truc dans le genre) ben il existe pas ce fichier ( ou plus) Je continu le scan -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
En effet le server est très busy sa v durer un momment. En ce qui concerne tous ces fichiers que t'as cité j'ai été dans msconfig et apparemment ce sont des processus qui se lancent au démarrage du pc. J'ai essayé de démarrer sans eux mais rien y fait ... Je te post les rapport Dans un momment si le site déstresse. Merci