Maxi40
-
Compteur de contenus
18 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Maxi40
-
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
Pas de réponse -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
je n'arrive pas à accéder au site de MAD (php peut-être) je vais vérifier sa -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
1 MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) 2 OK 3 PK 4 OK 5 OK Voilà Merci -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
C:\WINDOWS\System32\Com\comrereg.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\Com\comrepl.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\DX9\dxsetup.exe -->09/07/2004 04:08:36 C:\WINDOWS\System32\npp\nppagent.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\oobe\oobebaln.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\oobe\msoobe.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\Restore\srdiag.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\Restore\rstrui.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\URTTemp\regtlib.exe -->21/02/2003 05:16:08 C:\WINDOWS\System32\usmt\migwiz_a.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\usmt\migwiz.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\usmt\migload.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\wbem\wmiprvse.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\wbem\wmic.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\wbem\wmiapsrv.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\wbem\wmiadap.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\wbem\winmgmt.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\wbem\wbemtest.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\wbem\unsecapp.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\wbem\scrcons.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\wbem\mofcomp.exe -->05/08/2004 14:00:00 C:\WINDOWS\System32\ZoneLabs\vsmon.exe -->16/03/2006 11:33:12 C:\WINDOWS\System32\ZoneLabs\isafe.exe -->23/06/2005 16:57:12 C:\WINDOWS\System32\ZoneLabs\cafix.exe -->07/12/2003 09:33:34 C:\WINDOWS\System32\myeufal.exe -->17/08/2006 16:40:58 C:\WINDOWS\System32\kernel1.exe -->15/08/2006 23:16:32 C:\WINDOWS\System32\MRT.exe -->03/08/2006 03:22:50 C:\WINDOWS\System32\Ati2mdxx.exe -->19/07/2006 04:53:03 C:\WINDOWS\System32\ati2evxx.exe -->19/07/2006 04:51:42 C:\WINDOWS\System32\ati2sgag.exe -->18/07/2006 21:05:00 C:\WINDOWS\System32\WgaTray.exe -->19/06/2006 16:19:26 C:\WINDOWS\System32\SpoonUninstall.exe -->08/06/2006 20:52:12 C:\WINDOWS\System32\javaws.exe -->03/05/2006 02:56:58 C:\WINDOWS\System32\javaw.exe -->03/05/2006 01:19:40 C:\WINDOWS\System32\java.exe -->03/05/2006 01:19:30 C:\WINDOWS\System32\verclsid.exe -->17/03/2006 02:38:01 C:\WINDOWS\System32\pxinsa64.exe -->05/12/2005 07:12:26 C:\WINDOWS\System32\pxhpinst.exe -->05/12/2005 07:12:26 C:\WINDOWS\System32\pxcpya64.exe -->05/12/2005 07:12:26 C:\WINDOWS\System32\spupdsvc.exe -->28/06/2005 10:21:34 C:\WINDOWS\System32\Nx.exe -->14/06/2005 15:21:08 C:\WINDOWS\System32\spoolsv.exe -->11/06/2005 01:53:32 C:\WINDOWS\System32\wuauclt1.exe -->26/05/2005 04:16:30 C:\WINDOWS\System32\wuauclt.exe -->26/05/2005 04:16:30 C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe -->05/08/2004 14:00:00 C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe -->04/08/2004 01:07:10 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe -->05/08/2004 14:00:00 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe -->05/08/2004 14:00:00 C:\WINDOWS\$NtUninstallKB896358$\hh.exe -->05/08/2004 14:00:00 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe -->05/08/2004 14:00:00 C:\WINDOWS\$NtUninstallKB896428$\telnet.exe -->05/08/2004 14:00:00 C:\WINDOWS\$NtUninstallKB902400$\migregdb.exe -->05/08/2004 14:00:00 C:\WINDOWS\$NtUninstallKB912812$\iedw.exe -->05/08/2004 14:00:00 C:\WINDOWS\$NtUninstallKB916281$\iedw.exe -->04/03/2006 02:39:06 C:\WINDOWS\$NtUninstallKB918899$\iedw.exe -->09/05/2006 13:00:37 C:\WINDOWS\inf\unregmp2.exe -->11/08/2004 20:49:10 C:\WINDOWS\msagent\agentsvr.exe -->05/08/2004 14:00:00 C:\WINDOWS\San Andreas Mod Installer\uninstall.exe -->31/05/2006 13:42:07 C:\WINDOWS\speech\vcmd.exe -->12/01/1999 15:09:36 C:\WINDOWS\system32\myeufal.exe -->17/08/2006 16:40:58 C:\WINDOWS\system32\kernel1.exe -->15/08/2006 23:16:32 C:\WINDOWS\system32\MRT.exe -->03/08/2006 03:22:50 C:\WINDOWS\system32\Ati2mdxx.exe -->19/07/2006 04:53:03 C:\WINDOWS\system32\ati2evxx.exe -->19/07/2006 04:51:42 C:\WINDOWS\system32\ati2sgag.exe -->18/07/2006 21:05:00 C:\WINDOWS\system32\WgaTray.exe -->19/06/2006 16:19:26 C:\WINDOWS\system32\SpoonUninstall.exe -->08/06/2006 20:52:12 C:\WINDOWS\system32\javaws.exe -->03/05/2006 02:56:58 C:\WINDOWS\system32\javaw.exe -->03/05/2006 01:19:40 C:\WINDOWS\system32\java.exe -->03/05/2006 01:19:30 C:\WINDOWS\system32\verclsid.exe -->17/03/2006 02:38:01 C:\WINDOWS\system32\pxinsa64.exe -->05/12/2005 07:12:26 C:\WINDOWS\system32\pxhpinst.exe -->05/12/2005 07:12:26 C:\WINDOWS\system32\pxcpya64.exe -->05/12/2005 07:12:26 C:\WINDOWS\system32\spupdsvc.exe -->28/06/2005 10:21:34 C:\WINDOWS\system32\Nx.exe -->14/06/2005 15:21:08 C:\WINDOWS\system32\spoolsv.exe -->11/06/2005 01:53:32 C:\WINDOWS\system32\wuauclt1.exe -->26/05/2005 04:16:30 C:\WINDOWS\system32\wuauclt.exe -->26/05/2005 04:16:30 C:\WINDOWS\Temp\NSIS_Install_IGB.exe -->17/08/2006 16:40:24 C:\WINDOWS\Temp\KPF-4-3-268-T-0-0.exe -->01/08/2006 09:12:32 C:\WINDOWS\AMUninst01c.exe -->07/05/2006 20:34:29 C:\WINDOWS\Setup1.exe -->07/05/2006 08:37:16 C:\WINDOWS\ST6UNST.EXE -->07/05/2006 08:37:13 C:\WINDOWS\zllsputility.exe -->16/03/2006 11:34:12 C:\WINDOWS\hh.exe -->27/05/2005 01:22:01 C:\WINDOWS\CmiPCIUninstall.exe -->20/08/2004 12:04:06 C:\WINDOWS\winhlp32.exe -->05/08/2004 14:00:00 C:\WINDOWS\winhelp.exe -->05/08/2004 14:00:00 C:\WINDOWS\twunk_32.exe -->05/08/2004 14:00:00 C:\WINDOWS\twunk_16.exe -->05/08/2004 14:00:00 C:\WINDOWS\TASKMAN.EXE -->05/08/2004 14:00:00 C:\WINDOWS\regedit.exe -->05/08/2004 14:00:00 C:\WINDOWS\NOTEPAD.EXE -->05/08/2004 14:00:00 C:\WINDOWS\explorer.exe -->05/08/2004 14:00:00 C:\WINDOWS\shutdown.exe -->07/01/2003 02:00:00 C:\WINDOWS\P101bCfg.exe -->30/04/2002 03:00:00 C:\WINDOWS\CtDrvIns.exe -->20/03/2002 03:24:00 C:\WINDOWS\VfwUpd.exe -->04/10/2001 12:26:00 C:\WINDOWS\CTREGRUN.EXE -->11/10/1999 03:01:00 C:\WINDOWS\p_9904.exe -->27/07/1999 17:42:28 C:\Documents and Settings\PIF\local settings\temp\ICD1.tmp\SpSubRx.exe -->16/08/2006 07:02:46 C:\Documents and Settings\PIF\local settings\temp\ICD1.tmp\SpyMD.inf -->20/04/2006 09:24:42 C:\Documents and Settings\PIF\local settings\temp\isp8C.tmp\_Setup.dll -->01/08/2006 10:12:29 C:\Documents and Settings\PIF\local settings\temp\OfficeUpdate\OU(00001).xml -->29/07/2006 11:13:31 C:\Documents and Settings\PIF\local settings\temp\OfficeUpdate\OU(00001)_Msi.log -->29/07/2006 11:13:07 C:\Documents and Settings\PIF\local settings\temp\WAS5D8.tmp\pimeer_eq_led.png -->27/07/2006 15:33:39 C:\Documents and Settings\PIF\local settings\temp\WAS5D8.tmp\skin.xml -->27/07/2006 15:33:37 C:\Documents and Settings\PIF\local settings\temp\WFPVR\CS007.bmp -->04/08/2006 23:18:13 C:\Documents and Settings\PIF\local settings\temp\WFPVR\CP.bmp -->04/08/2006 23:18:13 C:\Documents and Settings\PIF\local settings\temp\WFPVR\CS023.bmp -->04/08/2006 23:18:12 C:\Documents and Settings\PIF\local settings\temp\WFPVR\CS026.bmp -->04/08/2006 23:18:07 C:\Documents and Settings\PIF\local settings\temp\WFPVR\CS020.bmp -->04/08/2006 23:18:03 C:\Documents and Settings\PIF\local settings\temp\WFPVR\CS018.bmp -->04/08/2006 23:17:57 C:\Documents and Settings\PIF\local settings\temp\~rnsetup\pnrs3260.dll -->28/01/2006 02:39:04 C:\Documents and Settings\PIF\local settings\temp\~rnsetup\pncrt.dll -->23/06/2001 02:31:20 C:\Documents and Settings\PIF\local settings\temp\~DFC245.tmp -->19/08/2006 17:23:01 C:\Documents and Settings\PIF\local settings\temp\StatusRx.log -->19/08/2006 15:44:01 C:\Documents and Settings\PIF\local settings\temp\jusched.log -->18/08/2006 18:27:19 C:\Documents and Settings\PIF\local settings\temp\Perflib_Perfdata_f00.dat -->18/08/2006 18:25:26 C:\Documents and Settings\PIF\local settings\temp\Perflib_Perfdata_1b0.dat -->18/08/2006 18:25:26 C:\Documents and Settings\PIF\local settings\temp\~DF8AE0.tmp -->18/08/2006 18:24:13 C:\Documents and Settings\PIF\local settings\temp\Perflib_Perfdata_9e0.dat -->18/08/2006 18:23:28 C:\Documents and Settings\PIF\local settings\temp\Perflib_Perfdata_ba4.dat -->18/08/2006 18:11:35 C:\Documents and Settings\PIF\local settings\temp\~DF98D6.tmp -->18/08/2006 18:10:26 C:\Documents and Settings\PIF\local settings\temp\Perflib_Perfdata_874.dat -->18/08/2006 18:09:13 C:\Documents and Settings\PIF\local settings\temp\Perflib_Perfdata_934.dat -->18/08/2006 17:34:09 C:\Documents and Settings\PIF\local settings\temp\Perflib_Perfdata_9cc.dat -->18/08/2006 17:34:08 C:\Documents and Settings\PIF\local settings\temp\~DFD4C4.tmp -->18/08/2006 17:32:20 C:\Documents and Settings\PIF\local settings\temp\Perflib_Perfdata_a0c.dat -->18/08/2006 17:31:25 C:\Documents and Settings\PIF\local settings\temp\java_install_reg.log -->18/08/2006 13:19:34 C:\Documents and Settings\PIF\local settings\temp\~DF8DDA.tmp -->17/08/2006 22:23:39 C:\Documents and Settings\PIF\local settings\temp\~DF5E4E.tmp -->17/08/2006 22:17:02 C:\Documents and Settings\PIF\local settings\temp\~DF8162.tmp -->17/08/2006 20:53:18 C:\Documents and Settings\PIF\local settings\temp\~DF9907.tmp -->17/08/2006 20:37:36 C:\Documents and Settings\PIF\local settings\temp\~DF56E5.tmp -->17/08/2006 20:34:29 -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
Non toujours rien Jreposte un scan hijacthis : Logfile of HijackThis v1.99.1 Scan saved at 17:45:52, on 19/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Fast.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\fast.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\taskswitch.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\KO Approach\Approach.exe C:\Documents and Settings\PIF\Mes documents\OnLineForever.exe C:\Program Files\TaskbarEx\TaskbarEx.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\eMule\emule.exe C:\Program Files\WinFast\WFTVFM\WFFM.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Hijackthis\Maxi40.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [DXM6Patch_9904] C:\WINDOWS\p_9904.exe /Q:A O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [iPConnect] C:\Documents and Settings\PIF\Bureau\IPConnect.exe O4 - HKLM\..\Run: [Desk-Com] C:\Program Files\Desk-Com\Ghost Recon\Desk-Com.exe O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe O4 - HKLM\..\Run: [ea4405dd.exe] C:\WINDOWS\system32\ea4405dd.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [E06FXLRD_17770532] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: KO Approach.lnk = C:\Program Files\KO Approach\Approach.exe O4 - Startup: Raccourci vers OnLineForever.lnk = C:\Documents and Settings\PIF\Mes documents\OnLineForever.exe O4 - Startup: Raccourci vers TaskbarEx.lnk = C:\Program Files\TaskbarEx\TaskbarEx.exe O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154163549680 O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...AdSignerADP.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winxka32 - winxka32.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
No spyware found Merci -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
au fait j'ai oublié de vous signaler que le problème de l'explorateur a été résolu donc merci beaucoup. il ne nous reste plus que les 2 fichiers fantôme -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
sa marche pas non plus -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
je parvient pas à trouver ces fichiers. Pourtant j'ai modifié les option des dossiers. -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
Voila tout: 1: --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 17:24:08 18/08/2006 + Scan result: C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup (quarantined). C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Cleaned with backup (quarantined). C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned with backup (quarantined). HKU\S-1-5-21-1606980848-1383384898-1343024091-1003\Software\Classes\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5} -> Adware.Generic : Cleaned with backup (quarantined). HKU\S-1-5-21-1606980848-1383384898-1343024091-1003\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf} -> Adware.Generic : Cleaned with backup (quarantined). HKU\S-1-5-21-1606980848-1383384898-1343024091-1003_Classes\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5} -> Adware.Generic : Cleaned with backup (quarantined). HKU\S-1-5-21-1606980848-1383384898-1343024091-1003_Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf} -> Adware.Generic : Cleaned with backup (quarantined). HKU\S-1-5-21-1606980848-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup (quarantined). C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\themexp\Themexp.org File\SetupInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\Fichiers communs\Synacast\SynaLive\EvID4226Patch.exe -> Backdoor.Virkel.A : Cleaned with backup (quarantined). C:\Documents and Settings\PIF\Cookies\pif@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@ad.adocean[2].txt -> TrackingCookie.Adocean : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@gde.adocean[2].txt -> TrackingCookie.Adocean : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@cliks[2].txt -> TrackingCookie.Cliks : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@www.etracker[1].txt -> TrackingCookie.Etracker : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@need2find[1].txt -> TrackingCookie.Need2find : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@valuead[2].txt -> TrackingCookie.Valuead : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@weborama[2].txt -> TrackingCookie.Weborama : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@yadro[2].txt -> TrackingCookie.Yadro : Cleaned. C:\Documents and Settings\PIF\Cookies\pif@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld113D.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld16B8.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld2576.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld37D4.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld40A7.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld429.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld4BA9.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld4D1B.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld4F5D.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld500A.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld568F.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld5AFE.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld64AD.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld6BE.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld75CA.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld7638.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld789D.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld7A4D.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld829C.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld8791.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld87E.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld87EC.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld89E1.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld90F7.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld99C3.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldA10B.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldA3C3.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldA65C.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldAB3A.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldAF94.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldB52B.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldB580.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldBA38.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldBC19.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldBC1F.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldC1FB.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldD35C.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldD469.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldE0BC.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldE6A7.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldEB94.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldFC75.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldFD05.tmp -> Trojan.Small : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned with backup (quarantined). HKU\S-1-5-21-1606980848-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F79FD28E-36EE-4989-AA61-9DD8E30A82FA} -> Trojan.Small : Cleaned with backup (quarantined). ::Report end 2: 08/18/06 20:22:14 [info]: BlackLight Engine 1.0.46 initialized 08/18/06 20:22:14 [info]: OS: 5.1 build 2600 (Service Pack 2) 08/18/06 20:22:15 [Note]: 7019 4 08/18/06 20:22:15 [Note]: 7005 0 08/18/06 20:22:17 [Note]: 7006 0 08/18/06 20:22:19 [Note]: 7011 1832 08/18/06 20:22:20 [Note]: 7026 0 08/18/06 20:22:20 [Note]: 7026 0 08/18/06 20:22:37 [Note]: FSRAW library version 1.7.1019 08/18/06 20:56:25 [Note]: 7007 0 3: Logfile of HijackThis v1.99.1 Scan saved at 20:56:58, on 18/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Fast.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\fast.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\taskswitch.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\KO Approach\Approach.exe C:\Documents and Settings\PIF\Mes documents\OnLineForever.exe C:\Program Files\TaskbarEx\TaskbarEx.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\MeuhMeuhTV\MeuhMeuhTV.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Hijackthis\Maxi40.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [DXM6Patch_9904] C:\WINDOWS\p_9904.exe /Q:A O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [iPConnect] C:\Documents and Settings\PIF\Bureau\IPConnect.exe O4 - HKLM\..\Run: [Desk-Com] C:\Program Files\Desk-Com\Ghost Recon\Desk-Com.exe O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe O4 - HKLM\..\Run: [ea4405dd.exe] C:\WINDOWS\system32\ea4405dd.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [E06FXLRD_17770532] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: KO Approach.lnk = C:\Program Files\KO Approach\Approach.exe O4 - Startup: Raccourci vers OnLineForever.lnk = C:\Documents and Settings\PIF\Mes documents\OnLineForever.exe O4 - Startup: Raccourci vers TaskbarEx.lnk = C:\Program Files\TaskbarEx\TaskbarEx.exe O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154163549680 O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...AdSignerADP.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winxka32 - winxka32.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Merci encore -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
C:\Program Files\TaskbarEx\TaskbarEx.exe OK -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
C:\Documents and Settings\PIF\Mes documents\OnLineForever.exe OK c mon log pour éviter les déconnections -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
C:\WINDOWS\system32\ea4405dd.exe je le trouve pas -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
Au fait vous parlez de deux site or il n'y a q'un seul lien bon c pas grave alors our p-9904.exe c'est ok il n'ont rien trouvé Là ya un PB C:\Docs et Set\pif\bureau\ipconect.exe(ou un truc dans le genre) ben il existe pas ce fichier ( ou plus) Je continu le scan -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
En effet le server est très busy sa v durer un momment. En ce qui concerne tous ces fichiers que t'as cité j'ai été dans msconfig et apparemment ce sont des processus qui se lancent au démarrage du pc. J'ai essayé de démarrer sans eux mais rien y fait ... Je te post les rapport Dans un momment si le site déstresse. Merci -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
Toujours le même problème -
Raport hijackrhis+PB Explorateur
Maxi40 a répondu à un(e) sujet de Maxi40 dans Analyses et éradication malwares
Tout d'abord MERCI pour votre réponse rapide. Scan Antivir reconfiguré: AntiVir PersonalEdition Classic Report file date: jeudi 17 août 2006 11:12 Scanning for 482402 virus strains and unwanted programs. Licensed to: AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: PIF Computer name: PIF-75A77E24299 Version informations: AVSCAN.EXE : 7.0.0.42 557096 12/07/2006 14:02:16 AVSCAN.DLL : 7.0.0.42 53288 12/07/2006 14:02:16 LUKE.DLL : 7.0.0.42 118824 12/07/2006 14:02:18 LUKERES.DLL : 7.0.0.42 25640 12/07/2006 14:02:18 ANTIVIR0.VDF : 6.35.0.1 7371264 12/07/2006 14:02:13 ANTIVIR1.VDF : 6.35.0.168 730112 12/07/2006 14:02:13 ANTIVIR2.VDF : 6.35.1.86 506880 12/07/2006 14:02:14 ANTIVIR3.VDF : 6.35.1.104 33280 12/07/2006 14:02:14 AVEWIN32.DLL : 7.1.1.2 1782272 12/07/2006 14:02:14 AVPREF.DLL : 7.0.0.1 49192 12/07/2006 14:02:15 AVREP.DLL : 6.35.1.100 757800 12/07/2006 14:02:15 AVRPBASE.DLL : 7.0.0.0 2162728 12/07/2006 14:02:16 AVPACK32.DLL : 7.1.0.1 335912 12/07/2006 14:02:15 AVREG.DLL : 6.31.0.90 27688 12/07/2006 14:02:15 NETNT.DLL : 6.32.0.0 6696 12/07/2006 14:02:18 NETNW.DLL : 6.32.0.0 9768 12/07/2006 14:02:18 RCIMAGE.DLL : 7.0.0.71 1642536 12/07/2006 14:02:23 RCTEXT.DLL : 7.0.0.75 77864 12/07/2006 14:02:23 Configuration settings for the scan: Jobname: '%s'.................: Local Drives Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp Boot sectors..................: C,D,A,I,E,F,G,H,J Scan memory...................: 1 Process scan..................: 1 Scan all files................: 1 Scan archives.................: 1 Recursion depth...............: 20 Smart extensions..............: 1 Skipped archive types.........: 1000,1001,1002,1003,1004, Macro heuristic...............: 1 File heuristic................: 3 Primary action................: 1 Secondary action..............: 0 Start of the scan: jeudi 17 août 2006 11:12 The scan over running processes will be started 14 Processes was scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'A:\' [NOTE] In the drive 'A:\' no data medium is inserted! Boot sector 'I:\' [NOTE] In the drive 'I:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( 38 files ). Starting the file scan: C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\PIF\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\PIF\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\PIF\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\PIF\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Program Files\Tweak-XP Pro\Tweak-xp.exe [DETECTION] Contains suspicious code HEUR/Crypted.Layered [WARNING] The file was ignored! C:\WINDOWS\system32\config\default [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\dtscsi.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd6669.sys [WARNING] The file could not be opened! D:\# Archives\Logiciel\# TWEAK\tweakxp\Tweak XP Pro 2.0.7\Crack\TWEAK-XP.EXE [DETECTION] Contains suspicious code HEUR/Crypted.Layered [WARNING] The file was ignored! The path A:\ could not be found! Le périphérique n'est pas prêt. The path I:\ could not be found! Le périphérique n'est pas prêt. The path E:\ could not be found! Le périphérique n'est pas prêt. The path F:\ could not be found! Le périphérique n'est pas prêt. The path G:\ could not be found! Le fichier ou le répertoire est endommagé et illisible. The path J:\ could not be found! Le périphérique n'est pas prêt. End of the scan: jeudi 17 août 2006 13:04 Used time: 1:52:00 min The scan has been done completely. 6431 Scanning directories 324091 Files were scanned 2 viruses and/or unwanted programs was found 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2241 Archives were scanned 20 Warnings 1 Notes Scan Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 13:15:57, on 17/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Fast.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\fast.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\taskswitch.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\KO Approach\Approach.exe C:\Documents and Settings\PIF\Mes documents\OnLineForever.exe C:\Program Files\TaskbarEx\TaskbarEx.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Hijackthis\Maxi40.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [DXM6Patch_9904] C:\WINDOWS\p_9904.exe /Q:A O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [iPConnect] C:\Documents and Settings\PIF\Bureau\IPConnect.exe O4 - HKLM\..\Run: [Desk-Com] C:\Program Files\Desk-Com\Ghost Recon\Desk-Com.exe O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe O4 - HKLM\..\Run: [ea4405dd.exe] C:\WINDOWS\system32\ea4405dd.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe O4 - HKCU\..\Run: [E06FXLRD_17770532] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: KO Approach.lnk = C:\Program Files\KO Approach\Approach.exe O4 - Startup: Raccourci vers OnLineForever.lnk = C:\Documents and Settings\PIF\Mes documents\OnLineForever.exe O4 - Startup: Raccourci vers TaskbarEx.lnk = C:\Program Files\TaskbarEx\TaskbarEx.exe O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154163549680 O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...AdSignerADP.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winxka32 - winxka32.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Uninstall List: Ad-Aware SE Personal Adobe Acrobat 5.0 Adobe Reader 7.0.5 Language Support Adobe Reader 7.0.8 AGEIA PhysX v2.3.3 AMCap ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Control Panel ATI Display Driver Avira AntiVir PersonalEdition Classic AWicons Lite Backburner Correctif Windows XP - KB873339 Correctif Windows XP - KB885250 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB885884 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB887742 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 Creative Mass Storage Drivers Creative System Information Creative WebCam Driver (1.02.08.0807) Creative Zen Nano Plus dBpowerAMP Music Converter dBpowerAMP Ogg Vorbis Codec Desk-Com 1.0 DkZ Studio Download Accelerator Plus (DAP) Emjysoft Programme TV 1.0 eMule EPSON Attach To Email EPSON Copy Utility 3 EPSON Easy Photo Print EPSON File Manager EPSON Image Clip Palette EPSON Logiciel imprimante EPSON Scan EPSON Scan Assistant ESPRX520 Guide d'utilisation FAST FOOD verze 1.0 Fraps Ghost Recon Advanced Warfighter GiPo@MoveOnBoot 1.9.5 GRAW Patch 1.21 GSpot Codec Information Appliance GTA San Andreas Admin Console Release 1.8.2 GTA:SA Real-Speed Mod HHD Software USB Monitor 2.37 HijackThis 1.99.1 InterVideo WinDVD J2SE Runtime Environment 5.0 Update 7 Java 2 Runtime Environment, SE v1.4.0_03 Java Web Start K-Lite Codec Pack 2.72 Full KO Approach L&H TTS3000 Français Lecteur Windows Media 10 Livebox LiveReg (Symantec Corporation) LiveUpdate 1.80 (Symantec Corporation) maads v.19.6 Macromedia Dreamweaver 8 Macromedia Extension Manager Macromedia Flash Player 8 Macromedia Shockwave Player MeuhMeuhTV (désinstallation uniquement) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Office XP Professional with FrontPage Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899589) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901190) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912812) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913446) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB916281) Mise à jour de sécurité pour Windows XP (KB917159) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB918899) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB916595) MMTV Install dll MSN Messenger 7.5 Norton SystemWorks 2003 On2 VP3 Video for Windows Codec Pack Vista Inspirat 1.1 PIF DESIGNER PowerArchiver 2006 v9.51 French Powertoys For Windows XP PPLive 1.2.39A PPStream Pro Evolution Soccer 5 Rainmeter (remove only) RealPlayer Saitek SST Programming Software Shareaza version 2.2.1.0 SopCast 0.9.8 Spybot - Search & Destroy 1.4 StyleBuilder (remove only) StyleXP (remove only) SuperCopier2 Synacast Plug-in 1.1.0.7 Themexp.org File TRUST 714DX 7.1 SOUND EXPERT TVAnts 1.0 TvAnts 1.0.0.57 Fr Tweak-XP Pro Windows Installer 3.1 (KB893803) Windows Media Format Runtime WinFast Entertainment Center WinFast PVR xp-AntiSpy 3.96-2 ZoneAlarm Security Suite Voilà tout -
Bonjour tout le monde A chaque démarrage de mon PC une fenêtre de l'explorateur s'ouvre sur System32. Il me semble que le problème fait suit à la suppression d'un virus danc ce dossier avec avast. Voila mon rapport hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 09:16:38, on 17/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Fast.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\KO Approach\Approach.exe C:\Documents and Settings\PIF\Mes documents\OnLineForever.exe C:\Program Files\TaskbarEx\TaskbarEx.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\WINDOWS\System32\alg.exe C:\Program Files\WinFast\WFTVFM\WFTV.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\PowerArchiver\POWERARC.EXE C:\DOCUME~1\PIF\LOCALS~1\Temp\_PA869\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [DXM6Patch_9904] C:\WINDOWS\p_9904.exe /Q:A O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [iPConnect] C:\Documents and Settings\PIF\Bureau\IPConnect.exe O4 - HKLM\..\Run: [Desk-Com] C:\Program Files\Desk-Com\Ghost Recon\Desk-Com.exe O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe O4 - HKLM\..\Run: [ea4405dd.exe] C:\WINDOWS\system32\ea4405dd.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe O4 - HKCU\..\Run: [E06FXLRD_17770532] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: KO Approach.lnk = C:\Program Files\KO Approach\Approach.exe O4 - Startup: Raccourci vers OnLineForever.lnk = C:\Documents and Settings\PIF\Mes documents\OnLineForever.exe O4 - Startup: Raccourci vers TaskbarEx.lnk = C:\Program Files\TaskbarEx\TaskbarEx.exe O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154163549680 O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...AdSignerADP.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winxka32 - winxka32.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Merci de m'aider