Mister H
-
Compteur de contenus
7 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Messages posté(e)s par Mister H
-
-
Merci à Charles Ingals pour votre aide précieuse.
Mister H enfin rentré du boulot (comme il est tôt ce soir, c'est rare).
Mister H
-
Bonsoir,
Enfin arrivé (presque 10 minutes avec l'aide de ma Dame, Manly, pour trouver où écrire).
Je me demande encore pourquoi elle m'a inscrit ici, je suis au niveau moins 35 en informatique, mais pourrai probablement trouver de l'aide lorsque le besoin s'en fera sentir.
Trop occupé par ma profession de magicien-ventriloque, vous n'aurez que de (très) rares occasions de me lire.
A bientôt.
Mister H
-
voici le rapport Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 18:27:08, on 21/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Citi Internet Number\CitiINum.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Customizer XP\RAM_2K.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\HijackThis\MisterH.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.proximus-interactive.be.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...rch&ap=b204
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redire...;lc=080c&ac
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet access provided by Proximus
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiEUBrowserHelper Class - {0748BCEA-3708-4842-A65F-7AA6E56EBCD9} - C:\WINDOWS\System32\BhoCitEU.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [CitiINum_French] C:\Program Files\Citi Internet Number\CitiINum.exe /dontopenmycards
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAM_2K.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Citi Internet Number - {F2011928-474C-466d-8C33-99B0ED86EEB9} - C:\Program Files\Citi Internet Number\CitiINum.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.proximus-interactive.be.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-bef.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
voilà, à bientôt
Manly, son Mister toujours au boulot
ps je ne vois pas de différence avec le fichier renomé.
aurais-je fais une fausse manip?
-
voici le rapport KASPERSKY
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, November 21, 2006 5:49:03 PM
Système d'exploitation : Microsoft Windows XP Home Edition, (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 21/11/2006
Enregistrements dans la base antivirus Kaspersky : 229726
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Poste de travail
A:\
C:\
D:\
Statistiques de l'analyse
Total d'objets analysés 44432
Nombre de virus trouvés 1
Nombre d'objets infectés 0 / 0
Nombre d'objets suspects 14
Durée de l'analyse 01:41:49
Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\formhistory.dat L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\history.dat L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\parent.lock L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\search.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\urlclassifier2.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[Fr ... /[From mentfamily@wanadoo.fr][Date Tue, 18 Apr 2006 13:28:48 + .. ... /html Suspect : Exploit.HTML.Iframe.FileDownload ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[Fr ... /[From mentfamily@wanadoo.fr][Date Tue, 18 Apr 2006 13:28:48 + ... /UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[Fr ... /[From mentfamily@wanadoo.fr][Date Tue, 18 Apr 2006 13:28:48 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[From ... /[From infos@tpgmonaco.com][Date Tue, 18 Apr 2006 11:08:21 + .. ... /html Suspect : Exploit.HTML.Iframe.FileDownload ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[From ... /[From infos@tpgmonaco.com][Date Tue, 18 Apr 2006 11:08:21 + ... /UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[From ... /[From infos@tpgmonaco.com][Date Tue, 18 Apr 2006 11:08:21 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[From "Nicholas" ][Date Mon, 17 Apr 2006 18:31:13 +0100]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNAMED/[From "Silke" ][Date Tue, 18 Apr 2006 06:37:33 +0400]/text Suspect : Exploit.HTML.Iframe.FileDownload ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text Suspect : Exploit.HTML.Iframe.FileDownload ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm Mail: suspect - 13 ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Temp\Perflib_Perfdata_514.dat L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Temp\~DF948B.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\PATRICK HUBERT\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\debug.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\debug.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\error.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\error.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\hips.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\hips.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\ids.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\ids.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\network.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\network.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\system.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\system.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\warning.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\warning.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\web.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\web.log.idx L'objet est verrouillé ignoré
C:\System Volume Information\_restore{0E146069-ED9D-439E-9989-CCF268F6A6C3}\RP202\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_5c4.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
Analyse terminée.
Donc si jecomprends bien,ily a une "saloperie" dans l'ordi de mon mari.
Je refais le rapport Hitjachiks et je le poste ?
Merci
Manly pour son mIster
-
zut, me suis trompée de logg
Manly
-
Voici le premier rapport,celui de WinPFind:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 21/11/2006 15:28:15
WinPFind v1.5.0 Folder = C:\Documents and Settings\PATRICK HUBERT\Mes documents\Mes fichiers reçus\DIVERS\WinPFind\WinPFind\
Microsoft Windows XP (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2600.0000)
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
UPX! 25/09/2006 16:45:08 666240 C:\WINDOWS\SYSTEM32\aswBoot.exe ()
UPX! 9/07/2004 9:47:04 167936 C:\WINDOWS\SYSTEM32\CoreAAC.ax ()
aspack 22/07/2005 18:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
PEC2 28/08/2001 5:00:00 41131 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2 11/08/2006 18:31:48 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PECompact2 11/08/2006 18:31:48 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PECompact2 8/12/2005 16:25:44 2721632 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/12/2005 16:25:44 2721632 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 23/08/2001 16:47:42 1166336 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
WSUD 28/08/2001 5:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 12/02/2002 22:23:04 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 8/11/2003 11:34:00 36864 C:\WINDOWS\SYSTEM32\RLMPCDec.ax (RadLight)
winsync 28/08/2001 5:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
21/11/2006 15:14:10 S 2048 C:\WINDOWS\bootstat.dat ()
21/11/2006 15:17:54 H 1024 C:\WINDOWS\system32\config\default.LOG ()
21/11/2006 15:15:20 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
21/11/2006 15:16:30 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
21/11/2006 15:31:54 H 1024 C:\WINDOWS\system32\config\software.LOG ()
21/11/2006 15:17:56 H 1024 C:\WINDOWS\system32\config\system.LOG ()
11/11/2006 17:31:08 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\eac877f6-6350-46cb-bb7c-58b2666df3c2 ()
11/11/2006 17:31:08 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
5/11/2006 22:07:12 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1f053281-c4aa-4d77-8166-ce2da8240e2e ()
5/11/2006 22:07:12 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
10/11/2006 20:35:56 H 6 C:\WINDOWS\Tasks\SA.DAT ()
Checking for CPL files...
28/08/2001 5:00:00 69120 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
28/08/2001 5:00:00 563712 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
14/06/2003 16:11:04 237633 C:\WINDOWS\SYSTEM32\btcpl.cpl ()
28/08/2001 5:00:00 133120 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
28/08/2001 5:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
28/08/2001 5:00:00 296448 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
28/08/2001 5:00:00 124416 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
23/08/2001 17:47:50 48640 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
29/08/2002 2:41:00 208896 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
12/10/2006 3:10:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
28/08/2001 5:00:00 189952 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
28/08/2001 5:00:00 567296 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
28/08/2001 5:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
10/09/2002 9:08:16 110592 C:\WINDOWS\SYSTEM32\nmo.cpl (Nokia Corporation)
28/08/2001 5:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
28/08/2001 5:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
28/08/2001 5:00:00 112640 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
26/07/2004 2:42:14 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl (RealNetworks, Inc.)
28/08/2001 5:00:00 277504 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
28/08/2001 5:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
28/08/2001 5:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
26/05/2005 4:16:32 175896 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
29/08/2002 2:41:00 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
Checking for Downloaded Program Files...
{33564D57-0000-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
{867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - HardwareDetection Control - CodeBase = http://drivers1.free.fr/telecharger.php?id=2&version=
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - a-squared Scanner - CodeBase = http://ax.emsisoft.com/asquared.cab
{BD8667B7-38D8-4C77-B580-18C3E146372C} - Creative Toolbox Plug-in - CodeBase = http://bmm.imgag.com/imgag/cp/install/crusher-bef.cab
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
20/09/2006 21:30:38 1757 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk ()
11/11/2006 16:59:30 681 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk ()
20/09/2001 11:51:38 HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini ()
30/06/2004 16:10:00 1740 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk ()
Checking files in %ALLUSERSPROFILE%\Application Data folder...
20/09/2001 11:38:22 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
Checking files in %USERPROFILE%\Startup folder...
20/09/2001 11:51:38 HS 84 C:\Documents and Settings\PATRICK HUBERT\Menu Démarrer\Programmes\Démarrage\desktop.ini ()
Checking files in %USERPROFILE%\Application Data folder...
20/09/2001 11:38:22 HS 62 C:\Documents and Settings\PATRICK HUBERT\Application Data\desktop.ini ()
29/10/2006 0:26:16 41288 C:\Documents and Settings\PATRICK HUBERT\Application Data\GDIPFONTCACHEV1.DAT ()
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
>>> Internet Explorer Settings <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://desktop.presario.net/scripts/redire...;lc=080c&ac
\\Search Bar - http://search.presario.net/scripts/redirec...rch&ap=b204
\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
\\Default_Page_URL - http://www.proximus-interactive.be.htm
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.google.be/
\\Search Bar - http://home.microsoft.com/search/lobby/search.asp
\\Search Page - http://home.microsoft.com/access/allinone.asp
\\Local Page - C:\WINDOWS\system32\blank.htm
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{0748BCEA-3708-4842-A65F-7AA6E56EBCD9} - CitiEUBrowserHelper Class = C:\WINDOWS\System32\BhoCitEU.dll (Orbiscom Ltd. All rights reserved.)
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
\{F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - IEHlprObj Class = LineAudio.dll ()
>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Astuce du jour = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{8E718888-423F-11D2-876E-00A0C9082467} - &Radio = C:\WINDOWS\System32\msdxm.ocx (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Liens = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = ()
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\NEXTID - 8198
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 = Messenger
\\{F2011928-474C-466d-8C33-99B0ED86EEB9} - 8194 =
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8195 =
\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} - 8196 = @shdoclc.dll,-864
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8197 = Console Java (Sun)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Console Java (Sun) = C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Console Java (Sun) = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{c95fe080-8f5d-11d2-a20b-00aa003c157a} - ButtonText: @shdoclc.dll,-866 = %SystemRoot%\web\related.htm
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com =
\{F2011928-474C-466d-8C33-99B0ED86EEB9} - ButtonText: Citi Internet Number = C:\Program Files\Citi Internet Number\CitiINum.exe (Orbiscom Ltd. All rights reserved.)
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Extension Affichage Panorama du Panneau de configuration = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Extensions de l'environnement de compression de fichiers = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Menu contextuel de cryptage = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - Extension icône HyperTerminal = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Barre des tâches et menu Démarrer = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - Comptes d'utilisateurs = ()
\\{D653647D-D607-4DF6-A5B8-48D2BA195F7B} - BitDefender Antivirus v8 = ()
\\{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} - Set Program Access and Defaults = ()
\\{596AB062-B4D2-4215-9F74-E9109B0A8153} - Previous Versions Property Page = ()
\\{9DB7A13C-F208-4981-8353-73CC61AE2783} - Previous Versions = ()
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{472083B0-C522-11CF-8763-00608CC02F24} - avast = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\\{D3796116-94D3-4009-96D7-51578411CC7D} - Outpost Shell Extension = ()
\\{950FF917-7A57-46BC-8017-59D9BF474000} - Shell Extension for CDRW = C:\Program Files\Ahead\InCD\incdshx.dll (Nero AG)
\\{40950107-FEA6-4d53-A65F-B2DCBA57DD58} - Nokia Phone Browser = C:\Program Files\Nokia\Nokia PC Suite 6\Components\PhoneBrowserComponents\NokiaPhoneBrowser.dll (Nokia)
\\{FBFE7864-D495-41f0-B7DC-4BB601CC295E} - Contact View = C:\Program Files\Nokia\Nokia PC Suite 6\Components\PhoneBrowserComponents\ContactView.dll (Nokia)
\\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} - Shell Extension for Malware scanning = ()
\\ - = ()
\\{6af09ec9-b429-11d4-a1fb-0090960218cb} - My Bluetooth Places = C:\WINDOWS\System32\btneighborhood.dll ()
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\InCDMenu - {950FF917-7A57-46BC-8017-59D9BF474000} = C:\Program Files\Ahead\InCD\incdshx.dll (Nero AG)
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\BitDefender Antivirus v7 - {D653647D-D607-4DF6-A5B8-48D2BA195F7B} = ()
\BitDefender Antivirus v8 - {D653647D-D607-4DF6-A5B8-48D2BA195F7B} = ()
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)
>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIModeChange - C:\WINDOWS\SYSTEM32\Ati2mdxx.exe (ATI Technologies, Inc.)
SynTPLpr - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
SynTPEnh - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
eabconfg.cpl - C:\Program Files\Compaq\EAB\EabServr.exe (Compaq)
srmclean - C:\Cpqs\Scom\srmclean.exe ()
Cpqset - C:\Program Files\compaq\cpqsetup\cpqset.exe ()
CitiINum_French - C:\Program Files\Citi Internet Number\CitiINum.exe (Orbiscom Ltd. All rights reserved.)
ElbyCheckAnyDVD - C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe (Elaborate Bytes AG)
RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
IntelliPoint - C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ()
D-Link AirPlus XtremeG - C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe (D-Link)
ANIWZCS2Service - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
InCD - C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
DataLayer - C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE (Nokia Mobile Phones Ltd.)
PCSuiteTrayApplication - C:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE ()
snpstd - C:\WINDOWS\vsnpstd.exe ()
RAM Idle - C:\Program Files\Customizer XP\RAM_2K.exe ()
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MessengerPlus3 - C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou)
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE - C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk - C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe ()
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini ()
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\PATRICK HUBERT\Menu Démarrer\Programmes\Démarrage\desktop.ini ()
>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 2
services 0
startup 0
[All Users Startup Folder Disabled Items]
[Current User Startup Folder Disabled Items]
>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d
>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
>>> DNS Name Servers <<<
{1358F57A-895A-4B80-94A3-1AE9FA4D5DB1} - ()
{344D726A-AB66-48BA-99F2-2E6AD6524577} - ()
{952445BE-EE08-4E95-858F-C13AA16F5DC2} - (Carte réseau 1394)
{9FC5123C-30F9-4F71-9C25-A312366D84FB} - (D-Link AirPlus DWL-G650 Wireless Cardbus Adapter(rev.C))
{A95B784E-459B-426B-A9C6-627CEE0EB26B} - ()
{B78DEED4-FC12-43AA-88E4-AB520F0D9EDF} - (Carte réseau Fast Ethernet PCI Realtek RTL8139 Family)
>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()
>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]
>>> Selected AddOn's <<<
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
le rapport de Kaspersky sera posté dès qu'il sera fait
cordialement,
Manly pour son Mister qui travaille
-
Up
Cela m'inquiète vraiment, cette lenteur de mon pc est-il du aux différentes attaques reçues par Netsky?
Merci de me répondre
-
Bonjour,
Suite à la lenteur de mon pc, j'ai déjà suivi les instructions de Papo pour configurer mes services.
J'ai aussi fait un scan antivir en mode sans échec, qui a trouvé dans le fichier de quarantaine d'Avast Netsky.
J'ai demandé la suppression de ces fichiers, mais cela m'a été refusé.
Je joins mon rapport HijackThis.
si vous pouviez me dire si je suis encore infecté.
Merci.
Logfile of HijackThis v1.99.1
Scan saved at 18:51:15, on 16/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.proximus-interactive.be.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...rch&ap=b204
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redire...;lc=080c&ac
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet access provided by Proximus
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiEUBrowserHelper Class - {0748BCEA-3708-4842-A65F-7AA6E56EBCD9} - C:\WINDOWS\System32\BhoCitEU.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [CitiINum_French] C:\Program Files\Citi Internet Number\CitiINum.exe /dontopenmycards
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAM_2K.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Citi Internet Number - {F2011928-474C-466d-8C33-99B0ED86EEB9} - C:\Program Files\Citi Internet Number\CitiINum.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.proximus-interactive.be.htm
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-bef.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Merci
( RESOLU) rapport HijackThis
dans Analyses et éradication malwares
Posté(e)
Salut,
Voilà tout est fait.
Au démarage de l'ordi, avec ouverture de sesssion comprise,3 minutes pour être prêt à surfer, je pense que c'est bien non?
Juste deux petits trucs.
Le premier, juste à l'ouverture de windows xp, un écran noir,une grosse barre blanche dans le bas de mon écran, une seconde puis disparaît, puis à nouveau démarage de XP.
Le second, je n'ai plus mes fenêtes internet qui se mettent à la bonne grandeur, elles sont trop larges pour mon écran.(c'est sûrement un rien du tout à faire, mais faut le connaître
)
Sinon, nickel
Un de ces quatres, je sens que je vais nettoyer mon pc, je viendrai sûrement vous embêter avec un rapport hijacthis.
Merci Charles Ingals,
j'ajoute le résolu au premier post.
Manly pour son Mister H