

Rokiu
Membres-
Compteur de contenus
12 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Rokiu
-
Bonjour, Je viens d'arriver de travailler et je me rend compte que mon C: est bas en espace alors que j'Avais 3go de libre ce matin. Je supprime quelques éléments pour faire de l'espace seulement pour que tout retourne à 0 octet de disponible. Je soupsonne donc un virus, pouvez vous m'aider? Merci.
-
Voila, depuis environ une semaine, je remarque que ma connection internet sur ce portable est très lente et je suis constamment déconnecté de jeux en ligne comme WOW et World War II online: Battlefront Europe. Est-il possible que je soit infecté?
-
C'est ma foi une excellent question, mais même a l'Achat du portable je n'ai jamais intallé de pilote et mon graveur marchais nickel
-
Mon Cd en gravure est 1-52X, la vitesse de gravure est toujours diminuée, sur un DVD rom je fait de 1X et sur CD je fais 5X alors qu'avant mon dernier formatage je faisait du 8X DVD et 24 CD. Un gravage de Cd est passé de 3 minutes a 16 minutes :S
-
Bonjour, Voila mon probleme, lorsque j'essaie de graver n'importe quoi, la vitesse affiché maximale est de 24X mais mes séances de gravures ne parviennent pas à dépasser le 5X. J'ai ce probleme avec tous les logiciels de gravure et tout le type de fichier que je tente de graver. Merci D'avance
-
Bonjour a tous et merci d'avance, Je ne sais pas par ou commencer alors je me remet à votre science. Voici donc mon log Hijackthis.... j'ai peur qu'il y ai beaucoup de travail a faire. Logfile of HijackThis v1.99.1 Scan saved at 13:48:39, on 2007-08-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\TWFydGlu\command.exe C:\WINDOWS\system32\msbind32.exe C:\WINDOWS\system32\pmhlfylu.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Network Monitor\netmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\outlook\outlook.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\retadpu27.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\TEMP\sdadlrow-t2.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ComPlus Applications\horyfyz2.exe C:\WINDOWS\system32\kernelwind32.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\WinPop\winpop.exe C:\WINDOWS\SMANTE~1\winlogon.exe C:\Program Files\Common Files\?ppPatch\?serinit.exe C:\WINDOWS\system32\dllh8jkd1q2.exe C:\WINDOWS\system32\dllh8jkd1q6.exe C:\WINDOWS\system32\dllh8jkd1q7.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\totalcmd\TOTALCMD.EXE C:\DOCUME~1\Martin\LOCALS~1\Temp\_tc\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM\..\Run: [winlog] winlog.exe O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu27.exe 61A847B5BBF72810358B2B27128065E9C084320161C4661227A755E9C2933154389A O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\nsttvavb.dll",forkonce O4 - HKLM\..\Run: [bantool] C:\WINDOWS\TEMP\sdadlrow-t2.exe O4 - HKLM\..\Run: [{ZN}] C:\Documents and Settings\Martin\TISKY008.exe SKY008 O4 - HKLM\..\Run: [horyfyz] C:\Program Files\ComPlus Applications\horyfyz2.exe O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\kernelwind32.exe O4 - HKLM\..\RunServices: [winlog] winlog.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe O4 - HKCU\..\Run: [scbu] "C:\WINDOWS\SMANTE~1\winlogon.exe" -vt yazb O4 - HKCU\..\Run: [Elf] "C:\Program Files\Common Files\?ppPatch\?serinit.exe" O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Martin\TISKY008.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: dxclib303562752.dll O21 - SSODL: CxZhWTPZ - {AC8E0CCF-0624-A665-30EA-1FCE9FDD0939} - C:\WINDOWS\system32\gyw.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWFydGlu\command.exe O23 - Service: DomainService - - C:\WINDOWS\system32\pmhlfylu.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
-
[Résolu] Système Infecté
Rokiu a répondu à un(e) sujet de Rokiu dans Analyses et éradication malwares
Voici le rapport de Panda: Incident Statut Analyse Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fqxlr5vo.default\cookies.txt[.xiti.com/] Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fqxlr5vo.default\cookies.txt[.2o7.net/] Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fqxlr5vo.default\cookies.txt[.overture.com/] Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fqxlr5vo.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fqxlr5vo.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Tribalfusion No Désinfecté C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fqxlr5vo.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fqxlr5vo.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fqxlr5vo.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fqxlr5vo.default\cookies.txt[.adtech.de/] Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fqxlr5vo.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fqxlr5vo.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fqxlr5vo.default\cookies.txt[.advertising.com/] Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\Martin\Cookies\martin@2o7[1].txt Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Martin\Cookies\martin@atdmt[2].txt Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Martin\Cookies\martin@doubleclick[1].txt Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Martin\Cookies\martin@mediaplex[1].txt Outil indésirable:Application/Processor No Désinfecté C:\Martin\SmitfraudFix\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\WINDOWS\system32\Process.exe -
[Résolu] Système Infecté
Rokiu a répondu à un(e) sujet de Rokiu dans Analyses et éradication malwares
C'est bizarre, Blacklight avait pas l'option scar through windows explorer, en fait il y avait aucune option. Je ne pouvais que faire scan. Il a trouvé rien mais il a laissé trois différents fichier de rapport les voici. 01/14/07 13:48:21 [info]: BlackLight Engine 1.0.55 initialized 01/14/07 13:48:21 [info]: OS: 5.1 build 2600 (Service Pack 2) 01/14/07 13:48:25 [Note]: 7019 4 01/14/07 13:48:25 [Note]: 7005 0 01/14/07 13:49:06 [Note]: 7007 0 01/14/07 13:49:32 [info]: BlackLight Engine 1.0.55 initialized 01/14/07 13:49:32 [info]: OS: 5.1 build 2600 (Service Pack 2) 01/14/07 13:49:32 [Note]: 7019 4 01/14/07 13:49:32 [Note]: 7005 0 01/14/07 13:49:50 [Note]: 7006 0 01/14/07 13:49:50 [Note]: 7011 1280 01/14/07 13:49:50 [Note]: 7026 0 01/14/07 13:49:50 [Note]: 7026 0 01/14/07 13:49:59 [Note]: FSRAW library version 1.7.1021 01/14/07 13:58:22 [Note]: 2000 1012 01/14/07 13:58:22 [Note]: 2000 1012 01/14/07 14:00:14 [Note]: 7007 0 01/14/07 14:00:42 [info]: BlackLight Engine 1.0.55 initialized 01/14/07 14:00:42 [info]: OS: 5.1 build 2600 (Service Pack 2) 01/14/07 14:00:42 [Note]: 7019 4 01/14/07 14:00:42 [Note]: 7005 0 01/14/07 14:00:48 [Note]: 7007 0 Vu la divergence de la procédure je vais attendre confirmation pour commencer Panda -
[Résolu] Système Infecté
Rokiu a répondu à un(e) sujet de Rokiu dans Analyses et éradication malwares
Désolé, le coplete Scan a pris quelques heures à faire Voici le log Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 00:02:06, on 2007-01-14 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\runservice.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\Program Files\Pure Networks\Router Service\pnroutsv.exe C:\WINDOWS\ehome\RMSvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Updater.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\ehome\RMSysTry.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\totalcmd\TOTALCMD.EXE C:\Martin\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Moniteur de ressources Extender.lnk = C:\WINDOWS\ehome\RMSysTry.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE Voici le log smitfraudfix: SmitFraudFix v2.132 Scan done at 17:52:53,35, 2007-01-13 Run from C:\Martin\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl" [HKEY_CLASSES_ROOT\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32] @="C:\WINDOWS\system32\gwquvw.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32] @="C:\WINDOWS\system32\gwquvw.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\system32\gwquvw.dll -> Hoax.Win32.Renos.gen.i C:\WINDOWS\system32\gwquvw.dll -> Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\Martin\FAVORI~1\Online Security Test.url Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted C:\Program Files\Video ActiveX Object\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Voici le log AVG: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 23:54:05 2007-01-13 + Scan result: HKU\S-1-5-21-2743813027-726728495-3376884711-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : Ignored. HKU\S-1-5-21-2743813027-726728495-3376884711-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Ignored. C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP93\A0008764.dll -> Adware.WorldSecurityOnline : Ignored. ::Report end Les deux icones problématiques semblent a voir disparues, pourriez vous confirmer la bonne santée de mon pc a partir des log s'il-vous plait? -
[Résolu] Système Infecté
Rokiu a répondu à un(e) sujet de Rokiu dans Analyses et éradication malwares
Le mode sans echec me donne acces au net ou je devrais copier le contenu du post? -
[Résolu] Système Infecté
Rokiu a répondu à un(e) sujet de Rokiu dans Analyses et éradication malwares
Merci de ton temps regis AVG ma demander de redemarrer l'application, j'ai dit non et je l'ai fermé, est-ce oki? SmitFraudFix v2.132 Scan done at 17:31:53,03, 2007-01-13 Run from C:\Martin\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Martin »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Martin\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND ! C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Martin\FAVORI~1 C:\DOCUME~1\Martin\FAVORI~1\Online Security Test.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\Video ActiveX Object\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl" [HKEY_CLASSES_ROOT\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32] @="C:\WINDOWS\system32\gwquvw.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32] @="C:\WINDOWS\system32\gwquvw.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End J'attend ton oki pour passer a l'étape 2 -
Bonjour, Je suis un peu nul pour comprendre un log hijackthis. Mais si quelqu'un voudrais bien m'aider, ce serais tres apprécier. voici mon log: Logfile of HijackThis v1.99.1 Scan saved at 17:19:00, on 2007-01-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\runservice.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\Program Files\Pure Networks\Router Service\pnroutsv.exe C:\WINDOWS\ehome\RMSvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\Program Files\Video ActiveX Object\isamonitor.exe C:\Program Files\Video ActiveX Object\pmsngr.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Updater.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Video ActiveX Object\pmmon.exe C:\Program Files\Video ActiveX Object\isamini.exe C:\WINDOWS\ehome\RMSysTry.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\svchost.exe C:\totalcmd\TOTALCMD.EXE C:\Martin\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Moniteur de ressources Extender.lnk = C:\WINDOWS\ehome\RMSysTry.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE