baret

Membres

Afficher le profil Afficher son activité

Compteur de contenus
35
Inscription
le 19 mai 2007
Dernière visite
le 20 février 2009

Autres informations

Mes langues
français

baret's Achievements

Member (4/12)

Réputation sur la communauté

[résolu] ouverture d'un page web non désirée

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

:P merci pour ton aide
- le 5 janvier 2009
- 8 réponses
[résolu] ouverture d'un page web non désirée

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

Merci Angélique pour ces précisions comme convenu voici les logs : javara.log JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Mon Jan 05 12:43:34 2009 Found and removed: C:\Program Files\Java\jre1.6.0 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610000 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610000 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000 Found and removed: SOFTWARE\Classes\JavaPlugin.160 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160000} Found and removed: Software\Classes\JavaPlugin.160 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\bin\ ------------------------------------ Finished reporting. log de hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:49:28, on 05/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\DMI\WIN32\bin\DellDmi.exe C:\Program Files\Dell\OpenManage\Client\EventAgt.exe C:\Program Files\Dell\OpenManage\Client\DLT.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\lotus\notes\ntmulti.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\dmi\win32\bin\Win32sl.exe C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Dell\AccessDirect\DadTray.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Fichiers communs\XCPCSync\Translators\LtNts4\NtsAgent.exe C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\TRENDnet.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\CPSHelpRunner.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intra15/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [synapseUpdate] C:\Program Files\Synapse Développement\Synapse Update\Synapse Update.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [EasySync Pro - LtNts4] C:\Program Files\Fichiers communs\XCPCSync\Translators\LtNts4\NtsAgent.exe O4 - HKLM\..\Run: [EasySync Pro] C:\Program Files\Fichiers communs\XCPCMenu.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = ? O8 - Extra context menu item: &Point&&Go - C:\Program Files\Fichiers communs\Expert System\PGPlatform\PGPlatform.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\Program Files\lotus\notes\ntmulti.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxLiveShare.exe O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCom\RoxUpnpRenderer.exe O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe O23 - Service: VNC Server (winvnc) - AT&T Research Labs Cambridge - C:\Program Files\ORL\VNC\WinVNC.exe -- End of file - 11295 bytes
- le 5 janvier 2009
- 8 réponses
[résolu] ouverture d'un page web non désirée

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

Merci Angelique pour ton aide je te souhaite ainsi à tes proches une excellente année 2009 et à toutes la team de Zebulon j'ai fais tout ce que tu m'as indiqué la seule chose que je n'ai pu faire est de fixer O4 - HKLM\..\Run: [ymsog] "c:\windows\system32\ymsog.exe" ymsog car je ne l'avais plus
- le 5 janvier 2009
- 8 réponses
[résolu] ouverture d'un page web non désirée

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

Angelique un grand merci pour ton aide voici les logs apres le passage de navilog1: Search Navipromo version 2.0.2 commencé le 30/12/2008 à 20:26:29,60 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** WebMediaPlayer *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** C:\Program Files\WebMediaPlayer trouvé ! *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\GRoels\Application Data *** *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR ====================================== Copyright 2005-2006 F-Secure Corporation. All rights reserved. This is a beta version. It will expire on 1st of April, 2007. Version information: 2.2.1061. [+] Started on 12/30/08 at 20:26:31. [-] ERROR: This version of F-Secure BlackLight has expired. [+] Exited on 12/30/08 at 20:26:31 (return code = 3). *** Recherche fichiers *** C:\WINDOWS\pack.epk trouvé ! *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control HKEY_CURRENT_USER\Software\Lanconfig trouvé ! HKEY_USERS\S-1-5-21-1809328616-323243290-1861945104-2138\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : * C:\WINDOWS\system32\ymsog.dat trouvé ! ** C:\WINDOWS\system32\ymsog.dat trouvé ! *** **** C:\WINDOWS\system32\ymsog_navps.dat trouvé ! ***** ****** ******* ******** *** Analyse Terminé le 30/12/2008 à 20:27:29,77 *** Clean Navipromo version 2.0.2 commencé le 30/12/2008 à 20:28:44,09 Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO Mode suppression automatique avec prise en charge résultats Blacklight *** fsbl1.txt non trouvé *** (Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche) *** Suppression dossiers dans C:\WINDOWS *** *** Suppression dossiers dans C:\Program Files *** C:\Program Files\WebMediaPlayer ...suppression... C:\Program Files\WebMediaPlayer supprimé ! *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Suppression dossiers dans C:\Documents and Settings\GRoels\Application Data *** *** Suppression fichiers *** C:\WINDOWS\pack.epk supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\GRoels\Local Settings\Temp effectué ! *** Sauvegarde du registre vers dossier Backupnavi*** sauvegarde du registre réalise avec succes ! *** Nettoyage registre *** Nettoyage registre Ok *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche et Suppression Heuristique :* C:\WINDOWS\System32\ymsog.dat trouvé ! Copie C:\WINDOWS\system32\ymsog.dat réalise avec succes ! C:\WINDOWS\system32\ymsog.dat supprimé ! ** *** **** C:\WINDOWS\System32\ymsog_navps.dat trouvé ! Copie C:\WINDOWS\system32\ymsog_navps.dat réalise avec succes ! C:\WINDOWS\system32\ymsog_navps.dat supprimé ! ***** C:\WINDOWS\System32\ymsog_nav.dat trouvé ! Copie C:\WINDOWS\system32\ymsog_nav.dat réalise avec succes ! C:\WINDOWS\system32\ymsog_nav.dat supprimé ! ****** ******* ******** 3)Contrôle présence clés Rootkit dans le registre : Aucune autre clés présente dans le registre ! *** Nettoyage termine le 30/12/2008 à 20:34:28,80 *** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:42:46, on 30/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\DMI\WIN32\bin\DellDmi.exe C:\Program Files\Dell\OpenManage\Client\EventAgt.exe C:\Program Files\Dell\OpenManage\Client\DLT.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\lotus\notes\ntmulti.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\dmi\win32\bin\Win32sl.exe C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\notepad.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intra15/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 128.128.0.7 srv2 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [synapseUpdate] C:\Program Files\Synapse Développement\Synapse Update\Synapse Update.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [EasySync Pro - LtNts4] C:\Program Files\Fichiers communs\XCPCSync\Translators\LtNts4\NtsAgent.exe O4 - HKLM\..\Run: [EasySync Pro] C:\Program Files\Fichiers communs\XCPCMenu.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [ymsog] "c:\windows\system32\ymsog.exe" ymsog O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = ? O8 - Extra context menu item: &Point&&Go - C:\Program Files\Fichiers communs\Expert System\PGPlatform\PGPlatform.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\Program Files\lotus\notes\ntmulti.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxLiveShare.exe O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCom\RoxUpnpRenderer.exe O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe O23 - Service: VNC Server (winvnc) - AT&T Research Labs Cambridge - C:\Program Files\ORL\VNC\WinVNC.exe -- End of file - 10266 bytes
- le 30 décembre 2008
- 8 réponses
[résolu] ouverture d'un page web non désirée

baret a posté un sujet dans Analyses et éradication malwares

bonjour à tous et je profite pour vous souhaitez de très bonnes fêtes de fin d'année voilà j'ai un problème sur mon portable une fenêtre s'ouvre de manière intempestive dont voici l'adresse : hxxp://em.pc-on-internet.com/media/22/309/5714/crazy468a70902.gif je pense que c'est un malware merci de votre aide je vous joins le log d'hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:57:43, on 30/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\DMI\WIN32\bin\DellDmi.exe C:\Program Files\Dell\OpenManage\Client\EventAgt.exe C:\Program Files\Dell\OpenManage\Client\DLT.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\lotus\notes\ntmulti.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\dmi\win32\bin\Win32sl.exe C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\AccessDirect\DadTray.exe C:\Program Files\Fichiers communs\XCPCSync\Translators\LtNts4\NtsAgent.exe C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\CPSHelpRunner.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\TRENDnet.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intra15/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 128.128.0.7 srv2 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [synapseUpdate] C:\Program Files\Synapse Développement\Synapse Update\Synapse Update.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [EasySync Pro - LtNts4] C:\Program Files\Fichiers communs\XCPCSync\Translators\LtNts4\NtsAgent.exe O4 - HKLM\..\Run: [EasySync Pro] C:\Program Files\Fichiers communs\XCPCMenu.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = ? O8 - Extra context menu item: &Point&&Go - C:\Program Files\Fichiers communs\Expert System\PGPlatform\PGPlatform.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\Program Files\lotus\notes\ntmulti.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxLiveShare.exe O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCom\RoxUpnpRenderer.exe O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe O23 - Service: VNC Server (winvnc) - AT&T Research Labs Cambridge - C:\Program Files\ORL\VNC\WinVNC.exe -- End of file - 11195 bytes PS j'avais l'habitude d'aller voir aussi du coté de cybersecurite mais le site est suspendu avez vous des nouvelles de Bruce et des autres helpers je vous remercie par avance
- le 30 décembre 2008
- 8 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

merci Falkra pour tes recommandations ce que tu m'indique ça parait évident malheureusement après qu'on ai cliqué sur un crack j'ai été stupide et je ne recommencerais pas de sitôt suis bien content que tu m'indique que mon pc est de nouveau clean bien que le message de mcafee m'indiquant que service.exe a tenter de faire un débordement de mémoire tampon ce qui m'incite à penser que j'ai toujours quelque chose merci aussi à Apollo.01 pour tout ce temps passé à m'aider à nettoyer mon pc
- le 25 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

merci pour ton aide j'attends un peu et si quelqu'un d'autre a une idée et je vais voir après du coté de software comme tu me le suggère
- le 25 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

le problème c'est que j'ai toujours un fenêtre mcafee qui s'ouvre au démarrage et qui indique que service.exe effectuer un débordement de la mémoire tampon comme au début de mon post ce qui m'incite à dire que c'est pas encore résolu
- le 25 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

c'est partie ! Scan ---- Scanned: 1458492 Detected: 15 Untreated: 0 Start time: 24/07/2008 20:59:49 Duration: 20:14:00 Finish time: 25/07/2008 17:13:49 Detected -------- Status Object ------ ------ deleted: adware not-a-virus:AdWare.Win32.Dap.h File: C:\Documents and Settings\Gilles\Mes documents\01zoomphoto\DAPP7401\dap74.exe//WiseSFXDropper//WISE0024.BIN/dapiebar.dll deleted: adware not-a-virus:AdWare.Win32.BHO.aa File: C:\Documents and Settings\Gilles\Mes documents\serial 2000 update\s2k.7.1.plus\setup.exe deleted: riskware not-a-virus:PSWTool.Win32.PWDump.2 File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique by Spi0n.rar/Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Couteau suisse Xp.exe//PE_Patch//UPack//data0000.cab/rock.exe/pwdump2\samdump.dll//UPX deleted: riskware not-a-virus:PSWTool.Win32.PWDump.2 File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique by Spi0n.rar/Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Couteau suisse Xp.exe//PE_Patch//UPack//data0000.cab/rock.exe/pwdump2\pwdump2.exe//UPX deleted: riskware not-a-virus:PSWTool.Win32.RAS.a File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique by Spi0n.rar/Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Couteau suisse Xp.exe//PE_Patch//UPack//data0000.cab/RockXP4.exe//UPX deleted: riskware not-a-virus:PSWTool.Win32.RAS.a File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique by Spi0n.rar/Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Changer de clef XP\Changer de clef XP.exe/xpkey.exe deleted: riskware not-a-virus:PSWTool.Win32.RAS.a File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique by Spi0n.rar/Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Changer de clef XP\Changer de clef XP.exe/officekey.exe deleted: riskware not-a-virus:PSWTool.Win32.PWDump.2 File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Couteau suisse Xp.exe//PE_Patch//UPack//data0000.cab/rock.exe/pwdump2\samdump.dll//UPX deleted: riskware not-a-virus:PSWTool.Win32.PWDump.2 File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Couteau suisse Xp.exe//PE_Patch//UPack//data0000.cab/rock.exe/pwdump2\pwdump2.exe//UPX deleted: riskware not-a-virus:PSWTool.Win32.RAS.a File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Couteau suisse Xp.exe//PE_Patch//UPack//data0000.cab/RockXP4.exe//UPX deleted: riskware not-a-virus:PSWTool.Win32.RAS.a File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Changer de clef XP\Changer de clef XP.exe/xpkey.exe deleted: riskware not-a-virus:PSWTool.Win32.RAS.a File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Changer de clef XP\Changer de clef XP.exe/officekey.exe deleted: Trojan program Backdoor.Win32.Hupigon.cdnk File: C:\Program Files\SlySoft\AnyDVD\Crack Slysoft Suite 1.37.exe//PE_Patch deleted: riskware not-a-virus:PSWTool.Win32.RAS.a File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Couteau suisse Xp.exe//PE_Patch//UPack deleted: riskware not-a-virus:PSWTool.Win32.RAS.a File: c:\documents and settings\gilles\mes documents\windows.genuine.advantage.validation.v1.4.389.0\windows authentique\tirez votre copie de windows 100% véritable en 2 secondes\divers\changer de clef xp\changer de clef xp.exe Events ------ Time Name Status Reason ---- ---- ------ ------ 24/07/2008 21:00:31 Running module: smss.exe\smss.exe ok scanned 24/07/2008 21:00:32 File: C:\WINDOWS\System32\smss.exe ok scanned 24/07/2008 21:00:32 Running module: smss.exe\ntdll.dll ok scanned 24/07/2008 21:00:33 File: C:\WINDOWS\system32\ntdll.dll ok scanned 24/07/2008 21:00:33 Running module: csrss.exe\csrss.exe ok scanned 24/07/2008 21:00:33 File: C:\WINDOWS\system32\csrss.exe ok scanned 24/07/2008 21:00:33 Running module: csrss.exe\ntdll.dll ok scanned 24/07/2008 21:00:33 File: C:\WINDOWS\system32\ntdll.dll ok scanned 24/07/2008 21:00:33 Running module: csrss.exe\CSRSRV.dll ok scanned 24/07/2008 21:00:33 File: C:\WINDOWS\system32\CSRSRV.dll ok scanned 24/07/2008 21:00:33 Running module: csrss.exe\basesrv.dll ok scanned 24/07/2008 21:00:33 File: C:\WINDOWS\system32\basesrv.dll ok scanned 24/07/2008 21:00:33 Running module: csrss.exe\winsrv.dll ok scanned 24/07/2008 21:00:34 File: C:\WINDOWS\system32\winsrv.dll ok scanned 24/07/2008 21:00:34 Running module: csrss.exe\GDI32.dll ok scanned 24/07/2008 21:00:34 File: C:\WINDOWS\system32\GDI32.dll ok scanned 24/07/2008 21:00:34 Running module: csrss.exe\KERNEL32.dll ok scanned 24/07/2008 21:00:34 File: C:\WINDOWS\system32\KERNEL32.dll ok scanned 24/07/2008 21:00:34 Running module: csrss.exe\USER32.dll ok scanned 24/07/2008 21:00:35 File: C:\WINDOWS\system32\USER32.dll ok scanned 24/07/2008 21:00:35 Running module: csrss.exe\sxs.dll ok scanned 24/07/2008 21:00:35 File: C:\WINDOWS\system32\sxs.dll ok scanned 24/07/2008 21:00:35 Running module: csrss.exe\ADVAPI32.dll ok scanned 24/07/2008 21:00:35 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned 24/07/2008 21:00:35 Running module: csrss.exe\RPCRT4.dll ok scanned 24/07/2008 21:00:35 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned 24/07/2008 21:00:35 Running module: csrss.exe\Secur32.dll ok scanned 24/07/2008 21:00:35 File: C:\WINDOWS\system32\Secur32.dll ok scanned 24/07/2008 21:00:35 Running module: winlogon.exe\winlogon.exe ok scanned 24/07/2008 21:00:37 File: C:\WINDOWS\system32\winlogon.exe ok scanned 24/07/2008 21:00:37 Running module: winlogon.exe\ntdll.dll ok scanned 24/07/2008 21:00:37 File: C:\WINDOWS\system32\ntdll.dll ok scanned 24/07/2008 21:00:37 Running module: winlogon.exe\kernel32.dll ok scanned 24/07/2008 21:00:37 File: C:\WINDOWS\system32\kernel32.dll ok scanned 24/07/2008 21:00:37 Running module: winlogon.exe\ADVAPI32.dll ok scanned 24/07/2008 21:00:37 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned 24/07/2008 21:00:37 Running module: winlogon.exe\RPCRT4.dll ok scanned 24/07/2008 21:00:37 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned 24/07/2008 21:00:37 Running module: winlogon.exe\Secur32.dll ok scanned 24/07/2008 21:00:37 File: C:\WINDOWS\system32\Secur32.dll ok scanned 24/07/2008 21:00:37 Running module: winlogon.exe\AUTHZ.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\AUTHZ.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\msvcrt.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\msvcrt.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\CRYPT32.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\CRYPT32.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\USER32.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\USER32.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\GDI32.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\GDI32.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\MSASN1.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\MSASN1.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\NDdeApi.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\NDdeApi.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\PROFMAP.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\PROFMAP.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\NETAPI32.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\NETAPI32.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\USERENV.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\USERENV.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\PSAPI.DLL ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\PSAPI.DLL ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\REGAPI.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\REGAPI.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\SETUPAPI.dll ok scanned 24/07/2008 21:00:40 File: C:\WINDOWS\system32\SETUPAPI.dll ok scanned 24/07/2008 21:00:40 Running module: winlogon.exe\VERSION.dll ok scanned 24/07/2008 21:00:40 File: C:\WINDOWS\system32\VERSION.dll ok scanned 24/07/2008 21:00:40 Running module: winlogon.exe\WINSTA.dll ok scanned 24/07/2008 21:00:40 File: C:\WINDOWS\system32\WINSTA.dll ok scanned 24/07/2008 21:00:40 Running module: winlogon.exe\WINTRUST.dll ok scanned 24/07/2008 21:00:40 File: C:\WINDOWS\system32\WINTRUST.dll ok scanned 24/07/2008 21:00:40 Running module: winlogon.exe\IMAGEHLP.dll ok scanned 24/07/2008 21:00:40 File: C:\WINDOWS\system32\IMAGEHLP.dll ok scanned 24/07/2008 21:00:40 Running module: winlogon.exe\WS2_32.dll ok scanned 24/07/2008 21:00:40 File: C:\WINDOWS\system32\WS2_32.dll ok scanned 24/07/2008 21:00:40 Running module: winlogon.exe\WS2HELP.dll ok scanned 24/07/2008 21:00:40 File: C:\WINDOWS\system32\WS2HELP.dll ok scanned 24/07/2008 21:00:40 Running module: winlogon.exe\IMM32.DLL ok scanned 24/07/2008 21:00:41 File: C:\WINDOWS\system32\IMM32.DLL ok scanned 24/07/2008 21:00:41 Running module: winlogon.exe\MSGINA.dll ok scanned 24/07/2008 21:00:42 File: C:\WINDOWS\system32\MSGINA.dll ok scanned 24/07/2008 21:00:42 Running module: winlogon.exe\SHELL32.dll ok scanned 24/07/2008 21:00:51 File: C:\WINDOWS\system32\SHELL32.dll ok scanned 24/07/2008 21:00:51 Running module: winlogon.exe\SHLWAPI.dll ok scanned 24/07/2008 21:00:51 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned 24/07/2008 21:00:51 Running module: winlogon.exe\COMCTL32.dll ok scanned 24/07/2008 21:00:51 File: C:\WINDOWS\system32\COMCTL32.dll ok scanned 24/07/2008 21:00:51 Running module: winlogon.exe\ODBC32.dll ok scanned 24/07/2008 21:00:51 File: C:\WINDOWS\system32\ODBC32.dll ok scanned 24/07/2008 21:00:51 Running module: winlogon.exe\comdlg32.dll ok scanned 24/07/2008 21:00:51 File: C:\WINDOWS\system32\comdlg32.dll ok scanned 24/07/2008 21:00:51 Running module: winlogon.exe\comctl32.dll ok scanned 24/07/2008 21:00:53 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ok scanned 24/07/2008 21:00:53 Running module: winlogon.exe\odbcint.dll ok scanned 24/07/2008 21:00:53 File: C:\WINDOWS\system32\odbcint.dll ok scanned 24/07/2008 21:00:53 Running module: winlogon.exe\SHSVCS.dll ok scanned 24/07/2008 21:00:53 File: C:\WINDOWS\system32\SHSVCS.dll ok scanned 24/07/2008 21:00:53 Running module: winlogon.exe\sfc.dll ok scanned 24/07/2008 21:00:53 File: C:\WINDOWS\system32\sfc.dll ok scanned 24/07/2008 21:00:53 Running module: winlogon.exe\sfc_os.dll ok scanned 24/07/2008 21:00:54 File: C:\WINDOWS\system32\sfc_os.dll ok scanned 24/07/2008 21:00:54 Running module: winlogon.exe\ole32.dll ok scanned 24/07/2008 21:00:55 File: C:\WINDOWS\system32\ole32.dll ok scanned 24/07/2008 21:00:55 Running module: winlogon.exe\Apphelp.dll ok scanned 24/07/2008 21:00:55 File: C:\WINDOWS\system32\Apphelp.dll ok scanned 24/07/2008 21:00:55 Running module: winlogon.exe\msctfime.ime ok scanned 24/07/2008 21:00:55 File: C:\WINDOWS\system32\msctfime.ime ok scanned 24/07/2008 21:00:55 Running module: winlogon.exe\WINMM.dll ok scanned 24/07/2008 21:00:55 File: C:\WINDOWS\system32\WINMM.dll ok scanned 24/07/2008 21:00:55 Running module: winlogon.exe\serwvdrv.dll ok scanned 24/07/2008 21:00:56 File: C:\WINDOWS\system32\serwvdrv.dll ok scanned 24/07/2008 21:00:56 Running module: winlogon.exe\umdmxfrm.dll ok scanned 24/07/2008 21:00:56 File: C:\WINDOWS\system32\umdmxfrm.dll ok scanned 24/07/2008 21:00:56 Running module: winlogon.exe\cscdll.dll ok scanned 24/07/2008 21:00:56 File: C:\WINDOWS\system32\cscdll.dll ok scanned 24/07/2008 21:00:56 Running module: winlogon.exe\WlNotify.dll ok scanned 24/07/2008 21:00:56 File: C:\WINDOWS\system32\WlNotify.dll ok scanned 24/07/2008 21:00:56 Running module: winlogon.exe\WinSCard.dll ok scanned 24/07/2008 21:00:56 File: C:\WINDOWS\system32\WinSCard.dll ok scanned 24/07/2008 21:00:56 Running module: winlogon.exe\WTSAPI32.dll ok scanned 24/07/2008 21:00:56 File: C:\WINDOWS\system32\WTSAPI32.dll ok scanned 24/07/2008 21:00:56 Running module: winlogon.exe\WINSPOOL.DRV ok scanned 24/07/2008 21:00:56 File: C:\WINDOWS\system32\WINSPOOL.DRV ok scanned 24/07/2008 21:00:56 Running module: winlogon.exe\MPR.dll ok scanned 24/07/2008 21:00:56 File: C:\WINDOWS\system32\MPR.dll ok scanned 24/07/2008 21:00:56 Running module: winlogon.exe\rsaenh.dll ok scanned 24/07/2008 21:00:56 File: C:\WINDOWS\system32\rsaenh.dll ok scanned 24/07/2008 21:00:56 Running module: winlogon.exe\WgaLogon.dll ok scanned 24/07/2008 21:00:57 File: C:\WINDOWS\system32\WgaLogon.dll ok scanned 24/07/2008 21:00:57 Running module: winlogon.exe\OLEAUT32.dll ok scanned 24/07/2008 21:00:57 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned 24/07/2008 21:00:57 Running module: winlogon.exe\NTMARTA.DLL ok scanned 24/07/2008 21:00:57 File: C:\WINDOWS\system32\NTMARTA.DLL ok scanned 24/07/2008 21:00:57 Running module: winlogon.exe\WLDAP32.dll ok scanned 24/07/2008 21:00:57 File: C:\WINDOWS\system32\WLDAP32.dll ok scanned 24/07/2008 21:00:57 Running module: winlogon.exe\SAMLIB.dll ok scanned 24/07/2008 21:00:57 File: C:\WINDOWS\system32\SAMLIB.dll ok scanned 24/07/2008 21:00:57 Running module: winlogon.exe\CLBCATQ.DLL ok scanned 24/07/2008 21:00:58 File: C:\WINDOWS\system32\CLBCATQ.DLL ok scanned 24/07/2008 21:00:58 Running module: winlogon.exe\COMRes.dll ok scanned 24/07/2008 21:00:59 File: C:\WINDOWS\system32\COMRes.dll ok scanned 24/07/2008 21:00:59 Running module: winlogon.exe\UxTheme.dll ok scanned 24/07/2008 21:00:59 File: C:\WINDOWS\system32\UxTheme.dll ok scanned 24/07/2008 21:00:59 Running module: winlogon.exe\cscui.dll ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\cscui.dll ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\msacm32.drv ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\msacm32.drv ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\MSACM32.dll ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\MSACM32.dll ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\imaadp32.acm ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\imaadp32.acm ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\msadp32.acm ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\msadp32.acm ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\msg711.acm ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\msg711.acm ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\msgsm32.acm ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\msgsm32.acm ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\tssoft32.acm ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\tssoft32.acm ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\tsd32.dll ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\tsd32.dll ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\msg723.acm ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\msg723.acm ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\msaud32.acm ok scanned 24/07/2008 21:01:01 File: C:\WINDOWS\system32\msaud32.acm ok scanned 24/07/2008 21:01:01 Running module: winlogon.exe\sl_anet.acm ok scanned 24/07/2008 21:01:01 File: C:\WINDOWS\system32\sl_anet.acm ok scanned 24/07/2008 21:01:01 Running module: winlogon.exe\iac25_32.ax ok scanned 24/07/2008 21:01:01 File: C:\WINDOWS\system32\iac25_32.ax ok scanned 24/07/2008 21:01:01 Running module: winlogon.exe\l3codecp.acm ok scanned 24/07/2008 21:01:01 File: C:\WINDOWS\system32\l3codecp.acm ok scanned 24/07/2008 21:01:01 Running module: winlogon.exe\sirenacm.dll ok scanned 24/07/2008 21:01:02 File: C:\WINDOWS\system32\sirenacm.dll ok scanned 24/07/2008 21:01:02 Running module: winlogon.exe\MSVCR80.dll ok scanned 24/07/2008 21:01:02 File: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll ok scanned 24/07/2008 21:01:02 Running module: winlogon.exe\msv1_0.dll ok scanned 24/07/2008 21:01:02 File: C:\WINDOWS\system32\msv1_0.dll ok scanned 24/07/2008 21:01:02 Running module: winlogon.exe\iphlpapi.dll ok scanned 24/07/2008 21:01:02 File: C:\WINDOWS\system32\iphlpapi.dll ok scanned 24/07/2008 21:01:02 Running module: winlogon.exe\xpsp2res.dll ok scanned 24/07/2008 21:01:07 File: C:\WINDOWS\system32\xpsp2res.dll ok scanned 24/07/2008 21:01:07 Running module: services.exe\services.exe ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\services.exe ok scanned 24/07/2008 21:01:08 Running module: services.exe\ntdll.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\ntdll.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\kernel32.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\kernel32.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\msvcrt.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\msvcrt.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\ADVAPI32.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\RPCRT4.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\Secur32.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\Secur32.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\USER32.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\USER32.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\GDI32.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\GDI32.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\USERENV.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\USERENV.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\SCESRV.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\SCESRV.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\AUTHZ.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\AUTHZ.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\umpnpmgr.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\umpnpmgr.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\WINSTA.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\WINSTA.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\NETAPI32.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\NETAPI32.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\NCObjAPI.DLL ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\NCObjAPI.DLL ok scanned 24/07/2008 21:01:09 Running module: services.exe\MSVCP60.dll ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\MSVCP60.dll ok scanned 24/07/2008 21:01:09 Running module: services.exe\ShimEng.dll ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\ShimEng.dll ok scanned 24/07/2008 21:01:09 Running module: services.exe\AcAdProc.dll ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\AppPatch\AcAdProc.dll ok scanned 24/07/2008 21:01:09 Running module: services.exe\IMM32.DLL ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\IMM32.DLL ok scanned 24/07/2008 21:01:09 Running module: services.exe\Apphelp.dll ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\Apphelp.dll ok scanned 24/07/2008 21:01:09 Running module: services.exe\VERSION.dll ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\VERSION.dll ok scanned 24/07/2008 21:01:09 Running module: services.exe\eventlog.dll ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\eventlog.dll ok scanned 24/07/2008 21:01:09 Running module: services.exe\WS2_32.dll ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\WS2_32.dll ok scanned 24/07/2008 21:01:09 Running module: services.exe\WS2HELP.dll ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\WS2HELP.dll ok scanned 24/07/2008 21:01:09 Running module: services.exe\PSAPI.DLL ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\PSAPI.DLL ok scanned 24/07/2008 21:01:09 Running module: services.exe\wtsapi32.dll ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\wtsapi32.dll ok scanned 24/07/2008 21:01:09 Running module: lsass.exe\lsass.exe ok scanned 24/07/2008 21:01:10 File: C:\WINDOWS\system32\lsass.exe ok scanned 24/07/2008 21:01:10 Running module: lsass.exe\ntdll.dll ok scanned 24/07/2008 21:01:10 File: C:\WINDOWS\system32\ntdll.dll ok scanned 24/07/2008 21:01:10 Running module: lsass.exe\kernel32.dll ok scanned 24/07/2008 21:01:10 File: C:\WINDOWS\system32\kernel32.dll ok scanned 24/07/2008 21:01:10 Running module: lsass.exe\ADVAPI32.dll ok scanned 24/07/2008 21:01:10 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned 24/07/2008 21:01:10 Running module: lsass.exe\RPCRT4.dll ok scanned 24/07/2008 21:01:10 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned 24/07/2008 21:01:10 Running module: lsass.exe\Secur32.dll ok scanned 24/07/2008 21:01:10 File: C:\WINDOWS\system32\Secur32.dll ok scanned 24/07/2008 21:01:10 Running module: lsass.exe\LSASRV.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\LSASRV.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\MPR.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\MPR.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\USER32.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\USER32.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\GDI32.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\GDI32.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\MSASN1.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\MSASN1.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\msvcrt.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\msvcrt.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\NETAPI32.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\NETAPI32.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\NTDSAPI.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\NTDSAPI.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\DNSAPI.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\DNSAPI.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\WS2_32.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\WS2_32.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\WS2HELP.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\WS2HELP.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\WLDAP32.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\WLDAP32.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\SAMLIB.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\SAMLIB.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\SAMSRV.dll ok scanned 24/07/2008 21:01:12 File: C:\WINDOWS\system32\SAMSRV.dll ok scanned 24/07/2008 21:01:12 Running module: lsass.exe\cryptdll.dll ok scanned 24/07/2008 21:01:12 File: C:\WINDOWS\system32\cryptdll.dll ok scanned 24/07/2008 21:01:12 Running module: lsass.exe\ShimEng.dll ok scanned 24/07/2008 21:01:12 File: C:\WINDOWS\system32\ShimEng.dll ok scanned 24/07/2008 21:01:12 Running module: lsass.exe\AcGenral.DLL ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\AppPatch\AcGenral.DLL ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\WINMM.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\WINMM.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\ole32.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\ole32.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\OLEAUT32.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\MSACM32.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\MSACM32.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\VERSION.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\VERSION.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\SHELL32.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\SHELL32.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\SHLWAPI.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\USERENV.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\USERENV.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\UxTheme.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\UxTheme.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\IMM32.DLL ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\IMM32.DLL ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\serwvdrv.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\serwvdrv.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\umdmxfrm.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\umdmxfrm.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\comctl32.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\comctl32.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\comctl32.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\msprivs.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\msprivs.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\kerberos.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\kerberos.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\msv1_0.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\msv1_0.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\iphlpapi.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\iphlpapi.dll ok scanned 24/07/2008 21:01:14 Running module: lsass.exe\netlogon.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\netlogon.dll ok scanned 24/07/2008 21:01:14 Running module: lsass.exe\w32time.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\w32time.dll ok scanned 24/07/2008 21:01:14 Running module: lsass.exe\MSVCP60.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\MSVCP60.dll ok scanned 24/07/2008 21:01:14 Running module: lsass.exe\schannel.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\schannel.dll ok scanned 24/07/2008 21:01:14 Running module: lsass.exe\CRYPT32.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\CRYPT32.dll ok scanned 24/07/2008 21:01:14 Running module: lsass.exe\wdigest.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\wdigest.dll ok scanned 24/07/2008 21:01:14 Running module: lsass.exe\rsaenh.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\rsaenh.dll ok scanned 24/07/2008 21:01:14 Running module: lsass.exe\scecli.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\scecli.dll ok scanned 24/07/2008 21:01:14 Running module: lsass.exe\SETUPAPI.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\SETUPAPI.dll ok scanned 24/07/2008 21:01:14 Running module: svchost.exe\svchost.exe ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\svchost.exe ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\ntdll.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\ntdll.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\kernel32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\kernel32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\ADVAPI32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\RPCRT4.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\Secur32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\Secur32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\ShimEng.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\ShimEng.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\AcGenral.DLL ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\AppPatch\AcGenral.DLL ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\USER32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\USER32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\GDI32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\GDI32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\WINMM.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\WINMM.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\ole32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\ole32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\msvcrt.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\msvcrt.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\OLEAUT32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\MSACM32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\MSACM32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\VERSION.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\VERSION.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\SHELL32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\SHELL32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\SHLWAPI.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\USERENV.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\USERENV.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\UxTheme.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\UxTheme.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\IMM32.DLL ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\IMM32.DLL ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\serwvdrv.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\serwvdrv.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\umdmxfrm.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\umdmxfrm.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\comctl32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\comctl32.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\comctl32.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\NTMARTA.DLL ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\NTMARTA.DLL ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\WLDAP32.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\WLDAP32.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\SAMLIB.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\SAMLIB.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\rpcss.dll ok scanned 24/07/2008 21:01:16 File: c:\windows\system32\rpcss.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\WS2_32.dll ok scanned 24/07/2008 21:01:16 File: c:\windows\system32\WS2_32.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\WS2HELP.dll ok scanned 24/07/2008 21:01:16 File: c:\windows\system32\WS2HELP.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\xpsp2res.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\xpsp2res.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\CLBCATQ.DLL ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\CLBCATQ.DLL ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\COMRes.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\COMRes.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\WTSAPI32.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\WTSAPI32.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\WINSTA.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\WINSTA.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\NETAPI32.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\NETAPI32.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\msv1_0.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\msv1_0.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\iphlpapi.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\iphlpapi.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\Apphelp.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\Apphelp.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\svchost.exe ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\svchost.exe ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\ntdll.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\ntdll.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\kernel32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\kernel32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\ADVAPI32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\RPCRT4.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\Secur32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\Secur32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\ShimEng.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\ShimEng.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\AcGenral.DLL ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\AppPatch\AcGenral.DLL ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\USER32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\USER32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\GDI32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\GDI32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\WINMM.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\WINMM.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\ole32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\ole32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\msvcrt.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\msvcrt.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\OLEAUT32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\MSACM32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\MSACM32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\VERSION.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\VERSION.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\SHELL32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\SHELL32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\SHLWAPI.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\USERENV.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\USERENV.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\UxTheme.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\UxTheme.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\IMM32.DLL ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\IMM32.DLL ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\serwvdrv.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\serwvdrv.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\umdmxfrm.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\umdmxfrm.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\comctl32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\comctl32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\comctl32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\rpcss.dll ok scanned 24/07/2008 21:01:17 File: c:\windows\system32\rpcss.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\WS2_32.dll ok scanned 24/07/2008 21:01:17 File: c:\windows\system32\WS2_32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\WS2HELP.dll ok scanned 24/07/2008 21:01:17 File: c:\windows\system32\WS2HELP.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\xpsp2res.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\xpsp2res.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\rsaenh.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\rsaenh.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\mswsock.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\mswsock.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\hnetcfg.dll ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\system32\hnetcfg.dll ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\wshtcpip.dll ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\System32\wshtcpip.dll ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\DNSAPI.dll ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\system32\DNSAPI.dll ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\iphlpapi.dll ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\system32\iphlpapi.dll ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\winrnr.dll ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\System32\winrnr.dll ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\WLDAP32.dll ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\system32\WLDAP32.dll ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\rasadhlp.dll ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\system32\rasadhlp.dll ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\CLBCATQ.DLL ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\system32\CLBCATQ.DLL ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\COMRes.dll ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\system32\COMRes.dll ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\svchost.exe ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\system32\svchost.exe ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\ntdll.dll ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\system32\ntdll.dll ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\kernel32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\kernel32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\ADVAPI32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\RPCRT4.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\Secur32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\Secur32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\ShimEng.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\ShimEng.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\AcGenral.DLL ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\AppPatch\AcGenral.DLL ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\USER32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\USER32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\GDI32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\GDI32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\WINMM.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\WINMM.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\ole32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\ole32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\msvcrt.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\msvcrt.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\OLEAUT32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\MSACM32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\MSACM32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\VERSION.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\VERSION.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\SHELL32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\SHELL32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\SHLWAPI.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\USERENV.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\USERENV.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\UxTheme.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\UxTheme.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\IMM32.DLL ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\IMM32.DLL ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\serwvdrv.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\serwvdrv.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\umdmxfrm.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\umdmxfrm.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\comctl32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\comctl32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\comctl32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\NTMARTA.DLL ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\NTMARTA.DLL ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\WLDAP32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\WLDAP32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\SAMLIB.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\SAMLIB.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\xpsp2res.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\xpsp2res.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\cryptsvc.dll ok scanned 24/07/2008 21:01:19 File: c:\windows\system32\cryptsvc.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\WINTRUST.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\WINTRUST.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\CRYPT32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\CRYPT32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\MSASN1.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\MSASN1.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\IMAGEHLP.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\IMAGEHLP.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\certcli.dll ok scanned 24/07/2008 21:01:19 File: c:\windows\system32\certcli.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\ATL.DLL ok scanned 24/07/2008 21:01:20 File: c:\windows\system32\ATL.DLL ok scanned 24/07/2008 21:01:20 Running module: svchost.exe\NETAPI32.dll ok scanned 24/07/2008 21:01:20 File: C:\WINDOWS\system32\NETAPI32.dll ok scanned 24/07/2008 21:01:20 Running module: svchost.exe\CRYPTUI.dll ok scanned 24/07/2008 21:01:20 File: C:\WINDOWS\system32\CRYPTUI.dll ok scanned 24/07/2008 21:01:20 Running module: svchost.exe\WININET.dll ok scanned 24/07/2008 21:01:21 File: C:\WINDOWS\system32\WININET.dll packed file PE_Patch
- le 25 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

bonsoir je n'arrive pas à poster le log de avp tool (je pense qu'il est trop lourd 3,5 Mo) je t'envois le log hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:46:18, on 25/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\RFA Platinum\rfagent.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe C:\PROGRA~1\Mouse\Amoumain.exe C:\WINDOWS\Domino.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Gilles\Bureau\prog anti malwares\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe" O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe] C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Mouse\Amoumain.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - solidconverterpdf - (no file) (HKCU) O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://gr.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {ef791a6b-fc12-4c68-99ef-fb9e207a39e6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...343/mcfscan.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 12557 bytes
- le 25 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

je te posterai le log que ce soir car ce matin après une nuit de scan je n'étais qu'a 75 %
- le 25 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

Merci pour ta réponse bien que je sois collectionneur c'est bien un type de collection que je me passerais bien je vais lancer avp tool cette nuit
- le 24 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

comme convenu voici le rapport de kaspersky C:\ D:\ F:\ H:\ I:\ J:\ K:\ Statistiques de l'analyse Total d'objets analysés 237492 Nombre de virus trouvés 2 Nombre d'objets infectés 32 / 0 Nombre d'objets suspects 0 Durée de l'analyse 03:28:21 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\tempIpRules.xdb L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{BC1B098C-1F0E-4FE8-AA21-F69C2F5C4B9B}.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{D2D8F3BE-271E-48C1-A96A-22C82106D8CA}.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR5.tmp L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\history.dat L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\search.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\urlclassifier2.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Cookies\INDEX.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Historique\History.IE5\INDEX.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Historique\History.IE5\MSHist012008072320080724\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Temp\~DF207F.tmp L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Mes documents\01zoomphoto\advd6.8.0.2\TSlysoft\Crack Slysoft Suite 1.37.exe Infecté : Backdoor.Win32.Hupigon.cdnk ignoré C:\Documents and Settings\Gilles\Mes documents\01zoomphoto\advd6.8.0.2\TSlysoft\Crack Slysoft Suite 1.37.rar/Crack Slysoft Suite 1.37.exe Infecté : Backdoor.Win32.Hupigon.cdnk ignoré C:\Documents and Settings\Gilles\Mes documents\01zoomphoto\advd6.8.0.2\TSlysoft\Crack Slysoft Suite 1.37.rar RAR: infecté - 1 ignoré C:\Documents and Settings\Gilles\Mes documents\Mises à jour de programme téléchargées\Update Manager\RecordNow Copy (Basic) 2.0.0.1\Copy2001Basic.exe//COPY.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab/common/update.exe Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Mises à jour de programme téléchargées\Update Manager\RecordNow Copy (Basic) 2.0.0.1\Copy2001Basic.exe//COPY.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Mises à jour de programme téléchargées\Update Manager\RecordNow Copy (Basic) 2.0.0.1\Copy2001Basic.exe//COPY.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Mises à jour de programme téléchargées\Update Manager\RecordNow Copy (Basic) 2.0.0.1\Copy2001Basic.exe//COPY.msi Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Mises à jour de programme téléchargées\Update Manager\RecordNow Copy (Basic) 2.0.0.1\Copy2001Basic.exe Commodore: infecté - 4 ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage\Sonic.RecordNOW.Deluxe.v7.3.Multilanguage\recordnow_73\recnow.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab/common/update.exe Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage\Sonic.RecordNOW.Deluxe.v7.3.Multilanguage\recordnow_73\recnow.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage\Sonic.RecordNOW.Deluxe.v7.3.Multilanguage\recordnow_73\recnow.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage\Sonic.RecordNOW.Deluxe.v7.3.Multilanguage\recordnow_73\recnow.msi Embedded: infecté - 3 ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage\Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip/recordnow_73/recnow.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab/common/update.exe Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage\Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip/recordnow_73/recnow.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage\Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip/recordnow_73/recnow.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage\Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip/recordnow_73/recnow.msi Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage\Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip ZIP: infecté - 4 ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage.rar/Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip/recordnow_73/recnow.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab/common/update.exe Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage.rar/Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip/recordnow_73/recnow.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage.rar/Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip/recordnow_73/recnow.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage.rar/Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip/recordnow_73/recnow.msi Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage.rar/Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage.rar RAR: infecté - 5 ignoré C:\Documents and Settings\Gilles\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\INDEX.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\INDEX.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20080723-200056.log L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG L'objet est verrouillé ignoré C:\Program Files\SlySoft\AnyDVD\Crack Slysoft Suite 1.37.exe Infecté : Backdoor.Win32.Hupigon.cdnk ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP458\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\Installer\15b27a.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab/common/update.exe Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\WINDOWS\Installer\15b27a.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\WINDOWS\Installer\15b27a.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\WINDOWS\Installer\15b27a.msi Embedded: infecté - 3 ignoré C:\WINDOWS\Installer\2ad99a1.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab/common/update.exe Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\WINDOWS\Installer\2ad99a1.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\WINDOWS\Installer\2ad99a1.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\WINDOWS\Installer\2ad99a1.msi Embedded: infecté - 3 ignoré C:\WINDOWS\S7267960D.tmp L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\default L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\ODiag.evt L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\OSession.evt L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\sam L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\security L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\software L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\system L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\H323LOG.TXT L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\Temp\mcafee_FsBweR1FfbP1hkP L'objet est verrouillé ignoré C:\WINDOWS\Temp\mcmsc_fsMKvzKXMj9yvbQ L'objet est verrouillé ignoré C:\WINDOWS\Temp\mcmsc_G5Tmi6sf6Tl8nLq L'objet est verrouillé ignoré C:\WINDOWS\Temp\mcmsc_TxHjIcRreDICjiy L'objet est verrouillé ignoré C:\WINDOWS\Temp\mcmsc_uNUMFlcIVRYA74i L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_194.dat L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_2c8.dat L'objet est verrouillé ignoré C:\WINDOWS\WIADEBUG.LOG L'objet est verrouillé ignoré C:\WINDOWS\WIASERVC.LOG L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré Analyse terminée.
- le 23 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

voilà le log après la manipulation recommandée Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:41:56, on 23/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe C:\PROGRA~1\Mouse\Amoumain.exe C:\WINDOWS\Domino.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Documents and Settings\Gilles\Bureau\prog anti malwares\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe" O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe] C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Mouse\Amoumain.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://gr.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {ef791a6b-fc12-4c68-99ef-fb9e207a39e6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...343/mcfscan.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 12031 bytes pour pando je ne sais pas encore si je le désinstalle car il est bien pratique si tu me dis d'aller voir sur le forum software tu suggère que le problème que je rencontre est un problème logiciel ? merci de ton aide
- le 23 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

je viens de faire O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start 04- HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe 04- HKLM\..\Run: [adobe reader speed launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) Ferme tous les programmes ouverts et clique sur Fix Checked. j'ai désinstallé acrobat reader 8 et installé foxit comme tu me l'a suggeré j'ai redémarré mon pc et j'ai eu de nouveau l'alerte de mcafee sur le débordement de la mémoire tampon j'ai de nouveau redémarré mon pc et là pas d'alerte voici le log hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:48:18, on 23/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe C:\PROGRA~1\Mouse\Amoumain.exe C:\WINDOWS\Domino.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Gilles\Bureau\prog anti malwares\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe" O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe] C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Mouse\Amoumain.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036 O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://gr.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {ef791a6b-fc12-4c68-99ef-fb9e207a39e6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...343/mcfscan.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 12839 bytes teatimer est-il nécessaire avec spibot ?
- le 23 juillet 2008
- 27 réponses

Connexion

baret

Compteur de contenus

Inscription

Dernière visite

Autres informations

baret's Achievements

Member (4/12)

Réputation sur la communauté

[résolu] ouverture d'un page web non désirée

[résolu] ouverture d'un page web non désirée

[résolu] ouverture d'un page web non désirée

[résolu] ouverture d'un page web non désirée

[résolu] ouverture d'un page web non désirée

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

Zebulon

Outils en ligne

Naviguer