baret

Membres

Afficher le profil Afficher son activité

Compteur de contenus
35
Inscription
le 19 mai 2007
Dernière visite
le 20 février 2009

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par baret

[résolu] ouverture d'un page web non désirée

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

:P merci pour ton aide
- le 5 janvier 2009
- 8 réponses
[résolu] ouverture d'un page web non désirée

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

Merci Angélique pour ces précisions comme convenu voici les logs : javara.log JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Mon Jan 05 12:43:34 2009 Found and removed: C:\Program Files\Java\jre1.6.0 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610000 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610000 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000 Found and removed: SOFTWARE\Classes\JavaPlugin.160 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160000} Found and removed: Software\Classes\JavaPlugin.160 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\bin\ ------------------------------------ Finished reporting. log de hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:49:28, on 05/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\DMI\WIN32\bin\DellDmi.exe C:\Program Files\Dell\OpenManage\Client\EventAgt.exe C:\Program Files\Dell\OpenManage\Client\DLT.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\lotus\notes\ntmulti.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\dmi\win32\bin\Win32sl.exe C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Dell\AccessDirect\DadTray.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Fichiers communs\XCPCSync\Translators\LtNts4\NtsAgent.exe C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\TRENDnet.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\CPSHelpRunner.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intra15/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [synapseUpdate] C:\Program Files\Synapse Développement\Synapse Update\Synapse Update.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [EasySync Pro - LtNts4] C:\Program Files\Fichiers communs\XCPCSync\Translators\LtNts4\NtsAgent.exe O4 - HKLM\..\Run: [EasySync Pro] C:\Program Files\Fichiers communs\XCPCMenu.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = ? O8 - Extra context menu item: &Point&&Go - C:\Program Files\Fichiers communs\Expert System\PGPlatform\PGPlatform.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\Program Files\lotus\notes\ntmulti.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxLiveShare.exe O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCom\RoxUpnpRenderer.exe O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe O23 - Service: VNC Server (winvnc) - AT&T Research Labs Cambridge - C:\Program Files\ORL\VNC\WinVNC.exe -- End of file - 11295 bytes
- le 5 janvier 2009
- 8 réponses
[résolu] ouverture d'un page web non désirée

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

Merci Angelique pour ton aide je te souhaite ainsi à tes proches une excellente année 2009 et à toutes la team de Zebulon j'ai fais tout ce que tu m'as indiqué la seule chose que je n'ai pu faire est de fixer O4 - HKLM\..\Run: [ymsog] "c:\windows\system32\ymsog.exe" ymsog car je ne l'avais plus
- le 5 janvier 2009
- 8 réponses
[résolu] ouverture d'un page web non désirée

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

Angelique un grand merci pour ton aide voici les logs apres le passage de navilog1: Search Navipromo version 2.0.2 commencé le 30/12/2008 à 20:26:29,60 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** WebMediaPlayer *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** C:\Program Files\WebMediaPlayer trouvé ! *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\GRoels\Application Data *** *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR ====================================== Copyright 2005-2006 F-Secure Corporation. All rights reserved. This is a beta version. It will expire on 1st of April, 2007. Version information: 2.2.1061. [+] Started on 12/30/08 at 20:26:31. [-] ERROR: This version of F-Secure BlackLight has expired. [+] Exited on 12/30/08 at 20:26:31 (return code = 3). *** Recherche fichiers *** C:\WINDOWS\pack.epk trouvé ! *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control HKEY_CURRENT_USER\Software\Lanconfig trouvé ! HKEY_USERS\S-1-5-21-1809328616-323243290-1861945104-2138\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : * C:\WINDOWS\system32\ymsog.dat trouvé ! ** C:\WINDOWS\system32\ymsog.dat trouvé ! *** **** C:\WINDOWS\system32\ymsog_navps.dat trouvé ! ***** ****** ******* ******** *** Analyse Terminé le 30/12/2008 à 20:27:29,77 *** Clean Navipromo version 2.0.2 commencé le 30/12/2008 à 20:28:44,09 Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO Mode suppression automatique avec prise en charge résultats Blacklight *** fsbl1.txt non trouvé *** (Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche) *** Suppression dossiers dans C:\WINDOWS *** *** Suppression dossiers dans C:\Program Files *** C:\Program Files\WebMediaPlayer ...suppression... C:\Program Files\WebMediaPlayer supprimé ! *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Suppression dossiers dans C:\Documents and Settings\GRoels\Application Data *** *** Suppression fichiers *** C:\WINDOWS\pack.epk supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\GRoels\Local Settings\Temp effectué ! *** Sauvegarde du registre vers dossier Backupnavi*** sauvegarde du registre réalise avec succes ! *** Nettoyage registre *** Nettoyage registre Ok *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche et Suppression Heuristique :* C:\WINDOWS\System32\ymsog.dat trouvé ! Copie C:\WINDOWS\system32\ymsog.dat réalise avec succes ! C:\WINDOWS\system32\ymsog.dat supprimé ! ** *** **** C:\WINDOWS\System32\ymsog_navps.dat trouvé ! Copie C:\WINDOWS\system32\ymsog_navps.dat réalise avec succes ! C:\WINDOWS\system32\ymsog_navps.dat supprimé ! ***** C:\WINDOWS\System32\ymsog_nav.dat trouvé ! Copie C:\WINDOWS\system32\ymsog_nav.dat réalise avec succes ! C:\WINDOWS\system32\ymsog_nav.dat supprimé ! ****** ******* ******** 3)Contrôle présence clés Rootkit dans le registre : Aucune autre clés présente dans le registre ! *** Nettoyage termine le 30/12/2008 à 20:34:28,80 *** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:42:46, on 30/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\DMI\WIN32\bin\DellDmi.exe C:\Program Files\Dell\OpenManage\Client\EventAgt.exe C:\Program Files\Dell\OpenManage\Client\DLT.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\lotus\notes\ntmulti.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\dmi\win32\bin\Win32sl.exe C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\notepad.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intra15/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 128.128.0.7 srv2 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [synapseUpdate] C:\Program Files\Synapse Développement\Synapse Update\Synapse Update.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [EasySync Pro - LtNts4] C:\Program Files\Fichiers communs\XCPCSync\Translators\LtNts4\NtsAgent.exe O4 - HKLM\..\Run: [EasySync Pro] C:\Program Files\Fichiers communs\XCPCMenu.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [ymsog] "c:\windows\system32\ymsog.exe" ymsog O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = ? O8 - Extra context menu item: &Point&&Go - C:\Program Files\Fichiers communs\Expert System\PGPlatform\PGPlatform.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\Program Files\lotus\notes\ntmulti.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxLiveShare.exe O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCom\RoxUpnpRenderer.exe O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe O23 - Service: VNC Server (winvnc) - AT&T Research Labs Cambridge - C:\Program Files\ORL\VNC\WinVNC.exe -- End of file - 10266 bytes
- le 30 décembre 2008
- 8 réponses
[résolu] ouverture d'un page web non désirée

baret a posté un sujet dans Analyses et éradication malwares

bonjour à tous et je profite pour vous souhaitez de très bonnes fêtes de fin d'année voilà j'ai un problème sur mon portable une fenêtre s'ouvre de manière intempestive dont voici l'adresse : hxxp://em.pc-on-internet.com/media/22/309/5714/crazy468a70902.gif je pense que c'est un malware merci de votre aide je vous joins le log d'hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:57:43, on 30/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\DMI\WIN32\bin\DellDmi.exe C:\Program Files\Dell\OpenManage\Client\EventAgt.exe C:\Program Files\Dell\OpenManage\Client\DLT.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\lotus\notes\ntmulti.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\dmi\win32\bin\Win32sl.exe C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\AccessDirect\DadTray.exe C:\Program Files\Fichiers communs\XCPCSync\Translators\LtNts4\NtsAgent.exe C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\CPSHelpRunner.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\TRENDnet.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intra15/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 128.128.0.7 srv2 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [synapseUpdate] C:\Program Files\Synapse Développement\Synapse Update\Synapse Update.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [EasySync Pro - LtNts4] C:\Program Files\Fichiers communs\XCPCSync\Translators\LtNts4\NtsAgent.exe O4 - HKLM\..\Run: [EasySync Pro] C:\Program Files\Fichiers communs\XCPCMenu.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = ? O8 - Extra context menu item: &Point&&Go - C:\Program Files\Fichiers communs\Expert System\PGPlatform\PGPlatform.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\Program Files\lotus\notes\ntmulti.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxLiveShare.exe O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCom\RoxUpnpRenderer.exe O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe O23 - Service: VNC Server (winvnc) - AT&T Research Labs Cambridge - C:\Program Files\ORL\VNC\WinVNC.exe -- End of file - 11195 bytes PS j'avais l'habitude d'aller voir aussi du coté de cybersecurite mais le site est suspendu avez vous des nouvelles de Bruce et des autres helpers je vous remercie par avance
- le 30 décembre 2008
- 8 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

merci Falkra pour tes recommandations ce que tu m'indique ça parait évident malheureusement après qu'on ai cliqué sur un crack j'ai été stupide et je ne recommencerais pas de sitôt suis bien content que tu m'indique que mon pc est de nouveau clean bien que le message de mcafee m'indiquant que service.exe a tenter de faire un débordement de mémoire tampon ce qui m'incite à penser que j'ai toujours quelque chose merci aussi à Apollo.01 pour tout ce temps passé à m'aider à nettoyer mon pc
- le 25 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

merci pour ton aide j'attends un peu et si quelqu'un d'autre a une idée et je vais voir après du coté de software comme tu me le suggère
- le 25 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

le problème c'est que j'ai toujours un fenêtre mcafee qui s'ouvre au démarrage et qui indique que service.exe effectuer un débordement de la mémoire tampon comme au début de mon post ce qui m'incite à dire que c'est pas encore résolu
- le 25 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

c'est partie ! Scan ---- Scanned: 1458492 Detected: 15 Untreated: 0 Start time: 24/07/2008 20:59:49 Duration: 20:14:00 Finish time: 25/07/2008 17:13:49 Detected -------- Status Object ------ ------ deleted: adware not-a-virus:AdWare.Win32.Dap.h File: C:\Documents and Settings\Gilles\Mes documents\01zoomphoto\DAPP7401\dap74.exe//WiseSFXDropper//WISE0024.BIN/dapiebar.dll deleted: adware not-a-virus:AdWare.Win32.BHO.aa File: C:\Documents and Settings\Gilles\Mes documents\serial 2000 update\s2k.7.1.plus\setup.exe deleted: riskware not-a-virus:PSWTool.Win32.PWDump.2 File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique by Spi0n.rar/Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Couteau suisse Xp.exe//PE_Patch//UPack//data0000.cab/rock.exe/pwdump2\samdump.dll//UPX deleted: riskware not-a-virus:PSWTool.Win32.PWDump.2 File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique by Spi0n.rar/Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Couteau suisse Xp.exe//PE_Patch//UPack//data0000.cab/rock.exe/pwdump2\pwdump2.exe//UPX deleted: riskware not-a-virus:PSWTool.Win32.RAS.a File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique by Spi0n.rar/Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Couteau suisse Xp.exe//PE_Patch//UPack//data0000.cab/RockXP4.exe//UPX deleted: riskware not-a-virus:PSWTool.Win32.RAS.a File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique by Spi0n.rar/Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Changer de clef XP\Changer de clef XP.exe/xpkey.exe deleted: riskware not-a-virus:PSWTool.Win32.RAS.a File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique by Spi0n.rar/Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Changer de clef XP\Changer de clef XP.exe/officekey.exe deleted: riskware not-a-virus:PSWTool.Win32.PWDump.2 File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Couteau suisse Xp.exe//PE_Patch//UPack//data0000.cab/rock.exe/pwdump2\samdump.dll//UPX deleted: riskware not-a-virus:PSWTool.Win32.PWDump.2 File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Couteau suisse Xp.exe//PE_Patch//UPack//data0000.cab/rock.exe/pwdump2\pwdump2.exe//UPX deleted: riskware not-a-virus:PSWTool.Win32.RAS.a File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Couteau suisse Xp.exe//PE_Patch//UPack//data0000.cab/RockXP4.exe//UPX deleted: riskware not-a-virus:PSWTool.Win32.RAS.a File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Changer de clef XP\Changer de clef XP.exe/xpkey.exe deleted: riskware not-a-virus:PSWTool.Win32.RAS.a File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Changer de clef XP\Changer de clef XP.exe/officekey.exe deleted: Trojan program Backdoor.Win32.Hupigon.cdnk File: C:\Program Files\SlySoft\AnyDVD\Crack Slysoft Suite 1.37.exe//PE_Patch deleted: riskware not-a-virus:PSWTool.Win32.RAS.a File: C:\Documents and Settings\Gilles\Mes documents\Windows.Genuine.Advantage.Validation.v1.4.389.0\Windows Authentique\Tirez votre copie de Windows 100% véritable en 2 secondes\Divers\Couteau suisse Xp.exe//PE_Patch//UPack deleted: riskware not-a-virus:PSWTool.Win32.RAS.a File: c:\documents and settings\gilles\mes documents\windows.genuine.advantage.validation.v1.4.389.0\windows authentique\tirez votre copie de windows 100% véritable en 2 secondes\divers\changer de clef xp\changer de clef xp.exe Events ------ Time Name Status Reason ---- ---- ------ ------ 24/07/2008 21:00:31 Running module: smss.exe\smss.exe ok scanned 24/07/2008 21:00:32 File: C:\WINDOWS\System32\smss.exe ok scanned 24/07/2008 21:00:32 Running module: smss.exe\ntdll.dll ok scanned 24/07/2008 21:00:33 File: C:\WINDOWS\system32\ntdll.dll ok scanned 24/07/2008 21:00:33 Running module: csrss.exe\csrss.exe ok scanned 24/07/2008 21:00:33 File: C:\WINDOWS\system32\csrss.exe ok scanned 24/07/2008 21:00:33 Running module: csrss.exe\ntdll.dll ok scanned 24/07/2008 21:00:33 File: C:\WINDOWS\system32\ntdll.dll ok scanned 24/07/2008 21:00:33 Running module: csrss.exe\CSRSRV.dll ok scanned 24/07/2008 21:00:33 File: C:\WINDOWS\system32\CSRSRV.dll ok scanned 24/07/2008 21:00:33 Running module: csrss.exe\basesrv.dll ok scanned 24/07/2008 21:00:33 File: C:\WINDOWS\system32\basesrv.dll ok scanned 24/07/2008 21:00:33 Running module: csrss.exe\winsrv.dll ok scanned 24/07/2008 21:00:34 File: C:\WINDOWS\system32\winsrv.dll ok scanned 24/07/2008 21:00:34 Running module: csrss.exe\GDI32.dll ok scanned 24/07/2008 21:00:34 File: C:\WINDOWS\system32\GDI32.dll ok scanned 24/07/2008 21:00:34 Running module: csrss.exe\KERNEL32.dll ok scanned 24/07/2008 21:00:34 File: C:\WINDOWS\system32\KERNEL32.dll ok scanned 24/07/2008 21:00:34 Running module: csrss.exe\USER32.dll ok scanned 24/07/2008 21:00:35 File: C:\WINDOWS\system32\USER32.dll ok scanned 24/07/2008 21:00:35 Running module: csrss.exe\sxs.dll ok scanned 24/07/2008 21:00:35 File: C:\WINDOWS\system32\sxs.dll ok scanned 24/07/2008 21:00:35 Running module: csrss.exe\ADVAPI32.dll ok scanned 24/07/2008 21:00:35 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned 24/07/2008 21:00:35 Running module: csrss.exe\RPCRT4.dll ok scanned 24/07/2008 21:00:35 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned 24/07/2008 21:00:35 Running module: csrss.exe\Secur32.dll ok scanned 24/07/2008 21:00:35 File: C:\WINDOWS\system32\Secur32.dll ok scanned 24/07/2008 21:00:35 Running module: winlogon.exe\winlogon.exe ok scanned 24/07/2008 21:00:37 File: C:\WINDOWS\system32\winlogon.exe ok scanned 24/07/2008 21:00:37 Running module: winlogon.exe\ntdll.dll ok scanned 24/07/2008 21:00:37 File: C:\WINDOWS\system32\ntdll.dll ok scanned 24/07/2008 21:00:37 Running module: winlogon.exe\kernel32.dll ok scanned 24/07/2008 21:00:37 File: C:\WINDOWS\system32\kernel32.dll ok scanned 24/07/2008 21:00:37 Running module: winlogon.exe\ADVAPI32.dll ok scanned 24/07/2008 21:00:37 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned 24/07/2008 21:00:37 Running module: winlogon.exe\RPCRT4.dll ok scanned 24/07/2008 21:00:37 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned 24/07/2008 21:00:37 Running module: winlogon.exe\Secur32.dll ok scanned 24/07/2008 21:00:37 File: C:\WINDOWS\system32\Secur32.dll ok scanned 24/07/2008 21:00:37 Running module: winlogon.exe\AUTHZ.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\AUTHZ.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\msvcrt.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\msvcrt.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\CRYPT32.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\CRYPT32.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\USER32.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\USER32.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\GDI32.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\GDI32.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\MSASN1.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\MSASN1.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\NDdeApi.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\NDdeApi.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\PROFMAP.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\PROFMAP.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\NETAPI32.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\NETAPI32.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\USERENV.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\USERENV.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\PSAPI.DLL ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\PSAPI.DLL ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\REGAPI.dll ok scanned 24/07/2008 21:00:38 File: C:\WINDOWS\system32\REGAPI.dll ok scanned 24/07/2008 21:00:38 Running module: winlogon.exe\SETUPAPI.dll ok scanned 24/07/2008 21:00:40 File: C:\WINDOWS\system32\SETUPAPI.dll ok scanned 24/07/2008 21:00:40 Running module: winlogon.exe\VERSION.dll ok scanned 24/07/2008 21:00:40 File: C:\WINDOWS\system32\VERSION.dll ok scanned 24/07/2008 21:00:40 Running module: winlogon.exe\WINSTA.dll ok scanned 24/07/2008 21:00:40 File: C:\WINDOWS\system32\WINSTA.dll ok scanned 24/07/2008 21:00:40 Running module: winlogon.exe\WINTRUST.dll ok scanned 24/07/2008 21:00:40 File: C:\WINDOWS\system32\WINTRUST.dll ok scanned 24/07/2008 21:00:40 Running module: winlogon.exe\IMAGEHLP.dll ok scanned 24/07/2008 21:00:40 File: C:\WINDOWS\system32\IMAGEHLP.dll ok scanned 24/07/2008 21:00:40 Running module: winlogon.exe\WS2_32.dll ok scanned 24/07/2008 21:00:40 File: C:\WINDOWS\system32\WS2_32.dll ok scanned 24/07/2008 21:00:40 Running module: winlogon.exe\WS2HELP.dll ok scanned 24/07/2008 21:00:40 File: C:\WINDOWS\system32\WS2HELP.dll ok scanned 24/07/2008 21:00:40 Running module: winlogon.exe\IMM32.DLL ok scanned 24/07/2008 21:00:41 File: C:\WINDOWS\system32\IMM32.DLL ok scanned 24/07/2008 21:00:41 Running module: winlogon.exe\MSGINA.dll ok scanned 24/07/2008 21:00:42 File: C:\WINDOWS\system32\MSGINA.dll ok scanned 24/07/2008 21:00:42 Running module: winlogon.exe\SHELL32.dll ok scanned 24/07/2008 21:00:51 File: C:\WINDOWS\system32\SHELL32.dll ok scanned 24/07/2008 21:00:51 Running module: winlogon.exe\SHLWAPI.dll ok scanned 24/07/2008 21:00:51 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned 24/07/2008 21:00:51 Running module: winlogon.exe\COMCTL32.dll ok scanned 24/07/2008 21:00:51 File: C:\WINDOWS\system32\COMCTL32.dll ok scanned 24/07/2008 21:00:51 Running module: winlogon.exe\ODBC32.dll ok scanned 24/07/2008 21:00:51 File: C:\WINDOWS\system32\ODBC32.dll ok scanned 24/07/2008 21:00:51 Running module: winlogon.exe\comdlg32.dll ok scanned 24/07/2008 21:00:51 File: C:\WINDOWS\system32\comdlg32.dll ok scanned 24/07/2008 21:00:51 Running module: winlogon.exe\comctl32.dll ok scanned 24/07/2008 21:00:53 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ok scanned 24/07/2008 21:00:53 Running module: winlogon.exe\odbcint.dll ok scanned 24/07/2008 21:00:53 File: C:\WINDOWS\system32\odbcint.dll ok scanned 24/07/2008 21:00:53 Running module: winlogon.exe\SHSVCS.dll ok scanned 24/07/2008 21:00:53 File: C:\WINDOWS\system32\SHSVCS.dll ok scanned 24/07/2008 21:00:53 Running module: winlogon.exe\sfc.dll ok scanned 24/07/2008 21:00:53 File: C:\WINDOWS\system32\sfc.dll ok scanned 24/07/2008 21:00:53 Running module: winlogon.exe\sfc_os.dll ok scanned 24/07/2008 21:00:54 File: C:\WINDOWS\system32\sfc_os.dll ok scanned 24/07/2008 21:00:54 Running module: winlogon.exe\ole32.dll ok scanned 24/07/2008 21:00:55 File: C:\WINDOWS\system32\ole32.dll ok scanned 24/07/2008 21:00:55 Running module: winlogon.exe\Apphelp.dll ok scanned 24/07/2008 21:00:55 File: C:\WINDOWS\system32\Apphelp.dll ok scanned 24/07/2008 21:00:55 Running module: winlogon.exe\msctfime.ime ok scanned 24/07/2008 21:00:55 File: C:\WINDOWS\system32\msctfime.ime ok scanned 24/07/2008 21:00:55 Running module: winlogon.exe\WINMM.dll ok scanned 24/07/2008 21:00:55 File: C:\WINDOWS\system32\WINMM.dll ok scanned 24/07/2008 21:00:55 Running module: winlogon.exe\serwvdrv.dll ok scanned 24/07/2008 21:00:56 File: C:\WINDOWS\system32\serwvdrv.dll ok scanned 24/07/2008 21:00:56 Running module: winlogon.exe\umdmxfrm.dll ok scanned 24/07/2008 21:00:56 File: C:\WINDOWS\system32\umdmxfrm.dll ok scanned 24/07/2008 21:00:56 Running module: winlogon.exe\cscdll.dll ok scanned 24/07/2008 21:00:56 File: C:\WINDOWS\system32\cscdll.dll ok scanned 24/07/2008 21:00:56 Running module: winlogon.exe\WlNotify.dll ok scanned 24/07/2008 21:00:56 File: C:\WINDOWS\system32\WlNotify.dll ok scanned 24/07/2008 21:00:56 Running module: winlogon.exe\WinSCard.dll ok scanned 24/07/2008 21:00:56 File: C:\WINDOWS\system32\WinSCard.dll ok scanned 24/07/2008 21:00:56 Running module: winlogon.exe\WTSAPI32.dll ok scanned 24/07/2008 21:00:56 File: C:\WINDOWS\system32\WTSAPI32.dll ok scanned 24/07/2008 21:00:56 Running module: winlogon.exe\WINSPOOL.DRV ok scanned 24/07/2008 21:00:56 File: C:\WINDOWS\system32\WINSPOOL.DRV ok scanned 24/07/2008 21:00:56 Running module: winlogon.exe\MPR.dll ok scanned 24/07/2008 21:00:56 File: C:\WINDOWS\system32\MPR.dll ok scanned 24/07/2008 21:00:56 Running module: winlogon.exe\rsaenh.dll ok scanned 24/07/2008 21:00:56 File: C:\WINDOWS\system32\rsaenh.dll ok scanned 24/07/2008 21:00:56 Running module: winlogon.exe\WgaLogon.dll ok scanned 24/07/2008 21:00:57 File: C:\WINDOWS\system32\WgaLogon.dll ok scanned 24/07/2008 21:00:57 Running module: winlogon.exe\OLEAUT32.dll ok scanned 24/07/2008 21:00:57 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned 24/07/2008 21:00:57 Running module: winlogon.exe\NTMARTA.DLL ok scanned 24/07/2008 21:00:57 File: C:\WINDOWS\system32\NTMARTA.DLL ok scanned 24/07/2008 21:00:57 Running module: winlogon.exe\WLDAP32.dll ok scanned 24/07/2008 21:00:57 File: C:\WINDOWS\system32\WLDAP32.dll ok scanned 24/07/2008 21:00:57 Running module: winlogon.exe\SAMLIB.dll ok scanned 24/07/2008 21:00:57 File: C:\WINDOWS\system32\SAMLIB.dll ok scanned 24/07/2008 21:00:57 Running module: winlogon.exe\CLBCATQ.DLL ok scanned 24/07/2008 21:00:58 File: C:\WINDOWS\system32\CLBCATQ.DLL ok scanned 24/07/2008 21:00:58 Running module: winlogon.exe\COMRes.dll ok scanned 24/07/2008 21:00:59 File: C:\WINDOWS\system32\COMRes.dll ok scanned 24/07/2008 21:00:59 Running module: winlogon.exe\UxTheme.dll ok scanned 24/07/2008 21:00:59 File: C:\WINDOWS\system32\UxTheme.dll ok scanned 24/07/2008 21:00:59 Running module: winlogon.exe\cscui.dll ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\cscui.dll ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\msacm32.drv ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\msacm32.drv ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\MSACM32.dll ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\MSACM32.dll ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\imaadp32.acm ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\imaadp32.acm ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\msadp32.acm ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\msadp32.acm ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\msg711.acm ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\msg711.acm ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\msgsm32.acm ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\msgsm32.acm ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\tssoft32.acm ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\tssoft32.acm ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\tsd32.dll ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\tsd32.dll ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\msg723.acm ok scanned 24/07/2008 21:01:00 File: C:\WINDOWS\system32\msg723.acm ok scanned 24/07/2008 21:01:00 Running module: winlogon.exe\msaud32.acm ok scanned 24/07/2008 21:01:01 File: C:\WINDOWS\system32\msaud32.acm ok scanned 24/07/2008 21:01:01 Running module: winlogon.exe\sl_anet.acm ok scanned 24/07/2008 21:01:01 File: C:\WINDOWS\system32\sl_anet.acm ok scanned 24/07/2008 21:01:01 Running module: winlogon.exe\iac25_32.ax ok scanned 24/07/2008 21:01:01 File: C:\WINDOWS\system32\iac25_32.ax ok scanned 24/07/2008 21:01:01 Running module: winlogon.exe\l3codecp.acm ok scanned 24/07/2008 21:01:01 File: C:\WINDOWS\system32\l3codecp.acm ok scanned 24/07/2008 21:01:01 Running module: winlogon.exe\sirenacm.dll ok scanned 24/07/2008 21:01:02 File: C:\WINDOWS\system32\sirenacm.dll ok scanned 24/07/2008 21:01:02 Running module: winlogon.exe\MSVCR80.dll ok scanned 24/07/2008 21:01:02 File: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll ok scanned 24/07/2008 21:01:02 Running module: winlogon.exe\msv1_0.dll ok scanned 24/07/2008 21:01:02 File: C:\WINDOWS\system32\msv1_0.dll ok scanned 24/07/2008 21:01:02 Running module: winlogon.exe\iphlpapi.dll ok scanned 24/07/2008 21:01:02 File: C:\WINDOWS\system32\iphlpapi.dll ok scanned 24/07/2008 21:01:02 Running module: winlogon.exe\xpsp2res.dll ok scanned 24/07/2008 21:01:07 File: C:\WINDOWS\system32\xpsp2res.dll ok scanned 24/07/2008 21:01:07 Running module: services.exe\services.exe ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\services.exe ok scanned 24/07/2008 21:01:08 Running module: services.exe\ntdll.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\ntdll.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\kernel32.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\kernel32.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\msvcrt.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\msvcrt.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\ADVAPI32.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\RPCRT4.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\Secur32.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\Secur32.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\USER32.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\USER32.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\GDI32.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\GDI32.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\USERENV.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\USERENV.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\SCESRV.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\SCESRV.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\AUTHZ.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\AUTHZ.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\umpnpmgr.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\umpnpmgr.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\WINSTA.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\WINSTA.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\NETAPI32.dll ok scanned 24/07/2008 21:01:08 File: C:\WINDOWS\system32\NETAPI32.dll ok scanned 24/07/2008 21:01:08 Running module: services.exe\NCObjAPI.DLL ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\NCObjAPI.DLL ok scanned 24/07/2008 21:01:09 Running module: services.exe\MSVCP60.dll ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\MSVCP60.dll ok scanned 24/07/2008 21:01:09 Running module: services.exe\ShimEng.dll ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\ShimEng.dll ok scanned 24/07/2008 21:01:09 Running module: services.exe\AcAdProc.dll ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\AppPatch\AcAdProc.dll ok scanned 24/07/2008 21:01:09 Running module: services.exe\IMM32.DLL ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\IMM32.DLL ok scanned 24/07/2008 21:01:09 Running module: services.exe\Apphelp.dll ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\Apphelp.dll ok scanned 24/07/2008 21:01:09 Running module: services.exe\VERSION.dll ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\VERSION.dll ok scanned 24/07/2008 21:01:09 Running module: services.exe\eventlog.dll ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\eventlog.dll ok scanned 24/07/2008 21:01:09 Running module: services.exe\WS2_32.dll ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\WS2_32.dll ok scanned 24/07/2008 21:01:09 Running module: services.exe\WS2HELP.dll ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\WS2HELP.dll ok scanned 24/07/2008 21:01:09 Running module: services.exe\PSAPI.DLL ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\PSAPI.DLL ok scanned 24/07/2008 21:01:09 Running module: services.exe\wtsapi32.dll ok scanned 24/07/2008 21:01:09 File: C:\WINDOWS\system32\wtsapi32.dll ok scanned 24/07/2008 21:01:09 Running module: lsass.exe\lsass.exe ok scanned 24/07/2008 21:01:10 File: C:\WINDOWS\system32\lsass.exe ok scanned 24/07/2008 21:01:10 Running module: lsass.exe\ntdll.dll ok scanned 24/07/2008 21:01:10 File: C:\WINDOWS\system32\ntdll.dll ok scanned 24/07/2008 21:01:10 Running module: lsass.exe\kernel32.dll ok scanned 24/07/2008 21:01:10 File: C:\WINDOWS\system32\kernel32.dll ok scanned 24/07/2008 21:01:10 Running module: lsass.exe\ADVAPI32.dll ok scanned 24/07/2008 21:01:10 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned 24/07/2008 21:01:10 Running module: lsass.exe\RPCRT4.dll ok scanned 24/07/2008 21:01:10 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned 24/07/2008 21:01:10 Running module: lsass.exe\Secur32.dll ok scanned 24/07/2008 21:01:10 File: C:\WINDOWS\system32\Secur32.dll ok scanned 24/07/2008 21:01:10 Running module: lsass.exe\LSASRV.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\LSASRV.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\MPR.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\MPR.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\USER32.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\USER32.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\GDI32.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\GDI32.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\MSASN1.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\MSASN1.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\msvcrt.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\msvcrt.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\NETAPI32.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\NETAPI32.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\NTDSAPI.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\NTDSAPI.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\DNSAPI.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\DNSAPI.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\WS2_32.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\WS2_32.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\WS2HELP.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\WS2HELP.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\WLDAP32.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\WLDAP32.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\SAMLIB.dll ok scanned 24/07/2008 21:01:11 File: C:\WINDOWS\system32\SAMLIB.dll ok scanned 24/07/2008 21:01:11 Running module: lsass.exe\SAMSRV.dll ok scanned 24/07/2008 21:01:12 File: C:\WINDOWS\system32\SAMSRV.dll ok scanned 24/07/2008 21:01:12 Running module: lsass.exe\cryptdll.dll ok scanned 24/07/2008 21:01:12 File: C:\WINDOWS\system32\cryptdll.dll ok scanned 24/07/2008 21:01:12 Running module: lsass.exe\ShimEng.dll ok scanned 24/07/2008 21:01:12 File: C:\WINDOWS\system32\ShimEng.dll ok scanned 24/07/2008 21:01:12 Running module: lsass.exe\AcGenral.DLL ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\AppPatch\AcGenral.DLL ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\WINMM.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\WINMM.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\ole32.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\ole32.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\OLEAUT32.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\MSACM32.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\MSACM32.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\VERSION.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\VERSION.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\SHELL32.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\SHELL32.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\SHLWAPI.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\USERENV.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\USERENV.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\UxTheme.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\UxTheme.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\IMM32.DLL ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\IMM32.DLL ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\serwvdrv.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\serwvdrv.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\umdmxfrm.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\umdmxfrm.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\comctl32.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\comctl32.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\comctl32.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\msprivs.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\msprivs.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\kerberos.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\kerberos.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\msv1_0.dll ok scanned 24/07/2008 21:01:13 File: C:\WINDOWS\system32\msv1_0.dll ok scanned 24/07/2008 21:01:13 Running module: lsass.exe\iphlpapi.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\iphlpapi.dll ok scanned 24/07/2008 21:01:14 Running module: lsass.exe\netlogon.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\netlogon.dll ok scanned 24/07/2008 21:01:14 Running module: lsass.exe\w32time.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\w32time.dll ok scanned 24/07/2008 21:01:14 Running module: lsass.exe\MSVCP60.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\MSVCP60.dll ok scanned 24/07/2008 21:01:14 Running module: lsass.exe\schannel.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\schannel.dll ok scanned 24/07/2008 21:01:14 Running module: lsass.exe\CRYPT32.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\CRYPT32.dll ok scanned 24/07/2008 21:01:14 Running module: lsass.exe\wdigest.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\wdigest.dll ok scanned 24/07/2008 21:01:14 Running module: lsass.exe\rsaenh.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\rsaenh.dll ok scanned 24/07/2008 21:01:14 Running module: lsass.exe\scecli.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\scecli.dll ok scanned 24/07/2008 21:01:14 Running module: lsass.exe\SETUPAPI.dll ok scanned 24/07/2008 21:01:14 File: C:\WINDOWS\system32\SETUPAPI.dll ok scanned 24/07/2008 21:01:14 Running module: svchost.exe\svchost.exe ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\svchost.exe ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\ntdll.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\ntdll.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\kernel32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\kernel32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\ADVAPI32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\RPCRT4.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\Secur32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\Secur32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\ShimEng.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\ShimEng.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\AcGenral.DLL ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\AppPatch\AcGenral.DLL ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\USER32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\USER32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\GDI32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\GDI32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\WINMM.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\WINMM.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\ole32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\ole32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\msvcrt.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\msvcrt.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\OLEAUT32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\MSACM32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\MSACM32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\VERSION.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\VERSION.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\SHELL32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\SHELL32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\SHLWAPI.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\USERENV.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\USERENV.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\UxTheme.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\UxTheme.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\IMM32.DLL ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\IMM32.DLL ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\serwvdrv.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\serwvdrv.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\umdmxfrm.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\system32\umdmxfrm.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\comctl32.dll ok scanned 24/07/2008 21:01:15 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ok scanned 24/07/2008 21:01:15 Running module: svchost.exe\comctl32.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\comctl32.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\NTMARTA.DLL ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\NTMARTA.DLL ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\WLDAP32.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\WLDAP32.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\SAMLIB.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\SAMLIB.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\rpcss.dll ok scanned 24/07/2008 21:01:16 File: c:\windows\system32\rpcss.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\WS2_32.dll ok scanned 24/07/2008 21:01:16 File: c:\windows\system32\WS2_32.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\WS2HELP.dll ok scanned 24/07/2008 21:01:16 File: c:\windows\system32\WS2HELP.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\xpsp2res.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\xpsp2res.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\CLBCATQ.DLL ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\CLBCATQ.DLL ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\COMRes.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\COMRes.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\WTSAPI32.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\WTSAPI32.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\WINSTA.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\WINSTA.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\NETAPI32.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\NETAPI32.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\msv1_0.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\msv1_0.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\iphlpapi.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\iphlpapi.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\Apphelp.dll ok scanned 24/07/2008 21:01:16 File: C:\WINDOWS\system32\Apphelp.dll ok scanned 24/07/2008 21:01:16 Running module: svchost.exe\svchost.exe ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\svchost.exe ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\ntdll.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\ntdll.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\kernel32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\kernel32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\ADVAPI32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\RPCRT4.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\Secur32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\Secur32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\ShimEng.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\ShimEng.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\AcGenral.DLL ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\AppPatch\AcGenral.DLL ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\USER32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\USER32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\GDI32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\GDI32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\WINMM.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\WINMM.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\ole32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\ole32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\msvcrt.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\msvcrt.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\OLEAUT32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\MSACM32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\MSACM32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\VERSION.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\VERSION.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\SHELL32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\SHELL32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\SHLWAPI.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\USERENV.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\USERENV.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\UxTheme.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\UxTheme.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\IMM32.DLL ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\IMM32.DLL ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\serwvdrv.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\serwvdrv.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\umdmxfrm.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\umdmxfrm.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\comctl32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\comctl32.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\comctl32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\rpcss.dll ok scanned 24/07/2008 21:01:17 File: c:\windows\system32\rpcss.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\WS2_32.dll ok scanned 24/07/2008 21:01:17 File: c:\windows\system32\WS2_32.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\WS2HELP.dll ok scanned 24/07/2008 21:01:17 File: c:\windows\system32\WS2HELP.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\xpsp2res.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\xpsp2res.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\rsaenh.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\rsaenh.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\mswsock.dll ok scanned 24/07/2008 21:01:17 File: C:\WINDOWS\system32\mswsock.dll ok scanned 24/07/2008 21:01:17 Running module: svchost.exe\hnetcfg.dll ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\system32\hnetcfg.dll ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\wshtcpip.dll ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\System32\wshtcpip.dll ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\DNSAPI.dll ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\system32\DNSAPI.dll ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\iphlpapi.dll ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\system32\iphlpapi.dll ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\winrnr.dll ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\System32\winrnr.dll ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\WLDAP32.dll ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\system32\WLDAP32.dll ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\rasadhlp.dll ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\system32\rasadhlp.dll ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\CLBCATQ.DLL ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\system32\CLBCATQ.DLL ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\COMRes.dll ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\system32\COMRes.dll ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\svchost.exe ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\system32\svchost.exe ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\ntdll.dll ok scanned 24/07/2008 21:01:18 File: C:\WINDOWS\system32\ntdll.dll ok scanned 24/07/2008 21:01:18 Running module: svchost.exe\kernel32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\kernel32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\ADVAPI32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\RPCRT4.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\Secur32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\Secur32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\ShimEng.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\ShimEng.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\AcGenral.DLL ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\AppPatch\AcGenral.DLL ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\USER32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\USER32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\GDI32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\GDI32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\WINMM.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\WINMM.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\ole32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\ole32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\msvcrt.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\msvcrt.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\OLEAUT32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\MSACM32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\MSACM32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\VERSION.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\VERSION.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\SHELL32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\SHELL32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\SHLWAPI.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\USERENV.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\USERENV.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\UxTheme.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\UxTheme.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\IMM32.DLL ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\IMM32.DLL ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\serwvdrv.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\serwvdrv.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\umdmxfrm.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\umdmxfrm.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\comctl32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\comctl32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\comctl32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\NTMARTA.DLL ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\NTMARTA.DLL ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\WLDAP32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\WLDAP32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\SAMLIB.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\SAMLIB.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\xpsp2res.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\xpsp2res.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\cryptsvc.dll ok scanned 24/07/2008 21:01:19 File: c:\windows\system32\cryptsvc.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\WINTRUST.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\WINTRUST.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\CRYPT32.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\CRYPT32.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\MSASN1.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\MSASN1.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\IMAGEHLP.dll ok scanned 24/07/2008 21:01:19 File: C:\WINDOWS\system32\IMAGEHLP.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\certcli.dll ok scanned 24/07/2008 21:01:19 File: c:\windows\system32\certcli.dll ok scanned 24/07/2008 21:01:19 Running module: svchost.exe\ATL.DLL ok scanned 24/07/2008 21:01:20 File: c:\windows\system32\ATL.DLL ok scanned 24/07/2008 21:01:20 Running module: svchost.exe\NETAPI32.dll ok scanned 24/07/2008 21:01:20 File: C:\WINDOWS\system32\NETAPI32.dll ok scanned 24/07/2008 21:01:20 Running module: svchost.exe\CRYPTUI.dll ok scanned 24/07/2008 21:01:20 File: C:\WINDOWS\system32\CRYPTUI.dll ok scanned 24/07/2008 21:01:20 Running module: svchost.exe\WININET.dll ok scanned 24/07/2008 21:01:21 File: C:\WINDOWS\system32\WININET.dll packed file PE_Patch
- le 25 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

bonsoir je n'arrive pas à poster le log de avp tool (je pense qu'il est trop lourd 3,5 Mo) je t'envois le log hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:46:18, on 25/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\RFA Platinum\rfagent.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe C:\PROGRA~1\Mouse\Amoumain.exe C:\WINDOWS\Domino.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Gilles\Bureau\prog anti malwares\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe" O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe] C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Mouse\Amoumain.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - solidconverterpdf - (no file) (HKCU) O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://gr.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {ef791a6b-fc12-4c68-99ef-fb9e207a39e6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...343/mcfscan.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 12557 bytes
- le 25 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

je te posterai le log que ce soir car ce matin après une nuit de scan je n'étais qu'a 75 %
- le 25 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

Merci pour ta réponse bien que je sois collectionneur c'est bien un type de collection que je me passerais bien je vais lancer avp tool cette nuit
- le 24 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

comme convenu voici le rapport de kaspersky C:\ D:\ F:\ H:\ I:\ J:\ K:\ Statistiques de l'analyse Total d'objets analysés 237492 Nombre de virus trouvés 2 Nombre d'objets infectés 32 / 0 Nombre d'objets suspects 0 Durée de l'analyse 03:28:21 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\tempIpRules.xdb L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{BC1B098C-1F0E-4FE8-AA21-F69C2F5C4B9B}.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{D2D8F3BE-271E-48C1-A96A-22C82106D8CA}.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR5.tmp L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\history.dat L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\search.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\urlclassifier2.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Cookies\INDEX.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Application Data\Mozilla\Firefox\Profiles\jd7jmb80.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Historique\History.IE5\INDEX.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Historique\History.IE5\MSHist012008072320080724\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Temp\~DF207F.tmp L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Mes documents\01zoomphoto\advd6.8.0.2\TSlysoft\Crack Slysoft Suite 1.37.exe Infecté : Backdoor.Win32.Hupigon.cdnk ignoré C:\Documents and Settings\Gilles\Mes documents\01zoomphoto\advd6.8.0.2\TSlysoft\Crack Slysoft Suite 1.37.rar/Crack Slysoft Suite 1.37.exe Infecté : Backdoor.Win32.Hupigon.cdnk ignoré C:\Documents and Settings\Gilles\Mes documents\01zoomphoto\advd6.8.0.2\TSlysoft\Crack Slysoft Suite 1.37.rar RAR: infecté - 1 ignoré C:\Documents and Settings\Gilles\Mes documents\Mises à jour de programme téléchargées\Update Manager\RecordNow Copy (Basic) 2.0.0.1\Copy2001Basic.exe//COPY.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab/common/update.exe Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Mises à jour de programme téléchargées\Update Manager\RecordNow Copy (Basic) 2.0.0.1\Copy2001Basic.exe//COPY.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Mises à jour de programme téléchargées\Update Manager\RecordNow Copy (Basic) 2.0.0.1\Copy2001Basic.exe//COPY.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Mises à jour de programme téléchargées\Update Manager\RecordNow Copy (Basic) 2.0.0.1\Copy2001Basic.exe//COPY.msi Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Mises à jour de programme téléchargées\Update Manager\RecordNow Copy (Basic) 2.0.0.1\Copy2001Basic.exe Commodore: infecté - 4 ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage\Sonic.RecordNOW.Deluxe.v7.3.Multilanguage\recordnow_73\recnow.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab/common/update.exe Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage\Sonic.RecordNOW.Deluxe.v7.3.Multilanguage\recordnow_73\recnow.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage\Sonic.RecordNOW.Deluxe.v7.3.Multilanguage\recordnow_73\recnow.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage\Sonic.RecordNOW.Deluxe.v7.3.Multilanguage\recordnow_73\recnow.msi Embedded: infecté - 3 ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage\Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip/recordnow_73/recnow.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab/common/update.exe Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage\Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip/recordnow_73/recnow.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage\Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip/recordnow_73/recnow.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage\Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip/recordnow_73/recnow.msi Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage\Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip ZIP: infecté - 4 ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage.rar/Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip/recordnow_73/recnow.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab/common/update.exe Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage.rar/Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip/recordnow_73/recnow.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage.rar/Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip/recordnow_73/recnow.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage.rar/Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip/recordnow_73/recnow.msi Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage.rar/Sonic.RecordNOW.Deluxe.v7.3.Multilanguage.zip Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\Documents and Settings\Gilles\Mes documents\Recordnow7-3\SRND[1].7.3.Multilanguage.rar RAR: infecté - 5 ignoré C:\Documents and Settings\Gilles\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\INDEX.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\INDEX.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20080723-200056.log L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG L'objet est verrouillé ignoré C:\Program Files\SlySoft\AnyDVD\Crack Slysoft Suite 1.37.exe Infecté : Backdoor.Win32.Hupigon.cdnk ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP458\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\Installer\15b27a.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab/common/update.exe Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\WINDOWS\Installer\15b27a.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\WINDOWS\Installer\15b27a.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\WINDOWS\Installer\15b27a.msi Embedded: infecté - 3 ignoré C:\WINDOWS\Installer\2ad99a1.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab/common/update.exe Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\WINDOWS\Installer\2ad99a1.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\WINDOWS\Installer\2ad99a1.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA Infecté : Trojan-Downloader.Win32.CWS.fp ignoré C:\WINDOWS\Installer\2ad99a1.msi Embedded: infecté - 3 ignoré C:\WINDOWS\S7267960D.tmp L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\default L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\ODiag.evt L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\OSession.evt L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\sam L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\security L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\software L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\system L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\H323LOG.TXT L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\Temp\mcafee_FsBweR1FfbP1hkP L'objet est verrouillé ignoré C:\WINDOWS\Temp\mcmsc_fsMKvzKXMj9yvbQ L'objet est verrouillé ignoré C:\WINDOWS\Temp\mcmsc_G5Tmi6sf6Tl8nLq L'objet est verrouillé ignoré C:\WINDOWS\Temp\mcmsc_TxHjIcRreDICjiy L'objet est verrouillé ignoré C:\WINDOWS\Temp\mcmsc_uNUMFlcIVRYA74i L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_194.dat L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_2c8.dat L'objet est verrouillé ignoré C:\WINDOWS\WIADEBUG.LOG L'objet est verrouillé ignoré C:\WINDOWS\WIASERVC.LOG L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré Analyse terminée.
- le 23 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

voilà le log après la manipulation recommandée Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:41:56, on 23/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe C:\PROGRA~1\Mouse\Amoumain.exe C:\WINDOWS\Domino.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Documents and Settings\Gilles\Bureau\prog anti malwares\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe" O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe] C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Mouse\Amoumain.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://gr.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {ef791a6b-fc12-4c68-99ef-fb9e207a39e6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...343/mcfscan.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 12031 bytes pour pando je ne sais pas encore si je le désinstalle car il est bien pratique si tu me dis d'aller voir sur le forum software tu suggère que le problème que je rencontre est un problème logiciel ? merci de ton aide
- le 23 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

je viens de faire O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start 04- HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe 04- HKLM\..\Run: [adobe reader speed launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) Ferme tous les programmes ouverts et clique sur Fix Checked. j'ai désinstallé acrobat reader 8 et installé foxit comme tu me l'a suggeré j'ai redémarré mon pc et j'ai eu de nouveau l'alerte de mcafee sur le débordement de la mémoire tampon j'ai de nouveau redémarré mon pc et là pas d'alerte voici le log hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:48:18, on 23/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe C:\PROGRA~1\Mouse\Amoumain.exe C:\WINDOWS\Domino.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Gilles\Bureau\prog anti malwares\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe" O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe] C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Mouse\Amoumain.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036 O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://gr.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {ef791a6b-fc12-4c68-99ef-fb9e207a39e6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...343/mcfscan.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 12839 bytes teatimer est-il nécessaire avec spibot ?
- le 23 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

merci de ta réponse rapide je n'avais pas pris le log le plus récent le voilà : Malwarebytes' Anti-Malware 1.22 Version de la base de données: 979 Windows 5.1.2600 Service Pack 2 00:18:39 23/07/2008 mbam-log-7-23-2008 (00-18-39).txt Type de recherche: Examen complet (C:\|G:\|) Eléments examinés: 435911 Temps écoulé: 4 hour(s), 32 minute(s), 20 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 39 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\Gilles\Mes documents\ALPluginIE-1.0.2.2-setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Gilles\Mes documents\01zoomphoto\ALPluginIE-1.0.2.3-setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Gilles\Mes documents\01zoomphoto\everest ultimate3-0-1\Ultimate-kg.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Gilles\Mes documents\everest 06\everest_ultimate_edition\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Gilles\Mes documents\Maj souris génius\3b.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Program Files\Wanadoo\gr\ALPluginIE-1.0.1.6-setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Program Files\Wanadoo\gr\ALPluginIE-1.0.1.9-setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Program Files\Wanadoo\gr\ALPluginIE-1.0.2.1-setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Program Files\Wanadoo\gr\ALPluginIE-1.0.2.3-setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Program Files\Wanadoo\gr\File_6[1].09\File lock 6.09\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\Wanadoo\gr\Greece[1].Aquarium.3D.Incl.Keygen\KeyGen [ Greece Aquarium 3D Screensaver ].exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\Wanadoo\gr\Keygen Nero 6\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\WinRAR\Unipatch.exe (Trojan.Downloader) -> Quarantined and deleted successfully. G:\Document Gilles 12-06-06\everest 06\everest_ultimate_edition\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. G:\fichier à detruire si ok\Document Gilles 12-06-06\ALPluginIE-1.0.2.2-setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. G:\gr\ALPluginIE-1.0.1.6-setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. G:\gr\ALPluginIE-1.0.1.9-setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. G:\gr\ALPluginIE-1.0.2.1-setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. G:\gr\ALPluginIE-1.0.2.3-setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. G:\gr\File_6[1].09\File lock 6.09\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. G:\gr\Greece[1].Aquarium.3D.Incl.Keygen\KeyGen [ Greece Aquarium 3D Screensaver ].exe (Trojan.Downloader) -> Quarantined and deleted successfully. G:\gr\Générateur de clés\Générateur de clés\générateur de clé\MS_Windows_XP_SP_2_And_Office_KeyGen.exe (Malware.Tool) -> Quarantined and deleted successfully. G:\gr\Générateur de clés\Générateur de clés\générateur de clé\XP SP1 Keychanger SP2 Keygen and Product Key Viewer\MS Windows XP SP 2 And Office KeyGen.exe (Malware.Tool) -> Quarantined and deleted successfully. G:\gr\Keygen Nero 6\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully. G:\guillaume\NFSU Most Wanted fr\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. G:\Portable Gilles aout 2006\téléchargement\ALPluginIE-1.0.2.1-setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. G:\programmes\001downloadaccelerator\quarkx keygen\Quark_Xpress_7_Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. G:\programmes\anydvd\anydvd 6.1.2.5\AnyDVD v6.1.2.5_Fr_by_narvallo_76\a6125\Patch\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. G:\programmes\CloneDVD\CloneDVD\CloneDVD2Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. G:\programmes\Everest\everest 3.50.761\EU 3.x - KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. G:\programmes\flashget\Le_t_l_chargeur\FlashGet 1.73\FG 1.73\keygen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. G:\programmes\genuine\Pack.Validation.WGA.Definitif-JiGWaReZ\Windows XP Keygen.exe (Malware.Tool) -> Quarantined and deleted successfully. G:\programmes\kitwz\KdwbyDr.Jn\Kit du warezien\Gravure.Image\nerosoftware\Keygen\Nero.Burning.ROM.7.exe (Trojan.Downloader) -> Quarantined and deleted successfully. G:\programmes\Nero\nero lite 7.5.9.0\nero7.5.9.0_fra_lite\keygen2.exe (Trojan.Downloader) -> Quarantined and deleted successfully. G:\programmes\QuarkXPress\Quark XPress Passport v7.0\Keygen\Quark_Xpress_7_Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. G:\programmes\QuarkXPress\QuarkXPress 7.0+ keygen\serial + keygen\serial + keygen\PARADOX\Quark_Xpress_7_Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. G:\programmes\Sony Vegas\vegas7.0d Fr+Keygen\Keygen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. G:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP427\A0061941.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. G:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP427\A0061953.exe (Trojan.Downloader) -> Quarantined and deleted successfully. merci pour tes recommandations c'est un peu une erreur de jeunesse que d'aller du coté obscur mais je crois que d'attraper des bestioles ça calme l'envie de continuer
- le 23 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

re Apollo.01 comme convenu je te copie les logs demandés : résultat de malwarebytes : Malwarebytes' Anti-Malware 1.22 Version de la base de données: 979 Windows 5.1.2600 Service Pack 2 00:18:25 23/07/2008 mbam-log-7-23-2008 (00-18-14).txt Type de recherche: Examen complet (C:\|G:\|) Eléments examinés: 435911 Temps écoulé: 4 hour(s), 32 minute(s), 20 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 39 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\Gilles\Mes documents\ALPluginIE-1.0.2.2-setup.exe (Rogue.Installer) -> No action taken. C:\Documents and Settings\Gilles\Mes documents\01zoomphoto\ALPluginIE-1.0.2.3-setup.exe (Rogue.Installer) -> No action taken. C:\Documents and Settings\Gilles\Mes documents\01zoomphoto\everest ultimate3-0-1\Ultimate-kg.exe (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Gilles\Mes documents\everest 06\everest_ultimate_edition\keygen.exe (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Gilles\Mes documents\Maj souris génius\3b.exe (Rogue.Installer) -> No action taken. C:\Program Files\Wanadoo\gr\ALPluginIE-1.0.1.6-setup.exe (Rogue.Installer) -> No action taken. C:\Program Files\Wanadoo\gr\ALPluginIE-1.0.1.9-setup.exe (Rogue.Installer) -> No action taken. C:\Program Files\Wanadoo\gr\ALPluginIE-1.0.2.1-setup.exe (Rogue.Installer) -> No action taken. C:\Program Files\Wanadoo\gr\ALPluginIE-1.0.2.3-setup.exe (Rogue.Installer) -> No action taken. C:\Program Files\Wanadoo\gr\File_6[1].09\File lock 6.09\keygen.exe (Trojan.Downloader) -> No action taken. C:\Program Files\Wanadoo\gr\Greece[1].Aquarium.3D.Incl.Keygen\KeyGen [ Greece Aquarium 3D Screensaver ].exe (Trojan.Downloader) -> No action taken. C:\Program Files\Wanadoo\gr\Keygen Nero 6\Keygen.exe (Trojan.Agent) -> No action taken. C:\Program Files\WinRAR\Unipatch.exe (Trojan.Downloader) -> No action taken. G:\Document Gilles 12-06-06\everest 06\everest_ultimate_edition\keygen.exe (Trojan.Downloader) -> No action taken. G:\fichier à detruire si ok\Document Gilles 12-06-06\ALPluginIE-1.0.2.2-setup.exe (Rogue.Installer) -> No action taken. G:\gr\ALPluginIE-1.0.1.6-setup.exe (Rogue.Installer) -> No action taken. G:\gr\ALPluginIE-1.0.1.9-setup.exe (Rogue.Installer) -> No action taken. G:\gr\ALPluginIE-1.0.2.1-setup.exe (Rogue.Installer) -> No action taken. G:\gr\ALPluginIE-1.0.2.3-setup.exe (Rogue.Installer) -> No action taken. G:\gr\File_6[1].09\File lock 6.09\keygen.exe (Trojan.Downloader) -> No action taken. G:\gr\Greece[1].Aquarium.3D.Incl.Keygen\KeyGen [ Greece Aquarium 3D Screensaver ].exe (Trojan.Downloader) -> No action taken. G:\gr\Générateur de clés\Générateur de clés\générateur de clé\MS_Windows_XP_SP_2_And_Office_KeyGen.exe (Malware.Tool) -> No action taken. G:\gr\Générateur de clés\Générateur de clés\générateur de clé\XP SP1 Keychanger SP2 Keygen and Product Key Viewer\MS Windows XP SP 2 And Office KeyGen.exe (Malware.Tool) -> No action taken. G:\gr\Keygen Nero 6\Keygen.exe (Trojan.Agent) -> No action taken. G:\guillaume\NFSU Most Wanted fr\keygen.exe (Trojan.Downloader) -> No action taken. G:\Portable Gilles aout 2006\téléchargement\ALPluginIE-1.0.2.1-setup.exe (Rogue.Installer) -> No action taken. G:\programmes\001downloadaccelerator\quarkx keygen\Quark_Xpress_7_Keygen.exe (Trojan.Downloader) -> No action taken. G:\programmes\anydvd\anydvd 6.1.2.5\AnyDVD v6.1.2.5_Fr_by_narvallo_76\a6125\Patch\keygen.exe (Trojan.Downloader) -> No action taken. G:\programmes\CloneDVD\CloneDVD\CloneDVD2Keygen.exe (Trojan.Downloader) -> No action taken. G:\programmes\Everest\everest 3.50.761\EU 3.x - KeyGen.exe (Trojan.Downloader) -> No action taken. G:\programmes\flashget\Le_t_l_chargeur\FlashGet 1.73\FG 1.73\keygen\keygen.exe (Trojan.Downloader) -> No action taken. G:\programmes\genuine\Pack.Validation.WGA.Definitif-JiGWaReZ\Windows XP Keygen.exe (Malware.Tool) -> No action taken. G:\programmes\kitwz\KdwbyDr.Jn\Kit du warezien\Gravure.Image\nerosoftware\Keygen\Nero.Burning.ROM.7.exe (Trojan.Downloader) -> No action taken. G:\programmes\Nero\nero lite 7.5.9.0\nero7.5.9.0_fra_lite\keygen2.exe (Trojan.Downloader) -> No action taken. G:\programmes\QuarkXPress\Quark XPress Passport v7.0\Keygen\Quark_Xpress_7_Keygen.exe (Trojan.Downloader) -> No action taken. G:\programmes\QuarkXPress\QuarkXPress 7.0+ keygen\serial + keygen\serial + keygen\PARADOX\Quark_Xpress_7_Keygen.exe (Trojan.Downloader) -> No action taken. G:\programmes\Sony Vegas\vegas7.0d Fr+Keygen\Keygen\keygen.exe (Trojan.Downloader) -> No action taken. G:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP427\A0061941.exe (Spyware.OnlineGames) -> No action taken. G:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP427\A0061953.exe (Trojan.Downloader) -> No action taken. hijackthis 202 : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:24:22, on 23/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\RFA Platinum\rfagent.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe C:\PROGRA~1\Mouse\Amoumain.exe C:\WINDOWS\Domino.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Documents and Settings\Gilles\Bureau\prog anti malwares\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe" O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe] C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Mouse\Amoumain.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [adobe reader speed launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU" O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036 O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [picasa media detector] C:\Program Files\Picasa2\PicasaMediaDetector O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://gr.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {ef791a6b-fc12-4c68-99ef-fb9e207a39e6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...343/mcfscan.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 14429 bytes log de virustotal: Fichier services.exe reçu le 2008.07.23 18:34:52 (CET) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.7.24.0 2008.07.23 - AntiVir 7.8.1.11 2008.07.23 - Authentium 5.1.0.4 2008.07.23 - Avast 4.8.1195.0 2008.07.23 - AVG 8.0.0.130 2008.07.23 - BitDefender 7.2 2008.07.23 - CAT-QuickHeal 9.50 2008.07.22 - ClamAV 0.93.1 2008.07.23 - DrWeb 4.44.0.09170 2008.07.23 - eSafe 7.0.17.0 2008.07.23 - eTrust-Vet 31.6.5976 2008.07.23 - Ewido 4.0 2008.07.23 - F-Prot 4.4.4.56 2008.07.22 - F-Secure 7.60.13501.0 2008.07.23 - Fortinet 3.14.0.0 2008.07.23 - GData 2.0.7306.1023 2008.07.23 - Ikarus T3.1.1.34.0 2008.07.23 - Kaspersky 7.0.0.125 2008.07.23 - McAfee 5345 2008.07.23 - Microsoft 1.3704 2008.07.23 - NOD32v2 3292 2008.07.23 - Norman 5.80.02 2008.07.23 - Panda 9.0.0.4 2008.07.23 - PCTools 4.4.2.0 2008.07.22 - Prevx1 V2 2008.07.23 - Rising 20.54.22.00 2008.07.23 - Sophos 4.31.0 2008.07.23 - Sunbelt 3.1.1536.1 2008.07.18 - Symantec 10 2008.07.23 - TheHacker 6.2.96.387 2008.07.23 - TrendMicro 8.700.0.1004 2008.07.23 - VBA32 3.12.8.1 2008.07.23 - VIRobot 2008.7.23.1307 2008.07.23 - VirusBuster 4.5.11.0 2008.07.23 - Webwasher-Gateway 6.6.2 2008.07.23 - Information additionnelle File size: 108544 bytes MD5...: 732e0b1abaace15d80ec19056b0a2af9 SHA1..: 7aadfc1c733f85d06e6b09886f83f3f189e268e4 SHA256: d751d18991b74409a183847ecc99079897de25a1b40993e65e7132184865cab3 SHA512: 5d1f98d48985f9ea50f20f554a5bd51f3fb14214de5c22d61522f7e2fb7b031b b66460836120a67d8074788b1fe47fcab6635189d55f28bc0f6601ce005a13a3 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x100b5cc timedatestamp.....: 0x41107eb3 (Wed Aug 04 06:14:11 2004) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x18f55 0x19000 6.27 8ff2bbf546e1ef8832de2fa905a7a4e4 .data 0x1a000 0xa14 0xa00 2.05 fd6fc84823efda2858a97fe8e6dd8f76 .rsrc 0x1b000 0x8b8 0xa00 3.79 a42d45f05d2e70211c3682cefccbc0e1 ( 10 imports ) > msvcrt.dll: wcsrchr, time, _except_handler3, memmove, wcschr, _c_exit, _exit, _XcptFilter, _cexit, _wcsicmp, exit, __initenv, __getmainargs, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, wcslen, wcsncmp, _wtol, wcscpy, _itow, _wcsnicmp, wcscat, _initterm, wcsncpy, wcscspn, _ultow > ADVAPI32.dll: RegOpenKeyW, ConvertSidToStringSidW, LogonUserExW, LsaStorePrivateData, LsaLookupNames, LsaQueryInformationPolicy, OpenThreadToken, RegNotifyChangeKeyValue, InitializeSecurityDescriptor, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, SetServiceStatus, SystemFunction029, SystemFunction005, CheckTokenMembership, FreeSid, AllocateAndInitializeSid, SetSecurityDescriptorOwner, GetSecurityDescriptorDacl, GetLengthSid, CopySid, InitializeAcl, AddAce, SetSecurityDescriptorDacl, LsaOpenPolicy, LsaLookupSids, LsaFreeMemory, LsaClose, ImpersonateLoggedOnUser, CreateProcessAsUserW, GetTokenInformation, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, InitiateSystemShutdownW, RevertToSelf > KERNEL32.dll: TerminateProcess, SetProcessShutdownParameters, lstrcmpiW, FormatMessageW, ExitThread, ReleaseMutex, DelayLoadFailureHook, RaiseException, GetExitCodeThread, SetErrorMode, SetUnhandledExceptionFilter, LoadLibraryA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcess, UnhandledExceptionFilter, GetModuleHandleA, CreateMutexW, LocalAlloc, LocalFree, Sleep, LeaveCriticalSection, EnterCriticalSection, SetLastError, CloseHandle, CreateThread, GetLastError, CreateProcessW, ExpandEnvironmentStringsW, InitializeCriticalSection, HeapAlloc, HeapFree, SetConsoleCtrlHandler, WaitForSingleObject, HeapCreate, FreeLibrary, GetProcAddress, GetModuleHandleExW, InterlockedCompareExchange, CreateNamedPipeW, ReadFile, CancelIo, GetOverlappedResult, WaitForMultipleObjects, ConnectNamedPipe, TransactNamedPipe, WriteFile, GetTickCount, GetSystemTimeAsFileTime, GetModuleHandleW, GetComputerNameW, CreateEventW, SetEvent, ResetEvent, DeviceIoControl, CreateFileW, ResumeThread, GetCurrentProcessId, LoadLibraryW, GetDriveTypeW, OpenEventW, GetCurrentThread > USER32.dll: wsprintfW, BroadcastSystemMessageW, MessageBoxW, LoadStringW, RegisterServicesProcess > RPCRT4.dll: RpcServerRegisterAuthInfoW, RpcBindingFree, RpcEpResolveBinding, RpcBindingFromStringBindingW, RpcStringBindingComposeW, NdrClientCall2, RpcAsyncCompleteCall, RpcAsyncInitializeHandle, NdrAsyncServerCall, NdrAsyncClientCall, RpcMgmtStopServerListening, RpcMgmtWaitServerListen, NdrServerCall2, I_RpcBindingIsClientLocal, RpcRevertToSelf, I_RpcMapWin32Status, RpcImpersonateClient, RpcStringBindingParseW, RpcStringFreeW, RpcBindingToStringBindingW, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcServerRegisterIf, RpcServerListen, RpcServerUnregisterIf > ntdll.dll: RtlCreateAcl, NtCreateKey, NtQueryValueKey, NtSetValueKey, NtDeleteValueKey, NtEnumerateKey, NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, NtDeleteKey, RtlSetControlSecurityDescriptor, RtlValidSecurityDescriptor, RtlLengthSecurityDescriptor, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtAccessCheckAndAuditAlarm, NtSetInformationThread, NtAdjustPrivilegesToken, NtDuplicateToken, NtOpenProcessToken, NtQueryInformationToken, RtlQuerySecurityObject, RtlAddAccessAllowedAce, RtlValidRelativeSecurityDescriptor, RtlMapGenericMask, RtlCopyUnicodeString, NtSetInformationFile, NtQueryInformationFile, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, NtWaitForSingleObject, NtQueryDirectoryFile, NtDeleteFile, NtSetInformationProcess, RtlUnhandledExceptionFilter, NtSetEvent, RtlGetAce, RtlQueryInformationAcl, RtlGetDaclSecurityDescriptor, RtlAllocateHeap, RtlCreateSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlConvertSharedToExclusive, RtlConvertExclusiveToShared, RtlRegisterWait, RtlGetNtProductType, RtlEqualUnicodeString, RtlLengthSid, RtlCopySid, RtlUnicodeStringToAnsiString, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlNewSecurityObject, RtlAddAce, RtlSetOwnerSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSubAuthorityCountSid, NtOpenDirectoryObject, NtQueryDirectoryObject, RtlCompareUnicodeString, NtLoadDriver, NtUnloadDriver, RtlExpandEnvironmentStrings_U, RtlAdjustPrivilege, NtFlushKey, NtOpenFile, RtlDosPathNameToNtPathName_U, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlFreeUnicodeString, RtlAreAllAccessesGranted, NtDeleteObjectAuditAlarm, NtCloseObjectAuditAlarm, RtlQueueWorkItem, RtlCopyLuid, RtlDeregisterWait, RtlReleaseResource, RtlAcquireResourceExclusive, RtlAcquireResourceShared, RtlInitializeResource, RtlDeleteSecurityObject, RtlLockBootStatusData, RtlGetSetBootStatusData, RtlUnlockBootStatusData, NtInitializeRegistry, NtQueryKey, NtClose, RtlInitUnicodeString, NtSetSystemEnvironmentValue, RtlNtStatusToDosError, NtShutdownSystem, RtlSetSecurityObject, RtlMakeSelfRelativeSD, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtSetSecurityObject > USERENV.dll: UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW, DestroyEnvironmentBlock > SCESRV.dll: ScesrvInitializeServer, ScesrvTerminateServer > umpnpmgr.dll: RegisterScmCallback, PNP_SetActiveService, PNP_GetDeviceRegProp, PNP_GetDeviceListSize, PNP_GetDeviceList, PNP_HwProfFlags, RegisterServiceNotification, DeleteServicePlugPlayRegKeys > NCObjAPI.DLL: WmiSetAndCommitObject, WmiEventSourceConnect, WmiCreateObjectWithFormat ( 0 exports ) je te renouvelle mes remerciements pour ton aide
- le 23 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

Apollo.01 j'ai passé MalwareBytes hier soir il m'a trouvé 32 fichiers infectés je me suis envoyé le rapport au bureau mais apparement je ne l'ai pas reçu aussi dès mon retour à la maison je le mettrai en ligne ceci dit après avoir supprimer et redemarrer j'ai toujours mcafee qui m'indique avoir bloqué services.exe dans windows/system32 qui a tenter un débordement de mémoire tampon j'ai également fait un rapport hijackthis avec la dernière version V2 je dois donc avoir encore une bestiole qui est responsable de la tentative d'un débordement de mémoire tampon merci pour votre aide
- le 23 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

Merci de m'avoir répondu et de me rassurer un peu dès que je rentre à la maison je fais les manipulations que tu m'as indiqué et je te tiens au courant
- le 22 juillet 2008
- 27 réponses
débordement de la mémoire tampon

baret a posté un sujet dans Analyses et éradication malwares

Bonsoir à tous depuis aujourd'hui au démarrage de mon pc McAfee me signale qu'il a bloqué une application dans windows /system32/services.exe qui est responsable d'un débordement de mémoire tampon est ce que je me suis chope un virus? et comment faire pour m'en débarasser merci par avance suis sous windows xp sp2 baret je mets le rapport hijackthis Logfile of HijackThis v1.99.1 Scan saved at 22:59:56, on 21/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee.com\Agent\mcagent.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\RFA Platinum\rfagent.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Pando Networks\Pando\Pando.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe C:\PROGRA~1\Mouse\Amoumain.exe C:\WINDOWS\Domino.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe c:\PROGRA~1\mcafee\msc\mcshell.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe" O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe] C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Mouse\Amoumain.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU" O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036 O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://gr.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
- le 21 juillet 2008
- 27 réponses
fichiers avec extension .ape

baret a répondu à un(e) sujet de adieppe76 dans Optimisation, Trucs & Astuces

Bonsoir à tous pour les fichiers ape on peut utiliser aussi Easy CD-DA Extrator pour transformer en mp3 ou pour faire des cd audio cordialement
- le 9 décembre 2007
- 9 réponses
plantage d'outlook express 6 sp2

baret a posté un sujet dans Software

bonjour au groupe depuis hier soir j'ai un plantage d'outlook express 6 sp2 internet explorer 6 sp2 windows xp pro sp2 quand je suis sur outlook express au bout d'un certain temps les messages ne s'affichent plus et à la place j'ai ce message : "Outlook Express a rencontré un problème inattendu lors de l'affichage de ce message. Vérifiez si la mémoire ou l'espace disque de votre ordinateur ne sont pas insuffisants et recommencez." je ne comprends pas ce qui arrive je pense pour un problème de barette ram défectueuse pourriez vous m'éclairer avec mes remerciements gil de lavergne
- le 8 septembre 2007
[RESOLU] fichier impossible à effacer

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

Merci Zonk pour ton aide j'avais déjà essayé en mode sans échec sans succès et je viens de résoudre le problème e en fait c'était tout bête j'avais utilisé alcohol et monter le fichier sur un disque virtuel une fois démonté j'ai pu sans problème le supprimer
- le 19 juillet 2007
- 3 réponses
[RESOLU] fichier impossible à effacer

baret a posté un sujet dans Analyses et éradication malwares

bonsoir à tous je viens de nouveau faire appel à vous j'ai télécharger sur la mule un fichier que maintenant je suis dans l'impossibilité d'effacer de mon disque dur j'ai le message qu'il est déjà utilisé je viens de faire une analyse hijackthis je vous remercie de l'aide que vous pourriez m'apporter Logfile of HijackThis v1.99.1 Scan saved at 23:38:46, on 18/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Program Files\SiteAdvisor\6066\SAService.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\RFA Platinum\rfagent.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe C:\PROGRA~1\Mouse\Amoumain.exe C:\WINDOWS\Domino.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Pando Networks\Pando\pando.exe C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe C:\Program Files\Larousse\Petit Larousse 2007\bin\Hyperappel.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe" O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe] C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Mouse\Amoumain.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU" O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Hyperappel du Petit Larousse 2007.lnk = C:\Program Files\Larousse\Petit Larousse 2007\bin\Hyperappel.exe O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU) O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU) O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
- le 18 juillet 2007
- 3 réponses
[RESOLU] fenetres de pub intempestives et lecture du log d'hijackt

baret a répondu à un(e) sujet de baret dans Analyses et éradication malwares

Bonjour Bruce non je n'ai plus de problème avec mon PC je me suis aperçu en faisant un scan avec kespesky que macafee m'indiquait qu'il y avait un generic pub q dans des dossier recycler. j'ai quatre sessions sur mon ordi aussi j'ai ouvert les 3 autres sessions et vide leurs corbeille ainsi que de desactiver et reactiver la restauration je vais refaire un scan kaspersky pour voir si maintenant tout est ok sinon je te redemanderai conseil a bientot ( sauf pour une infection ) bonne journée
- le 27 mai 2007
- 18 réponses

Connexion

baret

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par baret

[résolu] ouverture d'un page web non désirée

[résolu] ouverture d'un page web non désirée

[résolu] ouverture d'un page web non désirée

[résolu] ouverture d'un page web non désirée

[résolu] ouverture d'un page web non désirée

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

débordement de la mémoire tampon

fichiers avec extension .ape

plantage d'outlook express 6 sp2

[RESOLU] fichier impossible à effacer

[RESOLU] fichier impossible à effacer

[RESOLU] fenetres de pub intempestives et lecture du log d'hijackt

Zebulon

Outils en ligne

Naviguer