beboy38
-
Compteur de contenus
8 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par beboy38
-
analyse Hijackthis (spuware: redirect drivecleaner, maxifile, winanpsp
beboy38 a répondu à un(e) sujet de beboy38 dans Analyses et éradication malwares
voila le rapport ; 08/11/07 13:04:05 [info]: BlackLight Engine 1.0.64 initialized 08/11/07 13:04:05 [info]: OS: 5.1 build 2600 (Service Pack 2) 08/11/07 13:04:05 [Note]: 7019 4 08/11/07 13:04:05 [Note]: 7005 0 08/11/07 13:04:17 [Note]: 7006 0 08/11/07 13:04:17 [Note]: 7011 5760 08/11/07 13:04:17 [Note]: 7026 0 08/11/07 13:04:17 [Note]: 7026 0 08/11/07 13:04:20 [Note]: FSRAW library version 1.7.1022 08/11/07 13:17:08 [Note]: 7007 0 il m a rien detecté -
analyse Hijackthis (spuware: redirect drivecleaner, maxifile, winanpsp
beboy38 a répondu à un(e) sujet de beboy38 dans Analyses et éradication malwares
ok je prends lequel? graphical user ou commande line? merci -
analyse Hijackthis (spuware: redirect drivecleaner, maxifile, winanpsp
beboy38 a répondu à un(e) sujet de beboy38 dans Analyses et éradication malwares
ok bon voici le rapport combofix, c est un vrai mouchard dis moi lol : Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1259 [GMT 2:00] ((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 ))))))))))))))))))))))))))))))) 2007-08-11 12:30 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-11 11:44 10,257 --a------ C:\dnsbak.reg 2007-08-10 22:56 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic 2007-08-10 22:50 <REP> d-------- C:\VundoFix Backups 2007-08-10 22:29 <REP> d-------- C:\Program Files\CCleaner 2007-08-10 20:36 <REP> d-------- C:\Program Files\Navilog1 2007-08-10 12:46 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-08-10 12:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-08-07 18:36 <REP> d-------- C:\Program Files\Free.fr 2007-08-07 18:33 <REP> d-------- C:\WINDOWS\system32\VITrans(2) 2007-08-07 00:43 <REP> d-------- C:\VTPFiles 2007-07-30 23:48 <REP> d-------- C:\Program Files\Windows Live Safety Center 2007-07-28 16:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ConeXware (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-11 11:54 11879 --a------ C:\WINDOWS\system32\nvModes.dat 2007-08-11 11:43 --------- d-------- C:\Program Files\a-squared Free 2007-08-11 00:32 4802 --a------ C:\DOCUME~1\STEPHAN\APPLIC~1\wklnhst.dat 2007-08-10 22:36 --------- d-------- C:\Program Files\PowerArchiver 2007-08-10 19:38 --------- d-------- C:\Program Files\Google 2007-08-10 19:35 --------- d-------- C:\Program Files\GrabIt 2007-08-10 19:26 --------- d-------- C:\Program Files\McAfee 2007-08-09 18:28 1795 --a------ C:\DOCUME~1\STEPHAN\APPLIC~1\SAS7_000.DAT 2007-08-05 23:03 --------- d-------- C:\DOCUME~1\STEPHAN\APPLIC~1\Skype 2007-07-24 17:11 --------- d-------- C:\Program Files\Movie Collection 2007-07-11 10:31 76574 --a------ C:\WINDOWS\system32\perfc00C.dat 2007-07-11 10:31 470278 --a------ C:\WINDOWS\system32\perfh00C.dat 2007-07-01 16:55 --------- d-------- C:\Program Files\SlySoft 2007-06-22 10:55 --------- d-------- C:\Program Files\iTunes 2007-06-22 10:54 --------- d-------- C:\Program Files\iPod 2007-06-20 23:08 93128 --a------ C:\WINDOWS\system32\ElbyCDIO.dll 2007-06-18 11:42 --------- d-------- C:\DOCUME~1\STEPHAN\APPLIC~1\Canon 2007-06-12 16:44 --------- d-------- C:\Program Files\Free Audio Pack 2007-06-12 16:36 --------- d-------- C:\Program Files\Fx Audio Conveter 2007-05-16 17:13 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 17:13 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 17:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 17:13 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 17:13 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 17:13 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll 2006-10-09 10:53:47 88 --sh--r C:\WINDOWS\system32\51EED37930.sys 2006-10-09 10:53:49 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 C:\WINDOWS\stsystra.exe] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 13:13] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 10:28] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 10:28] "Cloneur Expert Monitor"="C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2006-10-09 16:08] "nwiz"="nwiz.exe" [2006-03-22 03:03 C:\WINDOWS\system32\nwiz.exe] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 15:49] "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30] "MWLExe"="C:\Program Files\Mcafee\MWL\MWLGui.exe" [2007-01-19 16:53] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-22 03:03] "McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-22 07:19] "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 12:22] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00] "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 11:44] "WTIndicator"="C:\Program Files\WinTask\Bin\SchedInd.exe" [2004-10-18 13:36] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe "ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background "AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background "PowerArchiver Tray"=C:\Program Files\PowerArchiver\PASTARTER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "nwiz"=nwiz.exe /install "Device Detector"=DevDetect.exe -autorun "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" "Microsoft Works Update Detection"=C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "ehTray"=C:\WINDOWS\ehome\ehtray.exe "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NVHotkey"=rundll32.exe nvHotkey.dll,Start "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized "VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);C:\WINDOWS\system32\drivers\sfsync02.sys R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys R0 timounter;Acronis TrueImage Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys R1 MPFP;MPFP;C:\WINDOWS\system32\Drivers\Mpfp.sys R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys R2 Packet;Auto Internet Protocol;C:\WINDOWS\system32\DRIVERS\packet.sys R2 tifsfilter;Acronis TrueImage FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys R3 rimmptsk;rimmptsk;C:\WINDOWS\system32\DRIVERS\rimmptsk.sys R3 rimsptsk;rimsptsk;C:\WINDOWS\system32\DRIVERS\rimsptsk.sys R3 rismxdp;Ricoh xD-Picture Card Driver;C:\WINDOWS\system32\DRIVERS\rixdptsk.sys R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys R3 USBCCID;USB Smart Card reader;C:\WINDOWS\system32\DRIVERS\usbccid.sys R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver;C:\WINDOWS\system32\DRIVERS\w39n51.sys R3 WscNetDr;MWL Filter Miniport;C:\WINDOWS\system32\DRIVERS\WscNetDr.sys S2 WTScheduler;WTScheduler;C:\Program Files\WinTask\Bin\SchedSrv.exe S3 PhilCam8116;QuickCam Pro 3000 Logitech (08B0);C:\WINDOWS\system32\DRIVERS\CamDrO21.sys S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\system32\DRIVERS\snct511.sys S3 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service;"C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] AutoRun\command- J:\AUTORUN.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58f5a6b6-aedc-11db-8679-0015c54f053b}] AutoRun\command- G:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81912714-0600-11dc-86e5-0016cfff651b}] AutoRun\command- H:\setupSNK.exe Contents of the 'Scheduled Tasks' folder 2007-08-05 17:14:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe 2007-08-03 18:00:10 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe 2007-06-14 23:00:53 C:\WINDOWS\Tasks\McDefragTask.job - C:\WINDOWS\system32\defrag.exe 2007-02-08 12:19:04 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-11 12:32:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:000003a6 scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-11 12:33:21 --- E O F --- -
analyse Hijackthis (spuware: redirect drivecleaner, maxifile, winanpsp
beboy38 a répondu à un(e) sujet de beboy38 dans Analyses et éradication malwares
voila le rapport juste pour info , antivir au demarrage ma indiqué des trojans et autres prob généré par le log que tu viens de me faire installer? est normal? j ai etait obligé de les ignoré car si je les met en quarantaine le pc demarre pas..? Username " - 2007-08-11 11:55:35 [Fixwareout edited 2007/07/05] »»»»»Prerun check Cache de résolution DNS vidé. System was rebooted successfully. »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... »»»»» Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" "Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe" "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "Cloneur Expert Monitor"="\"C:\\Program Files\\Micro Application\\Cloneur Expert\\TrueImageMonitor.exe\"" "nwiz"="nwiz.exe /installquiet" "MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall" "MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe" "MWLExe"="C:\\Program Files\\Mcafee\\MWL\\MWLGui.exe /Start" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "McAfee Backup"="C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe" "MBkLogOnHook"="C:\\Program Files\\McAfee\\MBK\\LogOnHook.exe" "SSBkgdUpdate"="C:\\Program Files\\Fichiers communs\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe -Embedding -boot" "ISUSPM Startup"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup" "WTIndicator"="C:\\Program Files\\WinTask\\Bin\\SchedInd.exe" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuperCopier2.exe"="C:\\Program Files\\SuperCopier2\\SuperCopier2.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»» -
analyse Hijackthis (spuware: redirect drivecleaner, maxifile, winanpsp
beboy38 a répondu à un(e) sujet de beboy38 dans Analyses et éradication malwares
bonjour je venais voir si Bruce lee ou un autre des ses collegues pouvait me donner un coup de main. svp car je suis tjs avec le mm prob. -
analyse Hijackthis (spuware: redirect drivecleaner, maxifile, winanpsp
beboy38 a répondu à un(e) sujet de beboy38 dans Analyses et éradication malwares
je viens de faire un nouveau test sur google ds moteur de recherche je tape Free j obtient le lien www.free.fr je clic dessus et cette fois je suis redirigé vers cette page http://www.heavy.com/?partner=aff77 en fait chaque fois que je clic pour la premiere fois sur un nouveau lien ca me redirige sur un site soit X soit de pub.... -
analyse Hijackthis (spuware: redirect drivecleaner, maxifile, winanpsp
beboy38 a répondu à un(e) sujet de beboy38 dans Analyses et éradication malwares
merci de prendre du tps pour moi sinon un autre truc apparait depuis qq jours , peut etre que c est lié. Shot at 2007-08-10 oops pas bien visible re recopi "la DLL systeme user32.dll a été repositionnée en mémoire . l application ne s executera pas correcttement. le repositionnement a été fait car la Dll C:/WINDOWX/Systeme32/shell32.dll occupait une zone d adresse reservée pour les dll susteme de windows NT. le vendeur ayant fournit la DLL doit etre contactée pour en obtenir une nouvelle" Search Navipromo version 2.0.7 commencé le 10/08/2007 à 20:38:37,45 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 08.08.2007 a 18h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\STEPHAN\Application Data *** *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html Fichier(s) caché(s) dans C:\WINDOWS\system32 : Processus caché(s) dans C:\WINDOWS\system32 : *** Recherche fichiers *** *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : * ** *** **** ***** ****** ******* ******** 3)Recherche Certificats : *** Recherche avec GenericNaviSearch Beta *** !!! Tous Ces résultats peuvent révéler des fichiers légitimes !!! !!! A verifier impérativement avant toute suppression manuelle !!! Fichiers trouvés : Aucun Fichier trouvé ! Fichiers suspects : Aucun Fichier suspect trouvé ! *** Analyse Terminé le 10/08/2007 à 20:52:56,68 *** -
bonjour, bien voila comme bcp je rencontre de des prob depuis qq jours , je m explique. qd je suis sur IE et par exemple en etant sur google je tape (recherche Free) et que ensuite je tape sur le lien, je suis rediriger sur des site souvent X ou autre site commercial souvent ca passe avant par des lien type ( maxifile, referenco...) sinon j ai des fenetre internet E qui souvrent comme ca mm si je ne suis pas en train de surfer... et j ai l impression de mon proc est assez solicité car il soufle un peut trop à mon gout. avant de poster, j ai appliqué tt ce que vs aviez conseillé , cad: demarrage en mode ss echec , antivir, sup des tempo etc... j ai aussi, lancé plusieurs fois, spyboot, A2square, et AVG, ainsi que mon antiv Mac afee voici mon rapport, merci d avance: Logfile of HijackThis v1.99.1 Scan saved at 19:41:26, on 10/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\a-squared Free\a2service.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\McAfee\MBK\MBackMonitor.exe C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\McAfee\MSK\MskAgent.exe C:\Program Files\Mcafee\MWL\MWLGui.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Mcafee\MWL\MwlSvc.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\Program Files\WinTask\Bin\SchedInd.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0 \ActiveX\AcroIEHelper.dll O2 - BHO: WTBho Class - {348FE907-249E-4C65-A838-F34A193FE1D1} - C:\Program Files\WinTask\Bin\TaskBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1 \FlashFXP\IEFlash.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy- WebPrint\Toolband.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe O4 - HKLM\..\Run: [sSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe - Embedding -boot O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [WTIndicator] C:\Program Files\WinTask\Bin\SchedInd.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy- WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy- WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy- WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy- WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/R...rod/DownMan.cab O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://fr.mcafee.com/Apps/WSC/fr/WscWlanScannerCtrl.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoreflex.com/tools/ImageUplo...geUploader3.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp04.photoprintit.de/microsite/121...IPSUploader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{11CEBAC6-0C28-4A63-B39E-74A1B4BB9249}: NameServer = 212.27.32.176,212.27.32.177 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2 \schedul2.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1 \mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: WTScheduler - Unknown owner - C:\Program Files\WinTask\Bin\SchedSrv.exe