Digger
-
Compteur de contenus
444 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Digger
-
Firefox et fenêtres de pub (résolu)
Digger a répondu à un(e) sujet de Digger dans Analyses et éradication malwares
Par exemple, là, je cherchais un exemple à mettre ici. alors j'ai ouvert Yahoo et hop, c'est cette fenêtre qui s'est ouverte. Parfois c'est une autre marque, parfais plusieurs à la suite... Et n'importe quand. A l'arrivée sur le site que je veux ou en cours de nav. -
Firefox et fenêtres de pub (résolu)
Digger a répondu à un(e) sujet de Digger dans Analyses et éradication malwares
Où puis je trouver ce titre? Voici un copié-collé de la fenêtre qui vient de s'ouvrir: http://www.france-credit.fr/?campagne=camp...gine=ValueClick merci -
Firefox et fenêtres de pub (résolu)
Digger a répondu à un(e) sujet de Digger dans Analyses et éradication malwares
Une fois en place, lance le programme et clique sur Do report and save logfile, et copie colle le contenu du bloc notes qui va apparaître dans ta réponse. @ toute Et voici le rapport. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:00:33, on 12/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\lotus\notes\ntmulti.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\TEMP\HPDB4A.EXE C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\NetWaiting\netWaiting.exe C:\PROGRA~1\MI3AA1~1\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CommonTime\mNotes\CdzSvc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Apoint\Apntex.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\CommonTime\mNotes\cadenza.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel=fr&ibd=0061201 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/hws/sb/dell-row-rel/f...html?channel=fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/hws/sb/dell-row-rel/f...html?channel=fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel=fr&ibd=0061201 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/hws/sb/dell-row-rel/f...html?channel=fr R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel=fr&ibd=0061201 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.fr.f251.mail.yahoo.com;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 172.19.150.30 serpar03 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [babyGoCP] C:\Program Files\FreeAngel\FreeAngel.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Cadenza] C:\Program Files\CommonTime\mNotes\CdzSvc.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.n9ws.com/webscanner/kavwebscan_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165412670765 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eclairgroup.local O17 - HKLM\Software\..\Telephony: DomainName = eclairgroup.local O17 - HKLM\System\CCS\Services\Tcpip\..\{A24F5CFC-7A28-4134-80B5-D439E9D4E298}: NameServer = 10.1.4.50,10.7.4.70 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eclairgroup.local O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Scan en temps réel d'OfficeScanNT (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Service d'écoute d'OfficeScan NT (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 10846 bytes Merci -
Firefox et fenêtres de pub (résolu)
Digger a répondu à un(e) sujet de Digger dans Analyses et éradication malwares
Une fois en place, lance le programme et clique sur Do report and save logfile, et copie colle le contenu du bloc notes qui va apparaître dans ta réponse. @ toute Et voici le rapport. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:00:33, on 12/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\lotus\notes\ntmulti.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\TEMP\HPDB4A.EXE C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\NetWaiting\netWaiting.exe C:\PROGRA~1\MI3AA1~1\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CommonTime\mNotes\CdzSvc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Apoint\Apntex.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\CommonTime\mNotes\cadenza.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel=fr&ibd=0061201 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/hws/sb/dell-row-rel/f...html?channel=fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/hws/sb/dell-row-rel/f...html?channel=fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel=fr&ibd=0061201 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/hws/sb/dell-row-rel/f...html?channel=fr R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel=fr&ibd=0061201 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.fr.f251.mail.yahoo.com;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 172.19.150.30 serpar03 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [babyGoCP] C:\Program Files\FreeAngel\FreeAngel.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Cadenza] C:\Program Files\CommonTime\mNotes\CdzSvc.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.n9ws.com/webscanner/kavwebscan_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165412670765 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eclairgroup.local O17 - HKLM\Software\..\Telephony: DomainName = eclairgroup.local O17 - HKLM\System\CCS\Services\Tcpip\..\{A24F5CFC-7A28-4134-80B5-D439E9D4E298}: NameServer = 10.1.4.50,10.7.4.70 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eclairgroup.local O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Scan en temps réel d'OfficeScanNT (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Service d'écoute d'OfficeScan NT (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 10846 bytes -
Firefox et fenêtres de pub (résolu)
Digger a répondu à un(e) sujet de Digger dans Analyses et éradication malwares
Ok pour l'autre sujet, bien entendu... Je fais le nécessaire pour HJT. @toute -
Bonjour, je fonctionne sous XP avec Firefox. Spybot veille ainsi que Trend micro office scan. Malgré cela je me suis fait piégé et je me retrouve avec des fenêtres qui s'ouvrent de manière hiératique dans de nouveaux onglets. MT me dit qu'il n'y a pas de fichiers infecté... Quelqu'un pour un peu d'aide? Merci
-
Utiliser la procédure d'éradication d'un autre?
Digger a répondu à un(e) sujet de Digger dans Analyses et éradication malwares
Merci je fais cela de suite -
Utiliser la procédure d'éradication d'un autre?
Digger a posté un sujet dans Analyses et éradication malwares
Bonjour, cet ennui étant récurrent, l'ouverture dans un autre onglet de pub, puis je prendre un mode opératoire déjà suivi ici pour résoudre mon pb? Merci -
Renvoi d'une boîte mel sur une autre?
Digger a répondu à un(e) sujet de Digger dans Internet & Réseaux
Merci -
Merci je m'y porte de suite, ... Bonne journée
-
Concernant le format, j'avoue ne pas avoir trop regardé. Un peu comme un enfant à Noel, vite vite vite... De plus à l'époque où je l'ai achetée, cette musique, je n'avais pas de Mp3... Ben! Oui j'ai acheté le morceau en ligne. Je n'aurais pas le droit de le mettre ailleurs que sur mon disque dur?
-
Bonsoir, pouvez vous m'indiquer un freeware pour transformer un fichier WMA, dont j'ai acquis la licence sur Virginmega.com, en Mp3 pour le stocker sur un Shuffle? Merci
-
Renvoi d'une boîte mel sur une autre?
Digger a répondu à un(e) sujet de Digger dans Internet & Réseaux
Le mel d'origine c'est le nom de domaine de la boîte et celui sur lequel je voudrais faire arriver le courrier pro c'est yahoo. -
Bonjour, je voudrais savoir si je peux renvoyer mes mel pro sur mon adresse perso? De manière à en prendre connaissance à distance parce que je n'y ai pas accès avec le web acces d'Outlook... Merci de vos info. Bonne matinée.
-
Bonjour, Dans la fenêtre "état de connexion" j'ai une adresse privée automatique et donc une adresse IP et un masque de sous réseau. Mais apparemment, je n'ai pas de passerelle par défaut pas de DNS pas de WINS. Alors que sur un autre PC en Wifi, j'ai tout ceci et c'est le OS, Win XP. Comment faire?
-
Bonjour, un GRAND merci à Angélique pour sa patience et sa perspicacité qui alliées à son "professionnalisme" sont venus à bout des cata que j'avais provoqué. Bonne journée
-
Bonsoir, lorsque vous demandez les nouveaux mots de passe, je présume qu'on vous demande votre adresse mel. A cette adresse, ne recevez vous pas un message vous demandant de valider votre nouveau mot de passe et votre nouvel accès? Je sais que sur certains forum, c'est comme cela qu'il faut procéder. Vérifiez, peut être que...
-
Bonjour, quelqu'un aurait il une idée?
-
Dois je comprendre par ce "bah voilà" que tout est clean? La section O17?
-
Bon c'est ok. Je te mets le HJT. Mais peux tu me donner des info sur les lignes suivantes: R1 HKCUX soft... O9 extra button create mobile favorite O9 extra tools menuitem creer un favorit mobile O14 IERESET.inf les 3 lignes O17 O23 Service tivoli endpoint O23 Service Tivoli remote ctrl. Merci Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:55:27, on 12/03/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\ibmpmsvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\hidserv.exe C:\WINNT\RCSERV.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.kodak.com:81/proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [E:\] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - .DEFAULT Startup: ieproxychk.bat (User 'Default user') O4 - .DEFAULT Startup: userdata.bat (User 'Default user') O4 - .DEFAULT User Startup: ieproxychk.bat (User 'Default user') O4 - .DEFAULT User Startup: userdata.bat (User 'Default user') O4 - Global Startup: Collect Most Frequent Userid.lnk.disabled O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O14 - IERESET.INF: START_PAGE_URL=http://home.kodak.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr.kodak.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fr.kodak.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fr.kodak.com O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: IBM PM Service (IBMPMSVC) - IBM Corp. - C:\WINNT\System32\ibmpmsvc.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\apps\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE (file missing) O23 - Service: Tivoli Remote Control Service (TME10RC) - TIVOLI Systems - C:\WINNT\RCSERV.EXE -- End of file - 5288 bytes
-
J'ai refait un HJT corbeille vidée, mais rien n'y fait... Que faire pour enfin clore le sujet? Fixer sur hjt?
-
Et voilà le dernier HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:55:31, on 11/03/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\ibmpmsvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\hidserv.exe C:\WINNT\RCSERV.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.kodak.com:81/proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [E:\] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - .DEFAULT Startup: ieproxychk.bat (User 'Default user') O4 - .DEFAULT Startup: userdata.bat (User 'Default user') O4 - .DEFAULT User Startup: ieproxychk.bat (User 'Default user') O4 - .DEFAULT User Startup: userdata.bat (User 'Default user') O4 - Global Startup: Collect Most Frequent Userid.lnk.disabled O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O14 - IERESET.INF: START_PAGE_URL=http://home.kodak.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr.kodak.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fr.kodak.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fr.kodak.com O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: McAfee Alert Manager (AlertManager) - McAfee Division of Network Associates, Inc. - C:\Program Files\Network Associates\Alert Manager\amgrsrvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: IBM PM Service (IBMPMSVC) - IBM Corp. - C:\WINNT\System32\ibmpmsvc.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\apps\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE (file missing) O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Npm\Bin\Zanda.exe (file missing) O23 - Service: Tivoli Remote Control Service (TME10RC) - TIVOLI Systems - C:\WINNT\RCSERV.EXE -- End of file - 5803 bytes J'ai dû me rater sur le Zanda, j'ai pourtant sorti le .reg mais je viens de me rendre compte que je n'avais pas vidé la corbeille. Pour les Mc A, il en reste... Qu'est qu'on faisions?
-
Le "plop", comme la grenouille? Hihihihi.... Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Norman ZANDA] "Type"=dword:00000110 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,56,00,49,00,52,00,55,00,53,00,66,00,\ 69,00,67,00,68,00,74,00,65,00,72,00,5c,00,4e,00,70,00,6d,00,5c,00,42,00,69,\ 00,6e,00,5c,00,5a,00,61,00,6e,00,64,00,61,00,2e,00,65,00,78,00,65,00,22,00,\ 00,00 "DisplayName"="Norman ZANDA" "ObjectName"="LocalSystem" "DependOnService"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,00,00 "DependOnGroup"=hex(7):00,00 "Group"="NDIS" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Norman ZANDA\Security] "Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,70,00,04,00,00,00,00,00,18,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,00,00,00,00,1c,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\ 20,00,00,00,20,02,00,00,c1,9f,a0,11,00,00,18,00,8d,01,02,00,01,01,00,00,00,\ 00,00,05,0b,00,00,00,20,02,00,00,00,00,1c,00,fd,01,02,00,01,02,00,00,00,00,\ 00,05,20,00,00,00,23,02,00,00,c1,9f,a0,11,01,01,00,00,00,00,00,05,12,00,00,\ 00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Norman ZANDA\Enum] "0"="Root\\LEGACY_NORMAN_ZANDA\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 la Fb est en routeur. le HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:30:09, on 11/03/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\ibmpmsvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\hidserv.exe C:\WINNT\RCSERV.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.kodak.com:81/proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [E:\] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - .DEFAULT Startup: ieproxychk.bat (User 'Default user') O4 - .DEFAULT Startup: userdata.bat (User 'Default user') O4 - .DEFAULT User Startup: ieproxychk.bat (User 'Default user') O4 - .DEFAULT User Startup: userdata.bat (User 'Default user') O4 - Global Startup: Collect Most Frequent Userid.lnk.disabled O4 - Global Startup: McAfee Desktop Firewall Tray.lnk.disabled O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O14 - IERESET.INF: START_PAGE_URL=http://home.kodak.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr.kodak.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fr.kodak.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fr.kodak.com O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: McAfee Alert Manager (AlertManager) - McAfee Division of Network Associates, Inc. - C:\Program Files\Network Associates\Alert Manager\amgrsrvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: IBM PM Service (IBMPMSVC) - IBM Corp. - C:\WINNT\System32\ibmpmsvc.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\apps\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE (file missing) O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Npm\Bin\Zanda.exe (file missing) O23 - Service: Tivoli Remote Control Service (TME10RC) - TIVOLI Systems - C:\WINNT\RCSERV.EXE -- End of file - 5913 bytes Le Mc afee est toujours là. Un message est apparu pendant le removal, en gros il était écrit que tout ne pourrait être désinstallé... On ne peut fonctionner avec ces restes? je comprends que ce n'est pas très "propre" mais je ne vois pas comment faire pour les enlever... Zanda aussi d'ailleurs. On peut les "fixer avec HJT?
-
J'ai trouvé Zanda mais pas en gras. Je l'efface quand même? Pour Mc afee, la réponse est non. Il était installé, je l'ai enlevé et mis Avira comme tu me l'as dit.
-
Bonjour, voici le combo: ComboFix 08-03-09.4 - EKAdmin 11/03/2008 9:43:58.3 - NTFSx86 Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1033.18.529 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 ))))))))))))))))))))))))))))))) . 2008-03-10 12:17 . 08-03-10 12:17 <DIR> d-------- C:\WINNT\ERUNT 2008-03-09 17:57 . 08-03-09 17:57 <DIR> d-------- C:\Program Files\Avira 2008-03-09 17:57 . 08-03-09 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-03-08 13:52 . 08-03-08 13:51 691,545 --a------ C:\WINNT\unins000.exe 2008-03-08 13:52 . 08-03-08 13:52 2,547 --a------ C:\WINNT\unins000.dat 2008-03-05 07:59 . 08-03-10 21:07 <DIR> d-------- C:\Hijackthis 2008-03-04 20:00 . 08-03-05 07:30 <DIR> d-------- C:\Program Files\a-squared Anti-Malware 2008-03-04 19:47 . 08-03-04 19:47 <DIR> d-------- C:\Program Files\ToniArts 2008-03-03 14:07 . 08-03-03 14:07 0 --a------ C:\WINNT\3 2008-03-01 14:21 . 08-03-03 12:33 <DIR> d-------- C:\Program Files\Defenza 2008-03-01 14:21 . 96-08-20 20:37 15,840 --a------ C:\WINNT\system32\Machnm1.exe 2008-03-01 14:21 . 05-09-25 16:37 5,632 --a------ C:\WINNT\system32\Machnm64.sys 2008-03-01 14:21 . 08-03-01 14:21 3,120 --a------ C:\WINNT\system32\118290.54 2008-03-01 14:21 . 08-03-01 14:21 3,120 --a------ C:\WINNT\118294.78 2008-03-01 14:21 . 03-08-13 00:27 2,304 --a------ C:\WINNT\system32\Machnm32.sys 2008-03-01 14:08 . 08-03-01 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2008-03-01 13:50 . 08-03-01 14:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue 2008-03-01 13:42 . 08-03-01 13:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ItsLabel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-08 12:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-08 12:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-07 19:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM 2008-03-04 18:47 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-04 18:47 --------- d---a-w C:\Program Files\Common Files\InstallShield 2008-01-21 09:59 --------- d-----w C:\Program Files\Trend Micro 2008-01-21 09:51 102,664 ----a-w C:\WINNT\system32\drivers\tmcomm.sys 2003-09-01 08:38 832 ----a-w C:\Program Files\INSTALL.LOG 2002-01-08 19:10 271 ---ha-w C:\Program Files\desktop.ini 2002-01-08 19:10 21,952 ---ha-w C:\Program Files\folder.htt 1999-12-07 12:00 32,528 -c--a-w C:\WINNT\inf\wbfirdma.sys . ------- Sigcheck ------- 01-05-08 01:00 7952 1206706a25c5b32652b4f465ede330e9 C:\WINNT\system32\svchost.exe 99-12-07 13:00 7952 9e64ad53cfd9da2d22e8a924f8c6e62c C:\WINNT\system32\dllcache\svchost.exe 03-06-19 11:05 181008 3980c28d116d438bbb36fb38526fde1a C:\WINNT\ServicePackFiles\i386\winlogon.exe 05-06-03 11:25 191248 5b5c3a13997c536c1ea1956ac7a41db8 C:\WINNT\system32\WINLOGON.EXE 03-06-19 17:05 181008 3980c28d116d438bbb36fb38526fde1a C:\WINNT\system32\dllcache\WINLOGON.EXE 03-06-19 11:05 1694080 541daef38c9c82541690aa7e6f52f654 C:\WINNT\ServicePackFiles\i386\ntkrnlpa.exe 07-03-06 05:03 1717056 12e5366b7d7eac583309cdada766b2e9 C:\WINNT\system32\NTKRNLPA.EXE 03-06-19 11:05 1719056 61a2dcfce1abf5340d2128e45b5f52b7 C:\WINNT\ServicePackFiles\i386\ntoskrnl.exe 07-03-06 05:03 1694400 a7ac10f8cea3d5d48e8a38f09462c448 C:\WINNT\system32\NTOSKRNL.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ] "E:\"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [08-03-10 07:06 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "internat.exe"="internat.exe" [01-05-08 01:00 20752 C:\WINNT\system32\internat.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 17:05 186640] C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ ieproxychk.bat [2003-11-17 15:47:06 214] userdata.bat [2001-09-04 21:41:19 251] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Collect Most Frequent Userid.lnk.disabled [2004-04-16 17:13:38 496] McAfee Desktop Firewall Tray.lnk.disabled [2004-04-16 17:13:38 745] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "disablecad"= 0 (0x0) "RunLogonScriptSync"= 0 (0x0) "RunStartupScriptSync"= 1 (0x1) "SynchronousMachineGroupPolicy"= 1 (0x1) "SynchronousUserGroupPolicy"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoToolbarCustomize"= 0 (0x0) "NoBandCustomize"= 0 (0x0) "NoMSAppLogo5ChannelNotify"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "Btn_Back"= 0 (0x0) "Btn_Forward"= 0 (0x0) "Btn_Stop"= 0 (0x0) "Btn_Refresh"= 0 (0x0) "Btn_Home"= 0 (0x0) "Btn_Search"= 0 (0x0) "Btn_History"= 0 (0x0) "Btn_Favorites"= 0 (0x0) "Btn_Folders"= 0 (0x0) "Btn_Fullscreen"= 0 (0x0) "Btn_Tools"= 0 (0x0) "Btn_MailNews"= 0 (0x0) "Btn_Size"= 0 (0x0) "Btn_Print"= 0 (0x0) "Btn_Edit"= 0 (0x0) "Btn_Discussions"= 0 (0x0) "Btn_Cut"= 0 (0x0) "Btn_Copy"= 0 (0x0) "Btn_Paste"= 0 (0x0) "Btn_Encoding"= 0 (0x0) "Btn_PrintPreview"= 0 (0x0) "NoFavoritesMenu"= 0 (0x0) "NoLogoff"= 0 (0x0) "EnforceShellExtensionSecurity"= 0 (0x0) "NoDeletePrinter"= 0 (0x0) "NoAddPrinter"= 0 (0x0) "NoPrinterTabs"= 0 (0x0) "Btn_Media"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync] WcesWlgn.dll 05-11-15 19:44 7168 C:\WINNT\system32\WcesWlgn.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 TivoliAP [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "AGRSMMSG"=AGRSMMSG.exe "dla"=C:\WINNT\system32\dla\tfswctrl.exe "lcfep"="C:\apps\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe" -x "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey "pdfFactory Dispatcher v1"=C:\WINNT\System32\spool\DRIVERS\W32X86\2\fppdis1.exe "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe "SwdisUsrPCN.patwlc5528"="C:\apps\Tivoli\lcf\dat\1\cache\lib\w32-ix86\wdusrpcn.exe" "C:\apps\Tivoli\swdis\1\wdusrpcn.env" "Synchronization Manager"=mobsync.exe /logon R0 avgntmgr;avgntmgr;C:\WINNT\system32\DRIVERS\avgntmgr.sys [07-07-18 14:21 ] R1 avgntdd;avgntdd;C:\WINNT\system32\DRIVERS\avgntdd.sys [07-08-09 13:03 ] R1 TGrab;Tivoli Remote Control Text Grabber;C:\WINNT\system32\drivers\TGrab.sys [03-04-11 09:05 ] R1 TPPWR;TPPWR;C:\WINNT\system32\drivers\Tppwr.sys [03-01-17 01:32 ] R2 MouEx2;Tivoli Remote Control Pointer Filter;C:\WINNT\system32\drivers\MouEx2.sys [03-04-11 09:05 ] R3 Eqnmirdd;Eqnmirdd;C:\WINNT\system32\DRIVERS\Eqnmirdd.sys [03-04-11 09:05 ] R3 fhlppppoe;PPPOE/ADSL miniport;C:\WINNT\system32\DRIVERS\fhlpppoe.sys [02-11-21 16:35 ] R3 KeyEx2;Tivoli Remote Control Keyboard Filter;C:\WINNT\system32\drivers\KeyEx2.sys [03-04-11 09:05 ] R3 Tp4Track;IBM PS/2 TrackPoint Driver;C:\WINNT\system32\DRIVERS\tp4track.sys [02-07-16 09:07 ] S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINNT\system32\DRIVERS\ipsecw2k.sys [] S2 lcfd;Tivoli Endpoint;"C:\apps\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE" [] S3 Eacfilt;Eacfilt Miniport;C:\WINNT\system32\DRIVERS\eacfilt.sys [] S3 FireProx;%pgpnetMP_Desc%;C:\WINNT\system32\DRIVERS\fireprox.sys [] S3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINNT\system32\DRIVERS\ipsecw2k.sys [] S3 usb_rndisy;USB RNDIS Adapter;C:\WINNT\system32\DRIVERS\usb8023y.sys [05-10-25 09:02 ] . Contents of the 'Scheduled Tasks' folder "2007-06-15 18:02:40 C:\WINNT\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2006-09-11 06:40:49 C:\WINNT\Tasks\BMMTask.job" - C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE "2008-03-03 11:29:38 C:\WINNT\Tasks\Uniblue SpyEraser Nag.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2008-03-01 13:09:32 C:\WINNT\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-11 09:50:04 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "E:\\"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe" . ------------------------ Other Running Processes ------------------------ . C:\WINNT\System32\ibmpmsvc.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\hidserv.exe C:\WINNT\RCSERV.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe . ************************************************************************** . Completion time: 2008-03-11 9:52:06 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-11 08:52:02 ComboFix2.txt 2008-03-10 20:05:46 ComboFix3.txt 2008-03-10 13:48:45 voici le Kaspersky: Tuesday, March 11, 2008 2:33:04 PM Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 11/03/2008 Kaspersky Anti-Virus database records: 623475 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ Scan Statistics Total number of scanned objects 64387 Number of viruses found 0 Number of infected objects 0 Number of suspicious objects 0 Duration of the scan process 04:10:05 Infected Object Name Virus Name Last Action C:\DATA\USERS\P15750\KODAK.doc Object is locked skipped C:\DATA\USERS\P15750\LABORATOIRE E.doc Object is locked skipped C:\DATA\USERS\P15750\~WRL0003.tmp Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sue4fut3.default\cert8.db Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sue4fut3.default\formhistory.dat Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sue4fut3.default\history.dat Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sue4fut3.default\key3.db Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sue4fut3.default\parent.lock Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sue4fut3.default\search.sqlite Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sue4fut3.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\sue4fut3.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\sue4fut3.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\sue4fut3.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\sue4fut3.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped C:\WINNT\CSC\00000001 Object is locked skipped C:\WINNT\Debug\Netlogon.log Object is locked skipped C:\WINNT\Debug\PASSWD.LOG Object is locked skipped C:\WINNT\security\logs\scepol.log Object is locked skipped C:\WINNT\system32\CatRoot\SYSMAST.cbd Object is locked skipped C:\WINNT\system32\CatRoot\SYSMAST.cbk Object is locked skipped C:\WINNT\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATMAST.cbd Object is locked skipped C:\WINNT\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATMAST.cbk Object is locked skipped C:\WINNT\system32\config\Antivirus.Evt Object is locked skipped C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped C:\WINNT\system32\config\default Object is locked skipped C:\WINNT\system32\config\default.LOG Object is locked skipped C:\WINNT\system32\config\SAM Object is locked skipped C:\WINNT\system32\config\SAM.LOG Object is locked skipped C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped C:\WINNT\system32\config\SECURITY Object is locked skipped C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped C:\WINNT\system32\config\software Object is locked skipped C:\WINNT\system32\config\software.LOG Object is locked skipped C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped C:\WINNT\system32\config\system Object is locked skipped C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped Scan process completed. Et enfin le HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:35:59, on 11/03/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\ibmpmsvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\hidserv.exe C:\WINNT\RCSERV.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINNT\explorer.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.kodak.com:81/proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [E:\] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - .DEFAULT Startup: ieproxychk.bat (User 'Default user') O4 - .DEFAULT Startup: userdata.bat (User 'Default user') O4 - .DEFAULT User Startup: ieproxychk.bat (User 'Default user') O4 - .DEFAULT User Startup: userdata.bat (User 'Default user') O4 - Global Startup: Collect Most Frequent Userid.lnk.disabled O4 - Global Startup: McAfee Desktop Firewall Tray.lnk.disabled O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O14 - IERESET.INF: START_PAGE_URL=http://home.kodak.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr.kodak.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fr.kodak.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fr.kodak.com O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: McAfee Alert Manager (AlertManager) - McAfee Division of Network Associates, Inc. - C:\Program Files\Network Associates\Alert Manager\amgrsrvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: IBM PM Service (IBMPMSVC) - IBM Corp. - C:\WINNT\System32\ibmpmsvc.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\apps\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE (file missing) O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Npm\Bin\Zanda.exe (file missing) O23 - Service: Tivoli Remote Control Service (TME10RC) - TIVOLI Systems - C:\WINNT\RCSERV.EXE -- End of file - 6013 bytes On en a fini maintenant ou il reste encore quelques cochonneries qui traînent à droite ou à gauche?