lydia8393
-
Compteur de contenus
4 -
Inscription
-
Dernière visite
lydia8393's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Iexplore.exe et UC = pas bon ménage !!!! UC 100%
lydia8393 a répondu à un(e) sujet de lydia8393 dans Analyses et éradication malwares
Merci beaucoup pour votre précieuse aide A bientot -
Iexplore.exe et UC = pas bon ménage !!!! UC 100%
lydia8393 a répondu à un(e) sujet de lydia8393 dans Analyses et éradication malwares
kikoo Comme tu me l'as demandé voila le rapport de DiagHelp Je te remercie de prendre de ton temps AAAAA Plucheeeee DiagHelp version v1.4 - http://www.malekal.com excute le 06/04/2008 à 14:47:48,00 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->06/04/2008 14:47:26 C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->06/04/2008 14:47:08 C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->06/04/2008 14:46:20 C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-090074F0.pf -->06/04/2008 14:40:48 C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf -->06/04/2008 14:40:44 C:\WINDOWS\prefetch\REALPLAY.EXE-05411014.pf -->06/04/2008 14:40:36 C:\WINDOWS\prefetch\LOGONUI.EXE-312BE1BF.pf -->06/04/2008 06:40:48 C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf -->06/04/2008 00:00:44 C:\WINDOWS\prefetch\HELPSVC.EXE-1C192440.pf -->06/04/2008 00:00:30 C:\WINDOWS\prefetch\Layout.ini -->05/04/2008 23:59:56 C:\WINDOWS\System32\drivers\avipbb.sys -->01/04/2008 21:18:32 C:\WINDOWS\System32\drivers\NTIDrvr.sys -->20/02/2008 20:01:42 C:\WINDOWS\System32\drivers\usbaapl.sys -->15/01/2008 02:39:58 C:\WINDOWS\System32\drivers\PxHelp20.sys -->04/01/2008 22:58:46 C:\WINDOWS\System32\drivers\cdr4_xp.sys -->04/01/2008 22:58:46 C:\WINDOWS\System32\drivers\cdralw2k.sys -->04/01/2008 22:58:46 C:\WINDOWS\System32\drivers\mrxdav.sys -->18/12/2007 10:51:36 C:\WINDOWS\System32\cdplayer.exe.manifest -->05/04/2008 19:15:26 C:\WINDOWS\System32\wuaucpl.cpl.manifest -->05/04/2008 19:15:26 C:\WINDOWS\System32\sapi.cpl.manifest -->05/04/2008 19:15:26 C:\WINDOWS\System32\nwc.cpl.manifest -->05/04/2008 19:15:26 C:\WINDOWS\System32\ncpa.cpl.manifest -->05/04/2008 19:15:26 C:\WINDOWS\System32\iiSetup.log -->04/04/2008 19:00:04 C:\WINDOWS\System32\eRLog.ini -->30/03/2008 14:29:42 C:\WINDOWS\System32\FNTCACHE.DAT -->30/03/2008 13:44:54 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log -->30/03/2008 12:03:32 C:\WINDOWS\System32\mapisvc.inf -->26/02/2008 03:10:50 C:\WINDOWS\System32\PerfStringBackup.INI -->26/02/2008 03:06:10 C:\WINDOWS\System32\perfh00C.dat -->26/02/2008 03:06:10 C:\WINDOWS\System32\perfc00C.dat -->26/02/2008 03:06:10 C:\WINDOWS\System32\perfh009.dat -->26/02/2008 03:06:10 C:\WINDOWS\System32\perfc009.dat -->26/02/2008 03:06:10 C:\WINDOWS\System32\TZLog.log -->22/02/2008 03:05:24 C:\WINDOWS\System32\javacpl.cpl -->22/02/2008 02:33:32 C:\WINDOWS\System32\javaws.exe -->22/02/2008 02:33:32 C:\WINDOWS\System32\javaw.exe -->22/02/2008 01:23:40 C:\WINDOWS\System32\java.exe -->22/02/2008 01:23:36 C:\WINDOWS\System32\rmoc3260.dll -->20/02/2008 21:53:50 C:\WINDOWS\System32\pndx5032.dll -->20/02/2008 21:53:32 C:\WINDOWS\System32\pndx5016.dll -->20/02/2008 21:53:32 C:\WINDOWS\System32\msvcr71.dll -->20/02/2008 21:53:28 C:\WINDOWS\System32\msvcp71.dll -->20/02/2008 21:53:28 C:\WINDOWS\wmsetup.log -->05/04/2008 22:08:28 C:\WINDOWS\WindowsShell.Manifest -->05/04/2008 19:15:26 C:\WINDOWS\0.log -->05/04/2008 19:09:14 C:\WINDOWS\ModemLog_SoftV90 Data Fax Modem with SmartCP.txt -->05/04/2008 19:08:42 C:\WINDOWS\win.ini -->05/04/2008 19:07:22 C:\WINDOWS\system.ini -->05/04/2008 19:07:22 C:\WINDOWS\bootstat.dat -->05/04/2008 19:07:02 C:\WINDOWS\SchedLgU.Txt -->05/04/2008 19:06:12 C:\WINDOWS\WindowsUpdate.log -->05/04/2008 19:05:56 C:\WINDOWS\setupapi.log -->04/04/2008 18:11:28 C:\WINDOWS\msnfix.txt -->01/04/2008 21:23:24 C:\WINDOWS\ntbtlog.txt -->01/04/2008 19:27:54 C:\WINDOWS\tsc.ini -->01/04/2008 18:49:32 C:\WINDOWS\vsapi32.dll -->01/04/2008 18:28:24 C:\WINDOWS\BPMNT.dll -->01/04/2008 18:28:22 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ EXPLORER.EXE pid: 1572 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x02a70000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x03530000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x10000000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll 0x01380000 0x2e000 C:\Program Files\WinRAR\rarext.dll 0x019a0000 0x11000 7.00.0000.0010 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll 0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL 0x02f80000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll 0x59590000 0x19000 9.00.0000.3250 C:\WINDOWS\system32\wmpshell.dll 0x02470000 0x3c000 3.00.0000.4020 C:\WINDOWS\system32\igfxpph.dll 0x01300000 0x1e000 3.00.0000.4020 C:\WINDOWS\system32\hccutils.DLL 0x024b0000 0x2a000 3.00.0000.4020 C:\WINDOWS\system32\igfxres.dll 0x027c0000 0x58000 3.00.0000.4020 C:\WINDOWS\system32\igfxsrvc.dll 0x024e0000 0x24000 3.00.0000.4020 C:\WINDOWS\system32\igfxdev.dll 0x00f40000 0xb000 6.00.0000.0878 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ WINLOGON.EXE pid: 652 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x10000000 0x58000 3.00.0000.4020 C:\WINDOWS\system32\igfxsrvc.dll 0x00d70000 0x1e000 3.00.0000.4020 C:\WINDOWS\system32\hccutils.DLL Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 1B71-12F5 Répertoire de C:\WINDOWS\system32 05/08/2004 05:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 10 102 652 928 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 1B71-12F5 Répertoire de C:\WINDOWS\Downloaded Program Files 15/10/2004 11:59 <REP> . 15/10/2004 11:59 <REP> .. 15/10/2004 11:59 65 desktop.ini 11/04/2007 14:55 1 292 erma.inf 27/03/2003 22:48 683 008 msrdp.ocx 27/03/2003 23:09 1 558 msrdp.inf 02/11/2005 18:07 435 712 xscan53.ocx 02/11/2005 18:01 1 777 xscan.inf 07/01/2007 12:55 2 305 kavwebscan.inf 02/07/2007 15:44 941 688 asquared.ocx 8 fichier(s) 2 067 405 octets Total des fichiers listés : 8 fichier(s) 2 067 405 octets 2 Rép(s) 10 102 652 928 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... 127.0.0.1 activexupdate.com 127.0.0.1 www.activexupdate.com 127.0.0.1 www.antispywareupdates.net 127.0.0.1 antispywareupdates.net 127.0.0.1 www.avpcheckupdate.com 127.0.0.1 avpcheckupdate.com 127.0.0.1 client.exeupdate.com 127.0.0.1 eupdatepage.com 127.0.0.1 www.eupdatepage.com 127.0.0.1 www.exeupdate.com 127.0.0.1 exeupdate.com 127.0.0.1 www.hotwinupdates.com 127.0.0.1 hotwinupdates.com 127.0.0.1 www.lavasoftupdate.com 127.0.0.1 lavasoftupdate.com 127.0.0.1 www.malwarewipeupdate.com 127.0.0.1 malwarewipeupdate.com 127.0.0.1 www.msupdate.net 127.0.0.1 msupdate.net 127.0.0.1 www.msupdater.net 127.0.0.1 msupdater.net 127.0.0.1 www.necessaryupdates.com 127.0.0.1 necessaryupdates.com 127.0.0.1 newupdates.lzio.com 127.0.0.1 redirect.msupdate.net 127.0.0.1 search.keyword.exeupdate.com 127.0.0.1 securityupdatesite.com 127.0.0.1 www.securityupdatesite.com 127.0.0.1 settings.updatemysettings.com 127.0.0.1 www.spyaxeupdate.com 127.0.0.1 spyaxeupdate.com 127.0.0.1 spyfalconupdate.com 127.0.0.1 www.spyfalconupdate.com 127.0.0.1 www.systemupdates.net 127.0.0.1 systemupdates.net 127.0.0.1 trial.updates.winsoftware.com 127.0.0.1 update.680180.net 127.0.0.1 update.shareaza.com 127.0.0.1 www.updatemysettings.com 127.0.0.1 updatemysettings.com 127.0.0.1 updates.spywarequake.com 127.0.0.1 www.urgentsystemupdate.biz 127.0.0.1 urgentsystemupdate.biz 127.0.0.1 www.urgentsystemupdate.com 127.0.0.1 urgentsystemupdate.com 127.0.0.1 windupdates.com 127.0.0.1 www.pandaantivirus-2007.com 127.0.0.1 pandaantivirus-2007.com 127.0.0.1 www.pandadownload-now.com 127.0.0.1 pandadownload-now.com 127.0.0.1 www.panda-hq.com 127.0.0.1 panda-hq.com catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-06 14:48:43 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 116 - CTFMON.EXE 364 - cmd.exe 524 - ANBMSERV.EXE 628 - CSRSS.EXE 652 - WINLOGON.EXE 696 - SERVICES.EXE 708 - LSASS.EXE 852 - SVCHOST.EXE 924 - SVCHOST.EXE 972 - sched.exe 996 - AppleMobileDevi 1012 - SVCHOST.EXE 1060 - guard.exe 1064 - SVCHOST.EXE 1104 - mDNSResponder.e 1572 - EXPLORER.EXE 1624 - SPOOLSV.EXE 1704 - avguard.exe 1976 - avgnt.exe 2428 - alg.exe 2888 - iPodService.exe 3724 - iexplore.exe Total number of processes = 23 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntoskrnl.exe 806EC000 - \WINDOWS\system32\hal.dll F9A8D000 - \WINDOWS\system32\KDCOM.DLL F999D000 - \WINDOWS\system32\BOOTVID.dll F953D000 - ACPI.sys F9A8F000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F952C000 - pci.sys F958D000 - isapnp.sys F959D000 - ohci1394.sys F95AD000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F9A91000 - avgarkt.sys F99A1000 - compbatt.sys F99A5000 - \WINDOWS\system32\DRIVERS\BATTC.SYS F9B55000 - pciide.sys F980D000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F9A93000 - aliide.sys F9A95000 - intelide.sys F9A97000 - toside.sys F99A9000 - UBHelper.sys F9A99000 - viaide.sys F9A9B000 - cmdide.sys F950E000 - pcmcia.sys F95BD000 - MountMgr.sys F94EF000 - ftdisk.sys F99AD000 - ACPIEC.sys F9B56000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS F9815000 - PartMgr.sys F95CD000 - VolSnap.sys F99B1000 - cpqarray.sys F94D7000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS F94BF000 - atapi.sys F99B5000 - aha154x.sys F981D000 - sparrow.sys F99B9000 - symc810.sys F95DD000 - aic78xx.sys F99BD000 - dac960nt.sys F95ED000 - ql10wnt.sys F99C1000 - amsint.sys F9825000 - asc.sys F99C5000 - asc3550.sys F982D000 - mraid35x.sys F9835000 - i2omp.sys F99C9000 - ini910u.sys F95FD000 - ql1240.sys F960D000 - aic78u2.sys F983D000 - symc8xx.sys F9845000 - sym_hi.sys F984D000 - sym_u3.sys F9855000 - ABP480N5.SYS F985D000 - asc3350p.sys F9A9D000 - cd20xrnt.sys F961D000 - ultra.sys F94A6000 - adpu160m.sys F9865000 - dpti2o.sys F962D000 - ql1080.sys F963D000 - ql1280.sys F964D000 - ql12160.sys F986D000 - perc2.sys F9A9F000 - perc2hib.sys F9875000 - hpn.sys F99CD000 - cbidf2k.sys F947A000 - dac2w2k.sys F965D000 - disk.sys F966D000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F945A000 - fltMgr.sys F967D000 - PxHelp20.sys F9437000 - Fastfat.sys F9420000 - KSecDD.sys F93F3000 - NDIS.sys F968D000 - sisagp.sys F969D000 - viaagp.sys F93D8000 - Mup.sys F96AD000 - gagp30kx.sys F96BD000 - alim1541.sys F96CD000 - amdagp.sys F96DD000 - agp440.sys F96ED000 - agpCPQ.sys F970D000 - \SystemRoot\system32\DRIVERS\intelppm.sys F9A49000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys F91F2000 - \SystemRoot\system32\DRIVERS\ialmnt5.sys F91DE000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F98C5000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F91BB000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F98CD000 - \SystemRoot\system32\DRIVERS\usbehci.sys F9160000 - \SystemRoot\system32\DRIVERS\bcmwl5.sys F914E000 - \SystemRoot\system32\DRIVERS\Rtlnicxp.sys F8F18000 - \SystemRoot\system32\drivers\ALCXWDM.SYS F8EF4000 - \SystemRoot\system32\drivers\portcls.sys F971D000 - \SystemRoot\system32\drivers\drmk.sys F8ED1000 - \SystemRoot\system32\drivers\ks.sys F8E9E000 - \SystemRoot\system32\DRIVERS\HSFHWICH.sys F8DA0000 - \SystemRoot\system32\DRIVERS\HSF_DP.sys F8CF4000 - \SystemRoot\system32\DRIVERS\HSF_CNXT.sys F98D5000 - \SystemRoot\System32\Drivers\Modem.SYS F9A4D000 - \SystemRoot\system32\DRIVERS\CmBatt.sys F972D000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F98DD000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F8CC4000 - \SystemRoot\system32\DRIVERS\SynTP.sys F9AA3000 - \SystemRoot\system32\DRIVERS\USBD.SYS F98E5000 - \SystemRoot\system32\DRIVERS\mouclass.sys F973D000 - \SystemRoot\system32\DRIVERS\imapi.sys F974D000 - \SystemRoot\system32\DRIVERS\cdrom.sys F975D000 - \SystemRoot\system32\DRIVERS\redbook.sys F9AA5000 - \SystemRoot\system32\DRIVERS\NTIDrvr.sys F98ED000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys F9CA5000 - \SystemRoot\system32\DRIVERS\audstub.sys F976D000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F9A55000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F8C0D000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F977D000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F978D000 - \SystemRoot\system32\DRIVERS\raspptp.sys F98F5000 - \SystemRoot\system32\DRIVERS\TDI.SYS F8BFC000 - \SystemRoot\system32\DRIVERS\psched.sys F979D000 - \SystemRoot\system32\DRIVERS\msgpc.sys F98FD000 - \SystemRoot\system32\DRIVERS\ptilink.sys F9905000 - \SystemRoot\system32\DRIVERS\raspti.sys F97AD000 - \SystemRoot\system32\DRIVERS\termdd.sys F9AA7000 - \SystemRoot\system32\DRIVERS\swenum.sys F8BA3000 - \SystemRoot\system32\DRIVERS\update.sys F9A65000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F97BD000 - \SystemRoot\system32\DRIVERS\zebrceb.sys F9AA9000 - \SystemRoot\system32\DRIVERS\zebrwh.sys F97CD000 - \SystemRoot\System32\Drivers\NDProxy.SYS F97ED000 - \SystemRoot\system32\DRIVERS\usbhub.sys F9AB3000 - \SystemRoot\System32\Drivers\i2omgmt.SYS F9AB5000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F9CD6000 - \SystemRoot\System32\Drivers\Null.SYS F9AB7000 - \SystemRoot\System32\Drivers\Beep.SYS F9CD9000 - \SystemRoot\System32\DRIVERS\AvgArCln.sys F9CDB000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F9925000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F992D000 - \SystemRoot\System32\drivers\vga.sys F9AB9000 - \SystemRoot\System32\Drivers\mnmdd.SYS F9ABB000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F9935000 - \SystemRoot\System32\Drivers\Msfs.SYS F993D000 - \SystemRoot\System32\Drivers\Npfs.SYS F92FC000 - \SystemRoot\system32\DRIVERS\rasacd.sys AAF1F000 - \SystemRoot\system32\DRIVERS\ipsec.sys AAEC7000 - \SystemRoot\system32\DRIVERS\tcpip.sys AAE9F000 - \SystemRoot\system32\DRIVERS\netbt.sys AAE7D000 - \SystemRoot\System32\drivers\afd.sys F97FD000 - \SystemRoot\system32\DRIVERS\netbios.sys F9945000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys AADBC000 - \SystemRoot\system32\DRIVERS\ipnat.sys F93B8000 - \SystemRoot\system32\DRIVERS\wanarp.sys AAD91000 - \SystemRoot\system32\DRIVERS\rdbss.sys AAD22000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F92D3000 - \SystemRoot\System32\Drivers\Hotkey.SYS F93A8000 - \SystemRoot\System32\Drivers\Fips.SYS F9398000 - \SystemRoot\system32\DRIVERS\avipbb.sys F9ABD000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys F9B6D000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys F92BF000 - \SystemRoot\system32\DRIVERS\hidusb.sys F9338000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F994D000 - \SystemRoot\system32\DRIVERS\usbccgp.sys F92BB000 - \SystemRoot\system32\DRIVERS\mouhid.sys F92B7000 - \SystemRoot\system32\DRIVERS\kbdhid.sys F8CB4000 - \SystemRoot\System32\Drivers\Cdfs.SYS AACE2000 - \SystemRoot\System32\Drivers\dump_atapi.sys F9ABF000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F8B8B000 - \SystemRoot\System32\drivers\Dxapi.sys F9955000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F9BB2000 - \SystemRoot\System32\drivers\dxgthk.sys BF9E3000 - \SystemRoot\System32\ialmdnt5.dll BF9D5000 - \SystemRoot\System32\ialmrnt5.dll BFA02000 - \SystemRoot\System32\ialmdev5.DLL BFA2E000 - \SystemRoot\System32\ialmdd5.DLL AAB96000 - \SystemRoot\system32\DRIVERS\ndisuio.sys AA845000 - \SystemRoot\system32\drivers\wdmaud.sys AAAD2000 - \SystemRoot\system32\drivers\sysaudio.sys AA56F000 - \SystemRoot\system32\DRIVERS\mrxdav.sys AA50C000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys F9CB9000 - \??\C:\WINDOWS\system32\drivers\epm-psd.sys AA430000 - \??\C:\WINDOWS\system32\drivers\epm-shd.sys AA41F000 - \??\C:\Program Files\Acer\eRecovery\int15.sys AA527000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys AAC92000 - \??\C:\WINDOWS\system32\drivers\osaio.sys F9BEF000 - \??\C:\WINDOWS\system32\drivers\osanbm.sys AA2B5000 - \SystemRoot\system32\DRIVERS\srv.sys A9FCC000 - \SystemRoot\System32\Drivers\HTTP.sys BFFA0000 - \SystemRoot\System32\ATMFD.DLL F9ACD000 - \SystemRoot\System32\Drivers\hiber_WMILIB.SYS A9BBB000 - \SystemRoot\system32\drivers\kmixer.sys F9BBE000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 186 Liste des programmes installes Acer eManager for Notebook Acer eManager for Notebook Acer ePowerManagement Acer GridVista Adobe Flash Player ActiveX Adobe Reader 6.0 - Français Adobe Shockwave Player Apple Mobile Device Support Apple Software Update Arcade 3.0 Assistant de connexion Windows Live AutoUpdate AVG Anti-Rootkit Free AVG Anti-Spyware 7.5 Avira AntiVir PersonalEdition Classic AviSynth 2.5 Bonjour CopyTrans Suite Remove Only DivX Codec DivX Converter DivX Player eMule Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français) Gestionnaire de contacts professionnels pour Outlook 2007 SP1 Gestionnaire de contacts professionnels pour Outlook 2007 SP1 HijackThis 2.0.2 Intel® Graphics Media Accelerator Driver for Mobile iTunes Java 6 Update 5 jv16 PowerTools 1.3 Launch Manager V1.0.8.8 Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office Access MUI (French) 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office Outlook MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office Professional 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Publisher MUI (French) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Small Business Connectivity Components Microsoft Office Word MUI (French) 2007 Microsoft Software Update for Web Folders (French) 12 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) Microsoft SQL Server Native Client Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Redistributable Microsoft Works MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) NTI Backup NOW! 4 NTI Backup NOW! 4 NTI CD & DVD-Maker NTI CD & DVD-Maker Gold Parler l'Arabe dialectal en 21 jours PC Suite for Sony Ericsson PC Suite for Sony Ericsson PowerProducer QuickTime RealPlayer Realtek AC'97 Audio Security Update for Excel 2007 (KB946974) Security Update for Office 2007 (KB947801) Security Update for Outlook 2007 (KB946983) SoftV90 Data Fax Modem with SmartCP Sony Ericsson Symbian 9 Drivers Spybot - Search & Destroy Synaptics Pointing Device Driver Uniblue RegistryBooster 2 Update for Outlook 2007 Junk Email Filter (kb947945) Version d'évaluation de Microsoft Office Professional 2007 Videora iPod Converter 3.07 WebFldrs XP Windows Live installer Windows Live Messenger WinRAR archiver Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 1B71-12F5 Répertoire de C:\Program Files 15/10/2004 11:52 <REP> . 15/10/2004 11:52 <REP> .. 20/02/2008 19:58 <REP> acer 06/07/2005 20:04 <REP> Acer Inc 06/07/2005 20:03 <REP> Adobe 20/02/2008 22:45 <REP> Apple Software Update 20/02/2008 19:56 <REP> Arcade 01/04/2008 18:54 <REP> Avira 20/02/2008 21:30 <REP> AviSynth 2.5 20/02/2008 22:46 <REP> Bonjour 15/10/2004 11:58 <REP> ComPlus Applications 06/07/2005 19:59 <REP> CONEXANT 06/07/2005 20:03 <REP> CyberLink 20/02/2008 21:28 <REP> DivX 22/02/2008 18:10 <REP> eMule 15/10/2004 11:52 <REP> Fichiers communs 01/04/2008 21:42 <REP> GRISOFT 06/07/2005 19:51 <REP> Intel 15/10/2004 11:58 <REP> Internet Explorer 30/03/2008 16:00 <REP> Intuwave 20/02/2008 22:46 <REP> iPod 20/02/2008 22:46 <REP> iTunes 30/03/2008 11:55 <REP> Java 02/04/2008 18:56 <REP> jv16 PowerTools 20/02/2008 19:58 <REP> Launch Manager 15/10/2004 11:57 <REP> Messenger 15/10/2004 12:01 <REP> microsoft frontpage 20/02/2008 20:18 <REP> Microsoft Office 21/02/2008 23:36 <REP> Microsoft Small Business 21/02/2008 23:30 <REP> Microsoft SQL Server 21/02/2008 23:21 <REP> Microsoft Visual Studio 20/02/2008 20:18 <REP> Microsoft Works 21/02/2008 23:20 <REP> Microsoft.NET 15/10/2004 11:58 <REP> Movie Maker 15/10/2004 11:57 <REP> MSN 15/10/2004 11:57 <REP> MSN Gaming Zone 24/02/2008 03:01 <REP> MSXML 4.0 24/02/2008 03:01 <REP> MSXML 6.0 15/10/2004 11:58 <REP> NetMeeting 06/07/2005 20:01 <REP> NewTech Infosystems 29/03/2008 17:51 <REP> Nova Intelligence 15/10/2004 11:57 <REP> Online Services 15/10/2004 11:58 <REP> Outlook Express 20/02/2008 22:45 <REP> QuickTime 20/02/2008 21:53 <REP> Real 20/02/2008 21:30 <REP> Red Kawa 15/10/2004 11:59 <REP> Services en ligne 30/03/2008 15:59 <REP> Sony Ericsson 02/04/2008 19:18 <REP> Spybot - Search & Destroy 30/03/2008 16:00 <REP> Symbian 06/07/2005 19:58 <REP> Synaptics 30/03/2008 11:38 <REP> Uniblue 01/03/2008 11:05 <REP> WebSite X5 Evolution 25/02/2008 19:12 <REP> Windows Live 15/10/2004 11:57 <REP> Windows Media Player 15/10/2004 11:57 <REP> Windows NT 21/02/2008 05:33 <REP> WindSolutions 26/02/2008 21:44 <REP> WinRAR 15/10/2004 12:01 <REP> xerox 0 fichier(s) 0 octets 59 Rép(s) 10 102 013 952 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 1B71-12F5 Répertoire de C:\Program Files\fichiers communs 15/10/2004 11:52 <REP> . 15/10/2004 11:52 <REP> .. 15/10/2004 11:52 <REP> Microsoft Shared 15/10/2004 11:52 <REP> SpeechEngines 15/10/2004 11:52 <REP> ODBC 15/10/2004 11:58 <REP> System 15/10/2004 11:58 <REP> MSSoap 15/10/2004 11:58 <REP> Services 06/07/2005 19:50 <REP> InstallShield 06/07/2005 20:01 <REP> NewTech Infosystems 06/07/2005 20:02 <REP> muvee Technologies 20/02/2008 21:53 <REP> Real 20/02/2008 21:54 <REP> xing shared 20/02/2008 22:44 <REP> Apple 21/02/2008 23:21 <REP> DESIGNER 24/02/2008 11:34 <REP> Adobe 30/03/2008 11:53 <REP> Java 30/03/2008 15:59 <REP> Teleca Shared 30/03/2008 15:59 <REP> Sony Ericsson Shared 0 fichier(s) 0 octets 19 Rép(s) 10 102 013 952 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 1B71-12F5 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 15/10/2004 12:05 <REP> . 15/10/2004 12:05 <REP> .. 07/03/2001 07:00 127 033 MSOWS40c.DLL 03/06/1999 12:09 122 937 MSOWS409.DLL 21/02/2008 23:16 <REP> 1036 26/10/2006 19:49 970 528 MSONSEXT.DLL 26/10/2006 20:12 40 256 MSOSV.DLL 4 fichier(s) 1 260 754 octets 3 Rép(s) 10 102 013 952 octets libres c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.0.29\iTunesSetupAdmin.exe c:\Documents and Settings\lydia\Local Settings\Temp\ICD1.tmp\jinstall.exe c:\Documents and Settings\lydia\Local Settings\Temp\{E1252473-6306-4d5d-904D-B06AA7F38161}\PCSuite.exe c:\Documents and Settings\lydia\Local Settings\Temp\{E1252473-6306-4d5d-904D-B06AA7F38161}\PCSuitex64.exe c:\Documents and Settings\lydia\Local Settings\Temp\{E1252473-6306-4d5d-904D-B06AA7F38161}\Setup.exe c:\Documents and Settings\lydia\Local Settings\Temp\AJSJAFHIMFGR\xdadev_all_unlock-v1.0.exe c:\Documents and Settings\lydia\Local Settings\Temp\V6ETFJLK6AQU\xdadev_all_unlock-v1.0.exe c:\Documents and Settings\lydia\Local Settings\Temp\RarSFX0\basic\setup.exe c:\Documents and Settings\lydia\Local Settings\Temp\RarSFX0\basic\update.exe c:\Documents and Settings\lydia\Local Settings\Temp\RarSFX0\basic\wsctool.exe c:\Documents and Settings\lydia\Local Settings\Temporary Internet Files\Content.IE5\0JK3MN6P\jv16pt_setup1.3.0.195[1].exe c:\Documents and Settings\lydia\Local Settings\Temporary Internet Files\Content.IE5\K7XKHLR4\HiJackThis[1].exe c:\Documents and Settings\lydia\Local Settings\Temporary Internet Files\Content.IE5\SHA3GLYJ\avgas-setup-7.5.1.43-3339[1].exe c:\Documents and Settings\lydia\Local Settings\Temporary Internet Files\Content.IE5\4PU785EZ\spybotsd152[1].exe c:\Documents and Settings\lydia\Local Settings\Temporary Internet Files\Content.IE5\OLUN4T2F\antivir_workstation_win7u_en_h[1].exe c:\Documents and Settings\lydia\Local Settings\Temporary Internet Files\Content.IE5\OLUN4T2F\avgarkt-setup-1.1.0.42[1].exe c:\Documents and Settings\lydia\Bureau\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\lydia\Bureau\avgarkt-setup-1.1.0.42.exe c:\Documents and Settings\lydia\Bureau\avgas-setup-7.5.1.43-3339.exe c:\Documents and Settings\lydia\Bureau\jv16pt_setup1.3.0.195.exe c:\Documents and Settings\lydia\Bureau\spybotsd152.exe c:\Documents and Settings\lydia\Bureau\MSNFix\incl\catchme.exe c:\Documents and Settings\lydia\Bureau\MSNFix\incl\MD5File.exe c:\Documents and Settings\lydia\Bureau\MSNFix\incl\Process.exe c:\Documents and Settings\lydia\Bureau\MSNFix\incl\setpath.exe c:\Documents and Settings\lydia\Bureau\MSNFix\incl\swreg.exe c:\Documents and Settings\lydia\Bureau\MSNFix\incl\zip.exe c:\Documents and Settings\lydia\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\lydia\Bureau\DiagHelp\diff.exe c:\Documents and Settings\lydia\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\lydia\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\lydia\Bureau\DiagHelp\find2.exe c:\Documents and Settings\lydia\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\lydia\Bureau\DiagHelp\grep.exe c:\Documents and Settings\lydia\Bureau\DiagHelp\gzip.exe c:\Documents and Settings\lydia\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\lydia\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\lydia\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\lydia\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\lydia\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\lydia\Bureau\DiagHelp\sigcheck.exe c:\Documents and Settings\lydia\Bureau\DiagHelp\streams.exe c:\Documents and Settings\lydia\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\lydia\Bureau\DiagHelp\tar.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\lydia\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_ACER-D18848DB56.tar.gz a l'adresse http://upload.malekal.com -
Iexplore.exe et UC = pas bon ménage !!!! UC 100%
lydia8393 a répondu à un(e) sujet de lydia8393 dans Analyses et éradication malwares
Re bonjour, pour commencer voila mon HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:13:57, on 05/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\karcher\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.mediapluspro.com/mediaplus66/Download/msrdp.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 6139 bytes J'ai executé les commandes précitées.... C'est Iexplore.exe meme si de temps a autre EXPLORER.exe bouffe plus de porcess qu'il ne le devrait Mais la veritablement c'est Iexplore.exe Je pense pas que sur le HJT il y'a qque chose ou alors ç'est passé comme une lettre a la poste pour moi!!!! Merci a toi par avance A pluche -
Iexplore.exe et UC = pas bon ménage !!!! UC 100%
lydia8393 a posté un sujet dans Analyses et éradication malwares
Bonjour tout le monde !!! Bon je poste sans réelle conviction, mais il arrive un moment où avec toute la bonne volonté du monde il faut admettre QUE JE NE SAIS PAS Evidemment j'ai déjà fait le tour de forum, j'ai plus que nettoyé ce qui me sert d'ordinateur... Hijackthis Antivir (boot normal et sans echec) Spybot Search and destroy Secuser Msnfix AVG rootkit et toute la clik Jv16 powertool RegistryBooster Supression d'une clé du registre qui n'avait rien a faire là, manuellement Et qques autres scans en ligne Bon ok, il est propre lol maintenant mais iexplore.exe a faim et consomme plus qu'il ne le devrait J'avais en image mais je n'arrive aps à l'insérer bref bref pas grave Iexplore me prend 100% de l'UC J'ai en mon sens tout essayé et mon hijack et bon me semble t-il (a voir) Bon si ame charitable dans le coin moi très en galère quand même lol A plus