Aller au contenu

stef44

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    69

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par stef44

  1. stef44
    Ci-joint un rapport HiJack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:43:10, on 18/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\COMODO\SafeSurf\cssurf.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Démarrage\EPM-DM.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: EPM-DM.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe -- End of file - 7794 bytes
  2. stef44
    Salut Apollo.01, Ayant repris le boulot aujourd'hui, je ne me connecte qu'en soirée. En démarrant mon PC, pas de nouveaux messages "Trojan" du type précédent. Penses-tu qu'on arrive au terme du déverminage du PC? A bientôt
  3. stef44
    Apollo.01, je dois me déconnecter. A demain soir pour la suite. Bonne soirée
  4. stef44
    Ci-joint le rapport ToolBar : -----------\\ ToolBar S&D 1.0.9 XP/Vista [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : PAUCHET ] [ "C:\Toolbar SD" ] [ Selection : 2 ] [ 17/08/2008 | 20:14:54,01 ] [ PC : ACER-BBF60584A3 ] [ MAJ : 13-08-2008 | 14:08 ] -----------\\ SUPPRESSION Supprime! - C:\Program Files\AskSBar\bar Supprime! - C:\Program Files\AskSBar -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch" "Start Page"="http://www.aliceadsl.fr/" "First Home Page"="http://www.aliceadsl.fr" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch" "Local Page"="C:\\windows\\system32\\blank.htm" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch" "Search Page"="http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch" "Start Page"="http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home" "Local Page"="C:\\windows\\system32\\blank.htm" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! -----------\\ Fin du rapport a 20:16:40,56 ------------------------------------------------------------------------------------------------------------------------ Suivi du rapport HiJack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:38:37, on 17/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\COMODO\SafeSurf\cssurf.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Démarrage\EPM-DM.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\cmd.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: EPM-DM.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe -- End of file - 7845 bytes
  5. stef44
    Salut, J'ai désactivé les services comme demandé. Ci-joint le rapport MoveIt : C:\WINDOWS\system32\grmhkjyf.exe moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08172008_195558 PS : lors de cette manip, COMODO m'a demandé d'autoriser ou non l'accés au fichier par Explorer ce que j'ai accepter. Enfin, voici le rapport HiJack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:56:27, on 17/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\COMODO\SafeSurf\cssurf.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Démarrage\EPM-DM.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\PAUCHET\Bureau\OTMoveIt2.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: EPM-DM.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe -- End of file - 8040 bytes
  6. stef44
    Voilà le BB Code (c'est super ce truc), on en apprend tous les jours A+ J'ai parfois d'autres Trojans (quand je les ai je poste)
  7. stef44
    Comment tu fais pour insérer une image ou un fichier car j'ai des captures d'écran que j'ai mis en doc Openoffice mais jesais pas comment t'envoyer cela???
  8. stef44
    Salut Apollo.01, Donc mon PC est désormais en meilleure forme mais comme je te le disais avant hier, toujours des fenêtres intempestives qui apparaissent avec des message d'alertes : Trojan. J'ai repassé MBAM hier mais rien n'y fait. A bientôt
  9. stef44
    Salut, J'ai essayé mais quand je fais édite, je ne peux pas insérer "résolu" dans le titre??? Comment fait-on?
  10. stef44
    Salut à toi, Je viens de tester la manip et ça marche (astuce à retenir!!!). Merci beaucoup et bon dimanche
  11. stef44
    Salut, C'est ce que j'ai fait mais ça ne marche pas????
  12. stef44
    Bon et bien ça ne marche pas car je viens de refermer les fenêtres et c'est revenu en petit?????? N'y comprend rien
  13. stef44
    Bon et bien en essayant un tas de manip j'ai enfin réussi à résoudre mon problème. Je vous explique si ça peut aider: 1-Double-clic sur mon icône Internet (évidemment la fenêtre s'ouvrait en petit) 2-J'ai appuyé sur F11 et c'est passé en plein écran 3-je suis revenu en mode normal pleine page et maintenant c'est OK Voilà A+ Problème résolu
  14. stef44
    Et voilà COMODO est désormais installé sur le PC. Un nouveau Trojan??? : Trojan-Clicker.Win32.Tiny.h A bientôt
  15. stef44
    Petit correctif au message précédent. Je viens de retenter la désinstallation de Spyware Terminator et ça a abouti....redémarrage du PC, ça m'a l'air nickel de ce côté. Je regarde pour installer COMODO. A+
  16. stef44
    Bonjour, Alors je viens de faire les manips suivantes : OTMoveIT2 qui donne le rapport : C:\WINDOWS\system32\YcLkSvut.ini moved successfully. C:\WINDOWS\system32\YcLkSvut.ini2 moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08162008_091704 -------------------------------------------------------------------------- Un HiJack qui donne ce résultat : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:17:51, on 16/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\grmhkjyf.exe C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Démarrage\EPM-DM.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Spyware Terminator\SpywareTerminator.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Spyware Terminator\SpywareTerminator.exe C:\Documents and Settings\PAUCHET\Bureau\OTMoveIt2.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MntChkSys] C:\WINDOWS\system32\grmhkjyf.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: EPM-DM.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe -- End of file - 7546 bytes ----------------------------------------------------------------------------------------------------------- Enfin, j'ai tenté de désintaller Spyware Terminator et ça ne marche pas (en gros, la désinstallation débute et n'arrive pas à son terme. J'ai du arrêter le processus en cours.)????? A bientôt PS: lorsque la désinstallation de Spyware sera propre, j'installerai COMODO comme tu me l'as conseillé
  17. stef44
    Très bien, je dois me déconnecter donc je ferai cela demain matin. Bonne soirée et à demain pour la suite.... A+ et encore merci
  18. stef44
    Ci-joint le rapport MBAM mis à jour : Malwarebytes' Anti-Malware 1.24 Version de la base de données: 1054 Windows 5.1.2600 Service Pack 2 20:16:45 15/08/2008 mbam-log-8-15-2008 (20-16-45).txt Type de recherche: Examen rapide Eléments examinés: 42712 Temps écoulé: 4 minute(s), 32 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 7 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\etmyjchl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  19. stef44
    Ci-joint le rapport ToolBar (avec Option 2) -----------\\ ToolBar S&D 1.0.9 XP/Vista [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : PAUCHET ] [ "C:\Toolbar SD" ] [ Selection : 2 ] [ 15/08/2008 | 20:03:37,99 ] [ PC : ACER-BBF60584A3 ] [ MAJ : 13-08-2008 | 14:08 ] -----------\\ SUPPRESSION Supprime! - C:\WINDOWS\iun6002.exe -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch" "Start Page"="http://www.aliceadsl.fr/" "First Home Page"="http://www.aliceadsl.fr" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch" "Local Page"="C:\\windows\\system32\\blank.htm" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch" "Search Page"="http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch" "Start Page"="http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home" "Local Page"="C:\\windows\\system32\\blank.htm" --------------------\\ Recherche d'autres infections C:\WINDOWS\system32\YcLkSvut.ini C:\WINDOWS\system32\YcLkSvut.ini2 ==> VUNDO <== -----------\\ Fin du rapport a 20:04:19,37 ------------------------------------------------------------------------------------------------------------- Le rapport HiJack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:07:06, on 15/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\SPAMfighter\sfus.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\grmhkjyf.exe C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Démarrage\EPM-DM.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MntChkSys] C:\WINDOWS\system32\grmhkjyf.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: EPM-DM.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 7712 bytes Je relance de suite MBAM
  20. stef44
    Ci-joint le rapport de ToolBar : -----------\\ ToolBar S&D 1.0.9 XP/Vista [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : PAUCHET ] [ "C:\Toolbar SD" ] [ Selection : 1 ] [ 15/08/2008 | 19:25:36,66 ] [ PC : ACER-BBF60584A3 ] [ MAJ : 13-08-2008 | 14:08 ] -----------\\ Recherche de Fichiers / Dossiers ... C:\WINDOWS\iun6002.exe -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch" "Start Page"="http://www.aliceadsl.fr/" "First Home Page"="http://www.aliceadsl.fr" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch" "Local Page"="C:\\windows\\system32\\blank.htm" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch" "Search Page"="http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch" "Start Page"="http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home" "Local Page"="C:\\windows\\system32\\blank.htm" --------------------\\ Recherche d'autres infections C:\WINDOWS\system32\YcLkSvut.ini C:\WINDOWS\system32\YcLkSvut.ini2 ==> VUNDO <== -----------\\ Fin du rapport a 19:26:27,18 --------------------------------------------------------------------------------------------------------------- Sinon, j'ai toujours dans le menu démarrer un fichier Antivirus XP 2008, peut-on le supprimer d'un clic droit sans danger?
  21. stef44
    Alors, je t'envoie le rapport HiJack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:10:10, on 15/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\SPAMfighter\sfus.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\grmhkjyf.exe C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Démarrage\EPM-DM.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MntChkSys] C:\WINDOWS\system32\grmhkjyf.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: EPM-DM.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 7754 bytes --------------------------------------------------------------------------------------------------------------- Je t'envoie le rapport d'ANTIVIR que j'ai repassé cet après-midi en mode sans echec. Avira AntiVir Personal Report file date: vendredi 15 août 2008 14:59 Scanning for 1554916 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: PAUCHET Computer name: ACER-BBF60584A3 Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16 ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 14/08/2008 12:07:30 ANTIVIR3.VDF : 7.0.6.20 56832 Bytes 15/08/2008 12:06:52 Engineversion : 8.1.1.19 AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:52 AESCRIPT.DLL : 8.1.0.63 311673 Bytes 14/08/2008 12:07:48 AESCN.DLL : 8.1.0.23 119156 Bytes 14/08/2008 12:07:46 AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:52 AEPACK.DLL : 8.1.2.1 364917 Bytes 14/08/2008 12:07:44 AEOFFICE.DLL : 8.1.0.21 192891 Bytes 14/08/2008 12:07:42 AEHEUR.DLL : 8.1.0.47 1368437 Bytes 14/08/2008 12:07:38 AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:52 AEGEN.DLL : 8.1.0.35 315764 Bytes 14/08/2008 12:07:34 AEEMU.DLL : 8.1.0.7 430452 Bytes 14/08/2008 12:07:32 AECORE.DLL : 8.1.1.8 172406 Bytes 14/08/2008 12:07:32 AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02 AVREP.DLL : 8.0.0.2 98344 Bytes 14/08/2008 12:07:32 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: repair Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: vendredi 15 août 2008 14:59 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '60' files ). Starting the file scan: Begin scan in 'C:\' <ACER> C:\pagefile.sys [WARNING] The file could not be opened! C:\Backups\backups.zip [0] Archive type: ZIP --> backups/ddcCRJdB.dll [DETECTION] Is the TR/Inject.34688 Trojan [NOTE] A backup was created as '490887ae.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] The driver could not be initialized. End of the scan: vendredi 15 août 2008 15:40 Used time: 41:28 Minute(s) The scan has been done completely. 4845 Scanning directories 321235 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 321233 Files not concerned 7178 Archives were scanned 1 Warnings 1 Notes
  22. stef44
    Spyware blaster est installé. On regardera ensemble les résultats obtenus. A+ et encore merci de l'aide. PS : que faut-il faire pour ne plus avoir ce genre de soucis? Est-ce que ma config sécurité est correcte? On en rediscute
  23. stef44
    Je t'envoie le rapport Ewido. Est-ce que je fais : "Remove Infections"??? __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Webtrendslive Path: C:\Documents and Settings\PAUCHET\Cookies\pauchet@statse.webtrendslive[2].txt Risk: Medium Name: TrackingCookie.Netflame Path: C:\Documents and Settings\PAUCHET\Cookies\pauchet@ssl-hints.netflame[1].txt Risk: Medium Name: TrackingCookie.Mediaplex Path: C:\Documents and Settings\PAUCHET\Cookies\pauchet@mediaplex[2].txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: C:\Documents and Settings\PAUCHET\Cookies\pauchet@tradedoubler[1].txt Risk: Medium Name: TrackingCookie.Bluestreak Path: C:\Documents and Settings\PAUCHET\Cookies\pauchet@bluestreak[1].txt Risk: Medium Name: TrackingCookie.Adviva Path: C:\Documents and Settings\PAUCHET\Cookies\pauchet@adviva[1].txt Risk: Medium Name: TrackingCookie.Smartadserver Path: C:\Documents and Settings\PAUCHET\Cookies\pauchet@smartadserver[2].txt Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{01295AD0-0541-D9B9-7631-E16A07785229} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{01B8230F-FFA5-630F-4267-7F2880D80B57} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{01E9ECB4-091B-FBA9-07B7-64920B906A95} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{01EBCE5B-9CE3-6F54-707D-17AF4A43EA22} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{041AC22B-52A7-3508-2D9E-69DB4FB03651} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{04253698-01F7-A6BE-9E31-AEAA3D1A199F} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{04D30BC2-BAAC-DF6B-6F8B-0149E0564B1D} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{0601199D-BBFC-C41A-BEDC-81B78A121204} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{0631CBDA-7F99-C68B-C89A-E8A19DA73BEE} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{064CBB14-4C98-249C-A038-1AE69061C429} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{0652BFB3-DCA0-6EB5-0121-05A3DF7367B8} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{08ED8235-5146-94D7-E14B-3DDAB1195769} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{0A8EC764-DFC9-33AC-16CE-09308452FB81} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{0ABCE593-A2F9-DA6D-2B6D-D92E2B05E875} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{0B6EFE0D-64AA-7FA2-6992-0885435054BC} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{0C083DF5-8F6D-7968-49B1-4A8A4B88DF80} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{0D77B60B-F9B8-DEB6-F8BC-A4507B4AA22E} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{0E0566F7-EA1D-1C67-9F75-7DAC95434628} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{0E29A8C5-D792-7DD5-C229-80B7E66CC8F3} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{1112C8A4-C38B-560F-2D0C-2C483C5E6632} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{115E5C08-B81B-0D79-CD2A-7B758D540646} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{16A9AC51-3EDE-D225-D2B3-4F97BAC686BE} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{17058D24-A6E3-70C1-C3BC-4EE04D3C4450} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{182318D0-C69A-F785-8040-72D18DFA96ED} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{18C9B52B-7151-9593-8427-72C86515DCDE} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{1B2C0AC3-7397-905A-0683-8D7905403BE2} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{1C2ED5E2-6A65-CC6A-B77B-7397AB504B36} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{1D4E5235-1EF4-B7D9-EDD4-4AA53BC21C41} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{1DF6D3F4-44B6-2AC3-E645-529E69A81F9B} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{1E6232D0-6D88-B285-E180-CDD5A3EB81A2} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{1EA09D44-BC0C-4DA7-E873-8E178B1DD0FC} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{1EB85513-475B-B2B3-4D4B-195A1B05B83D} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{213FF3C4-933A-5728-4344-750F1EBB3DD5} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{234A8705-01DC-6805-8CAD-BE057D485E34} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{262B7B86-55DB-32CD-522E-D1E8CDEC3BFE} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{263394B0-C7E7-CC16-B1E7-93173A6A15E3} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{2761A38B-D828-B1C6-1039-1395C426EDDA} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{29D85F04-92C0-EE38-6B32-B7DFD60147B3} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{2BC7E3AF-FBCF-4CC1-07CD-6182AEAA1604} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{2E0AC7E0-5378-CF4B-88BD-FA2D630DD4B4} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{2EE72B4F-E40E-EFB8-15AA-4EB5AE709679} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{319F29F9-90F7-A925-38EF-CE40F8C5F1A2} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{338E9F9A-BBF9-233A-33C3-E48A66C94FFA} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{33AC2EFD-E2CC-A763-26F4-E66BD8536E46} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{33BB5A1B-CCE5-35FE-1AE8-D4D6F732FF51} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{345995C4-DBF9-600A-289D-A987369B5A49} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{3739B70B-C6B3-2B4B-5988-766BCAC45148} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{37E0589F-FCBA-2846-8D7A-5BCF4B64B27D} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{395654E0-C152-DEFC-F1D5-D4ED74FC94EC} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{3ADF6E21-B4FD-8BC8-10C3-A9846D3FEC69} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{3B52E062-F3A3-4E2D-D861-A98A3A0B1C43} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{3C0913DE-89DD-4011-0211-22F004EDD913} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{3C109D3C-5E7C-A8E2-4F7B-26233B51E560} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{3C69B1A3-D6E3-9B58-A742-1A46F3BDB7CE} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{3C75DEE8-A676-3365-4261-DF9B64D79D7D} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{3D1AD061-40D8-E38E-B4FD-4F8F2318DFA6} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{3F0C0E36-B7A0-F820-BDAD-315DA707E931} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{3F56B013-2968-2BEF-D3F5-EE7CB8690AC7} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{40959590-5A08-A012-E5CC-72E14627D513} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{41A1C99D-6518-E377-31A3-89E5DBCEC51A} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{42838CC5-D8C6-AF50-B4D5-7388D4CA453D} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{48785F27-22B3-8233-44D2-64CF0F0060B0} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{4A7341EB-80CF-9F8F-8388-6D50AD0366BF} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{4B1013E8-F567-66FB-F819-618EA93458EB} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{4B32A432-7AED-32E2-A1C8-FB0690AC63E5} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{4CB8455B-D319-EAD4-A22C-23122C3C402C} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{4F6F8D33-2FB2-9856-EA3F-7FBF992C18DB} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{5395C6CC-9119-AA2E-B008-2D31A543B883} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{5430DF94-AADA-D5FD-27DD-64CB9A8ADD6B} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{544E4536-F6CF-3AEA-758C-3229D8263B6D} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{5461BE13-F536-594F-118B-41BE2C201324} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{5516BFA5-EE96-EDEC-25BE-662B5516C656} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{55E6CF7B-F013-B32D-B116-5147DD5BB2CC} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{55E7FCAD-77C1-35FF-8206-D7405C6CDFAB} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{5716C412-B404-8989-3200-4852F824E145} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{57F5806A-D566-E625-50E5-FD4EE683E283} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{5B7DE21D-FBE0-0AC4-DD7A-213F484A72CC} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{5C19DA3A-627A-8F16-BA65-30D8566CB9E4} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{5C41C75B-55C5-6EDF-8B82-2597FA2645FC} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{5C74F9CB-19A6-7A1A-EAF6-EB84A7061D05} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{5E4E1773-7458-FB32-AAE9-BEAAFC2D8176} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{5E5F229C-2E5B-6254-3DB0-D093F1EF2591} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{5E72C199-10C3-4FA1-4319-EA9347DA5234} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{5F536490-B339-D031-1643-3DD3B48171F4} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{5FDE86BE-CDD8-F674-36B1-B4FB01197E45} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{5FF7BB31-38C8-9368-5FEE-A72B4BCC8B6A} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{61704EFB-2CB9-E208-6F53-085E40335F62} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{62102B28-94CB-A18B-E70C-66A3E95D102B} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{6279117F-EA7F-BEE3-52DD-22B0427914A6} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{63E988EA-B1A2-6EB4-88EE-55949C150872} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{64B26103-2B1C-551B-4BBE-4C0B592B4757} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{66BC6227-B851-2929-8008-EE055DC63DBF} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{66EE128A-8BD5-D9B4-DA5E-1D069FD3D9C3} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{677F1711-9252-F24B-4D54-8BE119CD9837} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{6878846C-CCE5-9006-4861-46318B08A482} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{68C2CE66-ADD5-76DE-BBEB-00660711521C} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{699F0284-5E43-7CF2-9AD1-BC8BD54FA38C} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{6A3BB01D-5411-3AF3-1EF2-EC21C6B41EAD} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{6BCEEAE9-8B76-D07C-3ADB-2D9E7207B627} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{6C99280C-4B42-597B-BF9C-421EE5B510FF} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{6D1DEAEB-94B4-8C6D-EA70-4785C21F6B00} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{6D7B7ADF-8A26-1C93-9535-624C98761D56} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{6E3BDCC0-A228-DCB8-7E88-ECF18F0D9B1C} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{73374308-91E6-5E66-411F-8EDBA399652C} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{7350B9D3-B9DA-2054-675C-9E8EE4DF6C68} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{758B8260-DD76-8F51-CEA0-C67AC2D3C2A7} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{77FF5088-696E-88B9-03A1-6E18E7F00941} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{79070860-7C41-91F7-846B-070A0E3A7557} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{791AD8C2-8309-DD29-AC2E-E41973BCE57F} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{7A988D06-D68D-D011-5F0D-3C5AC44C5927} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{7AEF1698-E8CD-4535-C196-EAEADE211A17} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{7B5A24EE-1A07-53AB-EB60-EB908C88E935} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{7D7BDD75-09F7-38A1-B042-EBCE7DE10C0C} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{7E41E0F3-FA9A-2D8F-5F4A-6520AEDE0C0A} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{80127E37-4EFD-E63C-C706-18F6F66CDC8D} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{805B5372-5E8D-06EA-8F76-4E177E2F0426} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{823507E9-FEB6-B4CA-3BCA-3BA2CBA8F265} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{8605DD85-F59A-52E3-F58B-16AA20655C12} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{86A0C09D-1B74-868D-C89A-093479621C99} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{87BB8735-D059-E026-8627-CD8DC71E9026} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{8853708A-2E5C-80FC-1A5C-B410077C3BE1} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{8A1604C9-6452-C6CF-EB6E-EE8BCB7A02FC} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{8A74F6B2-6F75-88F4-4D28-2B4D81644795} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{8BB3F15E-9316-BB1E-C959-BB1C121477CD} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{8C10B61E-7F00-9FA3-7704-7184F040346C} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{8C5AD1C6-CA25-D27C-6D0E-FF3D0E2E6CB4} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{8DEE5D28-E711-F233-5B58-9B1C455D9817} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{92935E29-CDC5-7406-9FD4-6550E38F847C} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{929FA593-D009-3CA4-BE39-513D1CAF56A8} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{92AC7E5F-3173-8A75-58D3-BD25BA8C6509} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{92B4EC00-3D12-0B7D-97DD-8C5627D9E0B4} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{932D21BB-436A-AA18-7EFE-9D87C425742E} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{93771500-A008-AE59-D8F5-7711A68C2CC0} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{939A9348-B14A-F197-B3DD-C6A5ABCDEA89} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{939C3BB0-A463-713D-07C5-9DB1C8D60D81} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{94E2EE2C-7353-1954-E7DE-C8D3E86E1509} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{95AF234B-24B1-1F78-C5C4-74F8C68C766A} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{9706102C-EA3F-0E5D-538B-45BDAA6D5960} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{97D855EA-1734-8802-A3F4-6568F257371E} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{988C7124-18A2-C7FB-651E-534040091DFA} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{9B3F0CB4-2255-5C21-D453-28516A995A1D} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{9B48F7C2-2C8A-22B4-94A4-3C8E868F9B5C} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{9CC8F542-1A40-D18B-FB14-9CD9B4908857} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{9D736A07-0685-258B-4345-87704D260FE9} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{9E40464B-CE86-2A95-419A-510B0FC95988} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{9E6831BF-99D6-C366-55D9-783927C20928} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{A0FB1009-1512-1A53-D771-7DCBA65FFA9A} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{A210CF3C-69C2-538D-976F-C3713E72D7DE} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{A39786E1-B3F2-5AA0-9792-D30FF78E0B7B} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{A3DBF987-3149-B4CE-378C-729E03F10374} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{A5117457-AAF1-74FA-4BED-9A5B24D57745} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{A733C711-3E32-9E03-FC91-8987286C8BE5} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{A963E875-BD23-4A38-7CEC-B5840D7C5CF0} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{A989CF03-97C5-2ED8-BCEB-B1BB49B32314} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{AADFB291-907E-B543-8BB5-06575F4D4539} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{AD011519-F230-6BBE-3A20-A0ABE15211BC} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{AD01EC40-33AC-5AE8-5930-E89ABACA2397} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{AD2C079F-424D-D779-A505-4258757A985F} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{AD979EF0-4E2D-0151-5E87-CC0ABDB1DFA2} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{ADF8A017-24E2-9B52-4DF3-46D32D833008} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{AE558981-30C2-5B90-211C-F4B4038DD313} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{AF2504CE-9FD2-4BFE-D073-D844B4100716} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{AF2EB4D4-A0C1-3ADB-30D6-6AA430E5C447} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{B04ECF18-A7FE-A8BD-02D3-D4A77E6732EF} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{B04EE120-83B9-B26D-500D-49A7F8C6CB92} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{B063BC09-3AC4-3E4E-F159-D6A0C2BEB593} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{B0FD6320-27E9-F236-D46C-1DBD5BB05BC1} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{B1AF227B-48EB-A457-0DB3-801240716A83} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{B35C1395-AB2D-BEE6-55AE-F8D331D7F30B} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{B4C91D4F-8735-A88D-E8BE-4D168226F78A} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{B5769D78-B754-5933-4551-D7BB1A2896C7} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{B6029097-47C6-0FE2-A8B2-F4630B4C91AF} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{BAEDEEAF-7A98-43DD-8F99-F4B27E2CE744} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{BBD4B1ED-009C-EF4B-86D3-0913CFEE88F4} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{BCC7429D-7966-D9B2-C647-C64CE8D480FB} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{BD0D794C-2A97-758D-4064-04F8F30CC376} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{BE14A955-DD6C-A165-6A81-393FF536A2E2} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{BF9F10FA-709E-CF57-683F-AE59338D3FFA} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{C0A99D85-4A67-BD82-BF78-49D851758BE0} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{C0C935B6-982E-AA23-A228-EE3A265350F0} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{C1788B98-5234-5C51-33A4-D4E4597F4E13} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{C20A038A-407E-8A25-A19B-78BCAF0F004B} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{C25B819B-AC4E-4A6C-1C3C-94A75C05801D} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{C2A684B3-70AD-3AEB-0E2E-015147F1B088} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{C2D3D802-55DE-AF83-8D28-DCB9E085F258} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{C38C7CC0-194E-47AA-322C-B53A3F24FC5C} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{C448539A-1A24-DCB9-3152-D2DCA94E1831} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{C47DCE95-4EB7-6D50-3A1A-3FC3A4633F4B} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{C5844CBD-D015-394D-8C9A-B52CFEA94E45} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{C735DFCD-3D4B-8418-3259-FEFF19B5A02F} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{C74F8C59-7B4A-EAD1-B9DA-0FD02ABAE0E2} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{C902789B-AF19-4056-CC6A-4E38EC39868F} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{CAAF61AE-C8A5-E125-F8BE-A95880B64D9E} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{CAF3DD7E-6240-8C39-7FEA-99587121D128} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{CC736B40-8144-5D9C-A826-91485E5E97D8} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{CF1C66A5-22A7-AA44-A767-EB79B05C5F1B} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{CFD10459-0AD2-0E8A-6563-005DFAA547AB} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{D1BE2EF1-8288-85D8-D0F8-3FECFF762039} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{D1E8711C-CA24-0648-63F6-72B649D9E734} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{D30D7712-2A65-35DC-A66B-35E5622933A7} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{D3137D6C-5DB4-2572-904E-47959850B407} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{D3460D60-001E-2E3C-0500-CD1B84A65091} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{D4A3A16D-E168-DA5F-9A7F-1263C397E4FE} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{D4B4BEE2-1F69-402B-C09C-92E458C76671} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{D7C2CB9D-F607-600B-91D0-599679F9A88F} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{D8512351-F9AF-D514-7114-B05716B35FEA} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{D884A7FC-B315-DB43-1C73-05DD23F4D843} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{D89FEB47-489B-5DB5-8F56-21233C5B92D4} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{D9EE2F1D-DFCC-D9C2-15FF-E71DFED7AE32} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{DB038D07-7678-ECF3-DACC-216F8F47927F} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{DBEDBE1F-31B0-3AE5-7CED-C3D09595A0C4} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{DF68EA3F-353B-2006-149E-B74E2F05DCBC} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{E12E07B7-2F78-59F6-02FA-A8BD15A926C8} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{E29FD263-8F4B-4991-8255-7C16E147AD4F} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{E8A46B07-DD84-7F8E-270C-FF55E437585C} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{E927BCD9-C8DD-FF6B-1C99-97B337D6C5A9} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{EA18C985-9D47-72A6-0895-62594F8F22B3} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{EAB76292-5DD2-1DC9-D5FB-E69DE2ECC235} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{EAE88DE0-9C07-5618-CDDA-12FA13BDB24C} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{EB619721-7FA1-13F4-FCC7-F7910CF00AC8} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{EC5F28A7-4CFF-5C09-1FA6-5425964CF4E2} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{ECB4C300-4D81-7D69-4850-8391D0066D10} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{EEB9DB32-7B54-4C66-C156-72EE153716CE} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{EF03455F-852E-1172-33A0-55AC7653ED04} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{EFDE9EDA-3EDD-9E0C-72B4-AC2CB8167A0E} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{F026EABE-F0E6-C6C9-A5B5-AE5905B7958E} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{F0B0369E-7091-8BEC-16B0-A454E0BF4572} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{F0F72CB3-714A-ED8F-9D97-127E290AEAF2} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{F1A4571F-46C9-C368-C70C-9911C42A8A18} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{F1B29D9E-77D4-3911-26FA-4DF52CC3DF6D} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{F3F255F4-1AEB-1DF7-1AE8-64986D17E0AF} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{F4CA038D-52C0-5374-E50B-397E479D507D} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{F6B1319D-7314-0A68-0B4F-8BE04A4588F5} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{F741EAF7-6D33-0ABE-BCF4-5C3371DBD34A} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{F74BE206-1DFE-36CA-AD40-4E17A18DEFF4} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{F84CD05B-7AC6-704D-1455-2625BA680123} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{F99A735F-A398-AE66-3927-B49AA27FD0E1} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{F9B4CE73-B26F-B607-B08D-EAC3BFF9B474} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{FA402061-C457-66D0-CC72-378C7FF18253} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{FA6A3A0D-D848-BCFF-0F1B-3F3BAC75DED9} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{FAE57A8C-B787-FF8E-2506-4D534170970E} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{FC594F98-EDA8-E405-440A-227929E589CE} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{FC8A44C7-1BDB-6F6E-B17E-626C67C424F9} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{FCDEB34A-1990-EB7A-10FE-C6D6D4B0064B} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{FE9EE686-307A-32CC-5C50-38A169B88EAA} Risk: Medium Name: Adware.CoolWebSearch Path: HKLM\SOFTWARE\Classes\CLSID\{FEB6E8AA-FE92-E2C2-E455-A3DF3DEA94CC} Risk: Medium Name: Adware.CoolWebSearch Path: HKU\S-1-5-21-1619830372-3231276456-1235484852-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF816CED-BF5F-39A8-D260-D4DAA38A5370} Risk: Medium
  24. stef44
    Voilà, CCLeaner est passé. Je t'envoie un nouveau rapport HiJack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:50:10, on 15/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\SPAMfighter\sfus.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\grmhkjyf.exe C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Démarrage\EPM-DM.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\grmhkjyf.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MntChkSys] C:\WINDOWS\system32\grmhkjyf.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: EPM-DM.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 7626 bytes ------------------------------------------------------------------------------------------------------------- Sinon un noveau Trojan apparait (c'est toujours sous forme de fenêtre Windows Security Alert : Trojan-Spy.HTML.Bankfraud.dq
  25. stef44
    Alors le Trojan est le suivant: Trojan-Downloader.Win32.Agent.bq A+ Je t'envoie un rapport HiJack dans la foulée Bon j'étais à la ramasse concernant les MA Windows. Problème résolu. Je passe CCleaner maintenant. A+
×
×
  • Créer...