nescargot

Bojour voic le rapport de OTM, ci dessous, par contre impossible de retelecharger zhp diag, soit une demande de pseudo, et en telechargement gratui, erreur, programme trop grand alors que j'ai plen de place...moi pas comprendre...désolé User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: ptit scarabé ->Temp folder emptied: 71411 bytes ->Temporary Internet Files folder emptied: 2200244 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 2355 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 7739588 bytes %systemroot%\System32 .tmp files removed: 3072 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 11539567 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 21,00 mb OTM by OldTimer - Version 3.1.15.0 log created on 08192010_132049 Files moved on Reboot... C:\Documents and Settings\ptit scarabé\Local Settings\Temporary Internet Files\Content.IE5\JHDNT6JJ\default[1].aspx moved successfully. C:\Documents and Settings\ptit scarabé\Local Settings\Temporary Internet Files\Content.IE5\JHDNT6JJ\img[2].txt moved successfully. C:\Documents and Settings\ptit scarabé\Local Settings\Temporary Internet Files\Content.IE5\F4AP8RXS\povh[1].htm moved successfully. C:\Documents and Settings\ptit scarabé\Local Settings\Temporary Internet Files\Content.IE5\F4AP8RXS\ralentissemet-internet-bug-redirection-page-ie-virus-t178421[1].html&p=1501337&fromsearch=1 moved successfully. C:\Documents and Settings\ptit scarabé\Local Settings\Temporary Internet Files\Content.IE5\F4AP8RXS\search[2].txt moved successfully. C:\Documents and Settings\ptit scarabé\Local Settings\Temporary Internet Files\Content.IE5\1N88A4M2\ads[1].txt moved successfully. C:\Documents and Settings\ptit scarabé\Local Settings\Temporary Internet Files\Content.IE5\1N88A4M2\afr[1].php moved successfully. C:\Documents and Settings\ptit scarabé\Local Settings\Temporary Internet Files\Content.IE5\1N88A4M2\afr[2].php moved successfully. C:\Documents and Settings\ptit scarabé\Local Settings\Temporary Internet Files\Content.IE5\1N88A4M2\ban_home_728x90[1].htm moved successfully. C:\Documents and Settings\ptit scarabé\Local Settings\Temporary Internet Files\Content.IE5\1N88A4M2\img[1].htm moved successfully. C:\Documents and Settings\ptit scarabé\Local Settings\Temporary Internet Files\Content.IE5\1N88A4M2\InboxLight[1].aspx moved successfully. C:\Documents and Settings\ptit scarabé\Local Settings\Temporary Internet Files\Content.IE5\1N88A4M2\LocalStorage[1].htm moved successfully. C:\Documents and Settings\ptit scarabé\Local Settings\Temporary Internet Files\Content.IE5\1N88A4M2\Messenger[1].htm moved successfully. C:\Documents and Settings\ptit scarabé\Local Settings\Temporary Internet Files\Content.IE5\1N88A4M2\rectangle_300x250[1].htm moved successfully. C:\Documents and Settings\ptit scarabé\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. File move failed. C:\WINDOWS\temp\$$$dq3e scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\$67we.$ scheduled to be moved on reboot. Registry entries deleted on Reboot...

Bonjour, j'ai bien fait ce que tu m'as dis sur zhpdiag,mais je ne comprends pas, une fois le rapports effacé il n'y a aucune lignes vertes comme précisé dans l'explication...??? que dois-je faire? merci

Bonjour voici le rapport, bonne journée © CJoint.com, 2008

Bonsoir voici le rapport, merci ===== Rapport WareOut Removal Tool ===== version 3.6.2 analyse effectuée le 01/08/2010 à 21:13:49,20 Résultats de l'analyse : ======================== ~~~~ Recherche d'infections dans C:\ ~~~~ ~~~~ Recherche d'infections dans C:\Program Files\ ~~~~ ~~~~ Recherche d'infections dans C:\WINDOWS\system\ ~~~~ ~~~~ Recherche d'infections dans C:\WINDOWS\system32\ ~~~~ ~~~~ Recherche d'infections dans C:\WINDOWS\system32\drivers\ ~~~~ ~~~~ Recherche d'infections dans C:\Documents and Settings\ptit scarab‚\Application Data\ ~~~~ ~~~~ Recherche d'infections dans C:\Documents and Settings\ptit scarab‚\Bureau\ ~~~~ ~~~~ Recherche de détournement de DNS ~~~~ ~~~~ Recherche de Rootkits ~~~~ _______________________________________________________________________ catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-01 21:15:16 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden files ... scan completed successfully hidden files: 0 _______________________________________________________________________ ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon System REG_SZ ~~~~ Recherche d'infections dans C:\DOCUME~1\PTITSC~1\LOCALS~1\Temp\ ~~~~ ~~~~ Recherche d'infections dans C:\Documents and Settings\ptit scarab‚\Start Menu\Programs\ ~~~~ ~~~~ Nettoyage du registre ~~~~ ~~~~ Tentative de réparation des entrées suivantes: ~~~~ [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] = "System" [HKLM\SYSTEM\CurrentControlSet\Services\Windows Tribute Service] [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Windows Tribute Service] ~~~~ Vérification: ~~~~ ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon System REG_SZ _________________________________ développé par Pc-System.fr || Optimisez votre système ! _________________________________

Bonsoir et merci de votre réponse désolé ca rame tellement, que j'ai pas pu faire comme je voulais...(deux posts a la suite, pas dis que vous voyez celui ci...) J'ai voulu lancer la mise a jour de Mbam,une fois fait; biensouvent il commence le scan et le stop, car apparemment il y aurait des erreurs suite aux mise a jour qui était a 100%,je le ferme puis redemarre et c'est bon, je prefrerais vous le preciser... En ce qui concerne le lien que vous m'avez envoyé, Pc-System.fr || Optimisez votre système ! je l'ai bien mis sur mon bureau et dézippé , mais quel fichier dois ouvrir? pour faire ce rapport Merci. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4378 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 01/08/2010 20:53:16 mbam-log-2010-08-01 (20-53-16).txt Type d'examen: Examen rapide Elément(s) analysé(s): 127707 Temps écoulé: 6 minute(s), 57 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Salut, oui peut-etre, personnellement, je n'ai plus le probleme de déconection msn quand j'ouvre mes mails aujourdh'hui, je n'ai rien fait pourtant... peut etre que le probleme est tout simplement lié aux actions des programmateurs d'msn...les questions de gotcha et bleuet reste en ligne...gotcha as tu des changements?

Bonjour a vous, et merci de nous aider sur ce site. voila, j'ai des comportements inhabituels,ralentissements de internet explorer, Redirection sur la page "gala directory", a chaque fois que je fais une recherche google, autre exemple, je suis sur la page d'accueuil de zébulon, il ya une pub pour les ralentissements pc etc...je clik dessus, je me retrouve sur la page d'accueuil google....hoho?! autre probleme chaque fois que je connecte avec mes identifiants soit sur un site ou sur messagerie, une petite fenetre me dit ca: "Soit il n'existe pas de client de messagerie par defaut, soit le client de messagerie actuel ne peut pas répondre, a la demande de la messagerie, executer crosoft outlook et definissez le comme client de messagerie par defaut." Il n'y a pas si longtmps j'ai eu de nombreux spyware et virus, ayant telecharger un antispyware surement douteux j'ai donc fais des scanes avec ccleaner, malwarebytes, spybot ad aware.Y'avait pas mal d'infections, j'ai donc tout supprimé. Mais j'ai l'impression qu'il y en a peut etre des plus vicieux que j'aurais omis...donc si vous pouvez m'aider, ce serait bien sympas, merci! Les derniers scanes que j'ai fais aujourdhui avec mise a jours, si cela peut aider...: GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover Rootkit scan 2010-08-01 18:01:55 Windows 5.1.2600 Service Pack 3 Running: b09sm4d8.exe; Driver: C:\DOCUME~1\PTITSC~1\LOCALS~1\Temp\ugtdqpoc.sys ---- System - GMER 1.0.15 ---- SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E] SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwEnumerateKey [0xF742BC7E] SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwEnumerateValueKey [0xF742BFF6] SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwOpenKey [0xF742BA18] SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwQueryKey [0xF742C0C0] SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwQueryValueKey [0xF742BF58] SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[584] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D854C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[584] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 40E59AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[584] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 40E4D0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[584] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5DB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[584] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 40DC467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[584] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F5480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[584] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F54741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[584] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F547AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[584] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F54612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[584] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F54674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[584] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F54872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[584] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F546D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[584] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 40E5DB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[584] ole32.dll!OleLoadFromStream 774E9C85 5 Bytes JMP 40F54B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[584] WININET.dll!InternetReadFile 404B654B 5 Bytes JMP 026EBFB2 .text C:\Program Files\Internet Explorer\iexplore.exe[584] WININET.dll!InternetCloseHandle 404B9088 5 Bytes JMP 026EC083 .text C:\Program Files\Internet Explorer\iexplore.exe[584] WININET.dll!HttpOpenRequestA 404BD508 5 Bytes JMP 026EBB53 .text C:\Program Files\Internet Explorer\iexplore.exe[584] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 026EBA6D .text C:\Program Files\Internet Explorer\iexplore.exe[584] WININET.dll!HttpSendRequestW 404BFABE 5 Bytes JMP 026EBD77 .text C:\Program Files\Internet Explorer\iexplore.exe[584] WININET.dll!HttpSendRequestA 404CEE89 5 Bytes JMP 026EBC23 .text C:\WINDOWS\system32\winlogon.exe[700] Secur32.dll!LsaLogonUser 77FC33F1 5 Bytes JMP 01452946 .text C:\WINDOWS\Explorer.EXE[1404] USER32.dll!DisplayExitWindowsWarnings 7E3D9F91 5 Bytes JMP 01BA2758 .text C:\WINDOWS\Explorer.EXE[1404] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 01ABB9BB .text C:\WINDOWS\Explorer.EXE[1404] WS2_32.dll!send 719F4C27 5 Bytes JMP 01ABB558 .text C:\WINDOWS\Explorer.EXE[1404] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 01ABB86D .text C:\WINDOWS\Explorer.EXE[1404] WS2_32.dll!recv 719F676F 5 Bytes JMP 01ABB639 .text C:\WINDOWS\Explorer.EXE[1404] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 01ABB70C .text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D854C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 40E59AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 40E4D0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5DB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 40DC467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F5480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F54741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F547AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F54612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F54674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F54872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F546D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1460] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 40E5DB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1460] ole32.dll!OleLoadFromStream 774E9C85 5 Bytes JMP 40F54B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1460] WININET.dll!InternetReadFile 404B654B 5 Bytes JMP 028ABFB2 .text C:\Program Files\Internet Explorer\iexplore.exe[1460] WININET.dll!InternetCloseHandle 404B9088 5 Bytes JMP 028AC083 .text C:\Program Files\Internet Explorer\iexplore.exe[1460] WININET.dll!HttpOpenRequestA 404BD508 5 Bytes JMP 028ABB53 .text C:\Program Files\Internet Explorer\iexplore.exe[1460] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 028ABA6D .text C:\Program Files\Internet Explorer\iexplore.exe[1460] WININET.dll!HttpSendRequestW 404BFABE 5 Bytes JMP 028ABD77 .text C:\Program Files\Internet Explorer\iexplore.exe[1460] WININET.dll!HttpSendRequestA 404CEE89 5 Bytes JMP 028ABC23 .text C:\Program Files\Java\jre6\bin\jqs.exe[1700] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 018AB9BB .text C:\Program Files\Java\jre6\bin\jqs.exe[1700] WS2_32.dll!send 719F4C27 5 Bytes JMP 018AB558 .text C:\Program Files\Java\jre6\bin\jqs.exe[1700] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 018AB86D .text C:\Program Files\Java\jre6\bin\jqs.exe[1700] WS2_32.dll!recv 719F676F 5 Bytes JMP 018AB639 .text C:\Program Files\Java\jre6\bin\jqs.exe[1700] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 018AB70C .text C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1728] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 014AB9BB .text C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1728] WS2_32.dll!send 719F4C27 5 Bytes JMP 014AB558 .text C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1728] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 014AB86D .text C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1728] WS2_32.dll!recv 719F676F 5 Bytes JMP 014AB639 .text C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1728] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 014AB70C .text C:\WINDOWS\System32\snmp.exe[1928] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00AEB9BB .text C:\WINDOWS\System32\snmp.exe[1928] WS2_32.dll!send 719F4C27 5 Bytes JMP 00AEB558 .text C:\WINDOWS\System32\snmp.exe[1928] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00AEB86D .text C:\WINDOWS\System32\snmp.exe[1928] WS2_32.dll!recv 719F676F 5 Bytes JMP 00AEB639 .text C:\WINDOWS\System32\snmp.exe[1928] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00AEB70C .text C:\Program Files\Internet Explorer\iexplore.exe[2248] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D854C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2248] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5DB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2248] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F5480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2248] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F54741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2248] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F547AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2248] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F54612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2248] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F54674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2248] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F54872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2248] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F546D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2248] WININET.dll!InternetReadFile 404B654B 5 Bytes JMP 0267BFB2 .text C:\Program Files\Internet Explorer\iexplore.exe[2248] WININET.dll!InternetCloseHandle 404B9088 5 Bytes JMP 0267C083 .text C:\Program Files\Internet Explorer\iexplore.exe[2248] WININET.dll!HttpOpenRequestA 404BD508 5 Bytes JMP 0267BB53 .text C:\Program Files\Internet Explorer\iexplore.exe[2248] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 0267BA6D .text C:\Program Files\Internet Explorer\iexplore.exe[2248] WININET.dll!HttpSendRequestW 404BFABE 5 Bytes JMP 0267BD77 .text C:\Program Files\Internet Explorer\iexplore.exe[2248] WININET.dll!HttpSendRequestA 404CEE89 5 Bytes JMP 0267BC23 .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[2300] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00D9B9BB .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[2300] WS2_32.dll!send 719F4C27 5 Bytes JMP 00D9B558 .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[2300] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00D9B86D .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[2300] WS2_32.dll!recv 719F676F 5 Bytes JMP 00D9B639 .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[2300] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00D9B70C .text C:\WINDOWS\System32\alg.exe[2764] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00C3B9BB .text C:\WINDOWS\System32\alg.exe[2764] WS2_32.dll!send 719F4C27 5 Bytes JMP 00C3B558 .text C:\WINDOWS\System32\alg.exe[2764] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00C3B86D .text C:\WINDOWS\System32\alg.exe[2764] WS2_32.dll!recv 719F676F 5 Bytes JMP 00C3B639 .text C:\WINDOWS\System32\alg.exe[2764] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00C3B70C .text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D854C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 40E59AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 40E4D0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5DB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 40DC467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F5480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F54741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F547AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F54612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F54674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F54872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F546D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3040] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 40E5DB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3040] ole32.dll!OleLoadFromStream 774E9C85 5 Bytes JMP 40F54B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3040] WININET.dll!InternetReadFile 404B654B 5 Bytes JMP 02B8BFB2 .text C:\Program Files\Internet Explorer\iexplore.exe[3040] WININET.dll!InternetCloseHandle 404B9088 5 Bytes JMP 02B8C083 .text C:\Program Files\Internet Explorer\iexplore.exe[3040] WININET.dll!HttpOpenRequestA 404BD508 5 Bytes JMP 02B8BB53 .text C:\Program Files\Internet Explorer\iexplore.exe[3040] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 02B8BA6D .text C:\Program Files\Internet Explorer\iexplore.exe[3040] WININET.dll!HttpSendRequestW 404BFABE 5 Bytes JMP 02B8BD77 .text C:\Program Files\Internet Explorer\iexplore.exe[3040] WININET.dll!HttpSendRequestA 404CEE89 5 Bytes JMP 02B8BC23 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3752] ws2_32.dll!closesocket 719F3E2B 5 Bytes JMP 01C5B9BB .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3752] ws2_32.dll!send 719F4C27 5 Bytes JMP 01C5B558 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3752] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 01C5B86D .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3752] ws2_32.dll!recv 719F676F 5 Bytes JMP 01C5B639 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3752] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 01C5B70C .text C:\Program Files\Internet Explorer\iexplore.exe[3984] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D854C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3984] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 40E59AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3984] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 40E4D0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3984] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5DB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3984] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 40DC467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3984] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F5480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3984] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F54741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3984] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F547AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3984] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F54612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3984] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F54674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3984] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F54872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3984] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F546D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3984] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 40E5DB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3984] ole32.dll!OleLoadFromStream 774E9C85 5 Bytes JMP 40F54B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3984] WININET.dll!InternetReadFile 404B654B 5 Bytes JMP 02AABFB2 .text C:\Program Files\Internet Explorer\iexplore.exe[3984] WININET.dll!InternetCloseHandle 404B9088 5 Bytes JMP 02AAC083 .text C:\Program Files\Internet Explorer\iexplore.exe[3984] WININET.dll!HttpOpenRequestA 404BD508 5 Bytes JMP 02AABB53 .text C:\Program Files\Internet Explorer\iexplore.exe[3984] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 02AABA6D .text C:\Program Files\Internet Explorer\iexplore.exe[3984] WININET.dll!HttpSendRequestW 404BFABE 5 Bytes JMP 02AABD77 .text C:\Program Files\Internet Explorer\iexplore.exe[3984] WININET.dll!HttpSendRequestA 404CEE89 5 Bytes JMP 02AABC23 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4048] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00E1B9BB .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4048] WS2_32.dll!send 719F4C27 5 Bytes JMP 00E1B558 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4048] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00E1B86D .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4048] WS2_32.dll!recv 719F676F 5 Bytes JMP 00E1B639 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4048] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00E1B70C ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SPTD1165.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7434E06] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\System32\Drivers\SPTD1165.SYS[ntoskrnl.exe!IofCompleteRequest] [F7449C76] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F74353B2] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F74352B6] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F7435482] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F7435482] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F74353B2] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F74352B6] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F744A032] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F7434F6E] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F7449C76] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7434E06] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7427A32] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7427B6E] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7427AF6] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74286CC] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74285A2] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F744A864] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\System32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F7439F78] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [009C1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [009C1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3040] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [009C1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3984] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [009C1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A3AC9C0 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A3AC0E8 Device \Driver\dmio \Device\DmControl\DmConfig 8A3AC0E8 Device \Driver\dmio \Device\DmControl\DmPnP 8A3AC0E8 Device \Driver\dmio \Device\DmControl\DmInfo 8A3AC0E8 AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB) Device \Driver\Ftdisk \Device\HarddiskVolume1 8A39C510 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A39C510 Device \Driver\atapi \Device\Ide\IdePort0 [F7843B40] atapi.sys[unknown section] {MOV EAX, 0x8a3acdd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf743c442; RET } Device \Driver\atapi \Device\Ide\IdePort1 [F7843B40] atapi.sys[unknown section] {MOV EAX, 0x8a3acdd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf743c442; RET } Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7843B40] atapi.sys[unknown section] {MOV EAX, 0x8a3acdd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf743c442; RET } Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7843B40] atapi.sys[unknown section] {MOV EAX, 0x8a3acdd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf743c442; RET } Device \Driver\Disk \Device\Harddisk0\DR0 8A3ACC78 Device \Driver\Ftdisk \Device\FtControl 8A39C510 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 853496546 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1573170053 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1399429876 ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; ---- EOF - GMER 1.0.15 ---- Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4377 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 01/08/2010 18:13:31 mbam-log-2010-08-01 (18-13-31).txt Type d'examen: Examen rapide Elément(s) analysé(s): 127245 Temps écoulé: 7 minute(s), 28 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=231&q={searchTerms}'>http://findgala.com/?&uid=231&q={searchTerms}) Good: (http://www.Google.com/'>http://www.Google.com/) -> No action taken. HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=231&q={searchTerms}) Good: (http://www.Google.com/) -> No action taken. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:22:49, on 01/08/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\Philips\SPC230NC\Monitor.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\trend micro\rapports et problemes\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 74.125.45.100 4-open-davinci.com O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 urs.microsoft.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O1 - Hosts: 217.23.4.103 www.google.com O1 - Hosts: 217.23.4.103 google.com O1 - Hosts: 217.23.4.103 google.com.au O1 - Hosts: 217.23.4.103 www.google.com.au O1 - Hosts: 217.23.4.103 google.be O1 - Hosts: 217.23.4.103 www.google.be O1 - Hosts: 217.23.4.103 google.com.br O1 - Hosts: 217.23.4.103 www.google.com.br O1 - Hosts: 217.23.4.103 google.ca O1 - Hosts: 217.23.4.103 www.google.ca O1 - Hosts: 217.23.4.103 google.ch O1 - Hosts: 217.23.4.103 www.google.ch O1 - Hosts: 217.23.4.103 google.de O1 - Hosts: 217.23.4.103 www.google.de O1 - Hosts: 217.23.4.103 google.dk O1 - Hosts: 217.23.4.103 www.google.dk O1 - Hosts: 217.23.4.103 google.fr O1 - Hosts: 217.23.4.103 www.google.fr O1 - Hosts: 217.23.4.103 google.ie O1 - Hosts: 217.23.4.103 www.google.ie O1 - Hosts: 217.23.4.103 google.it O1 - Hosts: 217.23.4.103 www.google.it O1 - Hosts: 217.23.4.103 google.co.jp O1 - Hosts: 217.23.4.103 www.google.co.jp O1 - Hosts: 217.23.4.103 google.nl O1 - Hosts: 217.23.4.103 www.google.nl O1 - Hosts: 217.23.4.103 google.no O1 - Hosts: 217.23.4.103 www.google.no O1 - Hosts: 217.23.4.103 google.co.nz O1 - Hosts: 217.23.4.103 www.google.co.nz O1 - Hosts: 217.23.4.103 google.pl O1 - Hosts: 217.23.4.103 www.google.pl O1 - Hosts: 217.23.4.103 google.se O1 - Hosts: 217.23.4.103 www.google.se O1 - Hosts: 217.23.4.103 google.co.uk O1 - Hosts: 217.23.4.103 www.google.co.uk O1 - Hosts: 217.23.4.103 google.co.za O1 - Hosts: 217.23.4.103 www.google.co.za O1 - Hosts: 217.23.4.103 www.google-analytics.com O1 - Hosts: 217.23.4.103 www.bing.com O1 - Hosts: 217.23.4.103 search.yahoo.com O1 - Hosts: 217.23.4.103 www.search.yahoo.com O1 - Hosts: 217.23.4.103 uk.search.yahoo.com O1 - Hosts: 217.23.4.103 ca.search.yahoo.com O1 - Hosts: 217.23.4.103 de.search.yahoo.com O1 - Hosts: 217.23.4.103 fr.search.yahoo.com O1 - Hosts: 217.23.4.103 au.search.yahoo.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe O4 - HKLM\..\Run: [sPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: TrayMin230.lnk = ? O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.chat-land.org O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274722975449 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280353083125 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_1_0_2.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe -- End of file - 8390 bytes