Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Pb avec VIRTUMONDE et d'autres bestiol RECALCITRANT

jjjjulious

Par jjjjulious
dans Analyses et éradication malwares

 Partager

Messages recommandés

jjjjulious Member

jjjjulious

Posté(e)
  • Auteur
Posté(e)
salut :P

 

Ne t'inquiêtes pas : c'est pas grave! laisse tomber le scan en ligne, on va faire autrement >

 

* Un reste de Magic Control Agent que tu vas éliminer comme ceci >

 

Vas dans Démarrer/panneau de configuration/options internet > onglet "Contenu" puis onglet "Certificats" et élimine dans "éditeurs approuvés" >

egroup

 

* Met Ad-Aware 2007 à jour et redémarre en mode sans échec.

Fais un scan de tes disques durs et conserve le rapport s'il trouve quelque chose.

 

*Redémarre normalement et poste le rapport d'Ad-Aware 2007 + fais un scan hijackthis mais comme ceci >

 

Lance HijackThis.

Clique sur Open Misc Tools Section

Assure toi que les deux cases de droite sont bien cochées:

* List all minor sections(Full)

* List Empty Sections(Complete)

Clique sur Generate StartupList Log

Click sur "oui" lorsque l'on te le demande.

Cela va générer un rapport,copie le et poste le ici.

 

courage! tu ne dois plus avoir de pubs normalement quand tu surfes ?

 

EXCUSES MOI CHARLES!!!,

Je viens de copier - coller ci dessous Compte Rendu Scanner KASPERSKY et seulement apres je me rend compte que tu m'avais posté ce NOUVEAU message.

DONC Je me met à l'ouvre tout de suite.

A+ ET MERCI ENCORE

jjjjulious Member

jjjjulious

Posté(e)
  • Auteur
Posté(e)

Salut CHARLES,

Que de boulot et beaucoup de listings! a) sur IE j 'ai supprimé parmi les "editeurs approuvés" : egroupe (mais je n'ai pas trouvé son équivalent sur Firefox (Mozilla) ??

b) Maj d'Ad Aware 2007 (il n'a trouvé qu'un "truc pas trop mechon")

c) Je viens de lire ton dernier message et donc j'ai supprimé les deux fichiers indiqués

d) et puis je refait le Hajck This selon les consignes

DONC j'envoie Le listing d'AD AWARE 2007 en 3 parties suivi du rapport Hajck This en 3 parties

aussi !

ALORS ici : COMPTE RENDU AD AWARE 2007 (1 / 3)

 

COMPTE RENDU AD AWARE 2007

 

Ad-Aware 2007 Build

Log File Created on: 2007-07-14 02:47:29

Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef

Computer name: JRG-MONPC

Name of user performing scan: SYSTEM

 

System information

===========================

Number of processors: 1

Processor type: Intel® Pentium® 4 CPU 2.53GHz

Memory Available: 62%

Total Physical Memory: 536379392 Bytes

Available Physical Memory: 330170368 Bytes

Total Page File Size: 1310961664 Bytes

Available On Page File: 1173045248 Bytes

Total Virtual Memory: 2147352576 Bytes

Available Virtual Memory: 1997889536 Bytes

OS: Microsoft Windows XP Service Pack 2 (Build 2600)

 

Ad-Aware 2007 Settings

===========================

Skipping files larger than 1048576 kB

Ignoring infections with lower TAI than: 3

 

 

Extended Ad-Aware 2007 Settings

===========================

Unloading known modules during scan

Ignoring spanned files when scanning cab archives

Scanning registry for all users

Using permanent archive caching

Reanalyzing results after scanning before displaying results

Trying to unload modules prior to removal

Let Windows remove files currently in use at next reboot

Removing quarantined objects after restore

Logging Ad-Aware events

Blocking Pop-Ups aggressively

Deactivating Ad-Watch during scans

Writeprotecting system files after repairs

Including Ad-aware command line parameters in log file

Include info about ignored objects in log file

Including basic settings in log file

Including advanced settings in log file

Including user and computer name in log file

Include reference summary in log file

Creating log file for removal operations

Including module info in log file

Include Alternate Data Stream details in log file

Create and save WebUpdate log file

 

Databaseinfo

===========================

Version number: 8

Build Number: 0

Build Date and Time: 2007/07/09 09:54:24

 

Scan Statistics

===========================

Method: Full

Scan tracking cookies.............................: On

Scan ADS filestreams..............................: Off

 

Item Scanned: 219307

Infections Detected: 1

Infections Ignored: 0

 

Scan detailed statistics

===========================

Type Critical Total

Process Scan....: 0 0

Registry Scan...: 0 0

Registry PE Scan: 0 0

Hosts File Scan.: 0 0

File Scan.......: 0 0

Folder Scan.....: 0 0

LSP Scan........: 0 0

ADS Scan........: 0 0

Cookie Scan.....: 0 0

File Hash Scan..: 0 0

 

Infections Found

===========================

Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0

Item Id: 1 Value: MRU Path: C:\Documents and Settings\Administrator\Recent Count: 1

 

Items Ignored During Scan

===========================

 

 

Listing of running processes

===========================

C:\WINDOWS\SYSTEM32\SMSS.EXE

c:\windows\system32\smss.exe

 

c:\windows\system32\ntdll.dll

 

C:\WINDOWS\SYSTEM32\CSRSS.EXE

c:\windows\system32\csrss.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\csrsrv.dll

 

c:\windows\system32\basesrv.dll

 

c:\windows\system32\winsrv.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\sxs.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

c:\windows\system32\winlogon.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\authz.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\nddeapi.dll

 

c:\windows\system32\profmap.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\psapi.dll

 

c:\windows\system32\regapi.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\msgina.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\odbc32.dll

 

c:\windows\system32\comdlg32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\odbcint.dll

 

c:\windows\system32\shsvcs.dll

 

c:\windows\system32\sfc.dll

 

c:\windows\system32\sfc_os.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\cscdll.dll

 

c:\windows\system32\wlnotify.dll

 

c:\windows\system32\winscard.dll

 

c:\windows\system32\wtsapi32.dll

 

c:\windows\system32\winspool.drv

 

c:\windows\system32\mpr.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\wgalogon.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\ntmarta.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\msimg32.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\cscui.dll

 

c:\windows\system32\xpsp2res.dll

 

C:\WINDOWS\SYSTEM32\SERVICES.EXE

c:\windows\system32\services.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\scesrv.dll

 

c:\windows\system32\authz.dll

 

c:\windows\system32\umpnpmgr.dll

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\ncobjapi.dll

 

c:\windows\system32\msvcp60.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\uxtheme.dll

 

SUIVI DE ....

jjjjulious Member

jjjjulious

Posté(e)
  • Auteur
Posté(e)

COMPTE RENDU AD AWARE (2 / 3)

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\eventlog.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\psapi.dll

 

c:\windows\system32\wtsapi32.dll

 

C:\WINDOWS\SYSTEM32\LSASS.EXE

c:\windows\system32\lsass.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\lsasrv.dll

 

c:\windows\system32\mpr.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\ntdsapi.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\samsrv.dll

 

c:\windows\system32\cryptdll.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\msprivs.dll

 

c:\windows\system32\kerberos.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\netlogon.dll

 

c:\windows\system32\w32time.dll

 

c:\windows\system32\msvcp60.dll

 

c:\windows\system32\schannel.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\wdigest.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\scecli.dll

 

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\ntmarta.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\rpcss.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\rpcss.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshtcpip.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\winrnr.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\rasadhlp.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE

c:\program files\lavasoft\ad-aware 2007\aawservice.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\program files\lavasoft\ad-aware 2007\ceapi.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\program files\lavasoft\ad-aware 2007\pkarchive84cb.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\psapi.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\oleaut32.dll

 

c:\program files\lavasoft\ad-aware 2007\update.dll

 

c:\windows\system32\wsock32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

SUIVI DE ...

jjjjulious Member

jjjjulious

Posté(e)
  • Auteur
Posté(e)

COMPTE RENDU AD AWARE (3/ 3)

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\rsaenh.dll

 

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\ntmarta.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\cryptsvc.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\certcli.dll

 

c:\windows\system32\atl.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\cryptui.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\esent.dll

 

c:\windows\system32\wbem\wmisvc.dll

 

c:\windows\system32\vssapi.dll

 

c:\windows\system32\srsvc.dll

 

c:\windows\system32\powrprof.dll

 

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

C:\WINDOWS\EXPLORER.EXE

c:\windows\explorer.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\browseui.dll

 

c:\windows\system32\shdocvw.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\cryptui.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\cscui.dll

 

c:\windows\system32\cscdll.dll

 

c:\windows\system32\themeui.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\msimg32.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\linkinfo.dll

 

c:\windows\system32\ntshrui.dll

 

c:\windows\system32\atl.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\netshell.dll

 

c:\windows\system32\rtutils.dll

 

c:\windows\system32\credui.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\msi.dll

 

c:\windows\system32\urlmon.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\msisip.dll

 

c:\windows\system32\wshext.dll

 

c:\windows\system32\mfc42.dll

 

c:\windows\system32\comdlg32.dll

 

c:\windows\system32\mfc42loc.dll

 

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE

c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\comdlg32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\inetmib1.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\snmpapi.dll

 

c:\windows\system32\wsock32.dll

 

c:\windows\system32\mprapi.dll

 

c:\windows\system32\activeds.dll

 

c:\windows\system32\adsldpc.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\atl.dll

 

c:\windows\system32\rtutils.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\mpr.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\oleacc.dll

 

c:\windows\system32\msvcp60.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\olepro32.dll

 

c:\windows\system32\secur32.dll

 

End of Scan Section

===========================

 

SUIVI DU COMPTE RENDU HAJCK THIS EN 3 PARTIES ...

jjjjulious Member

jjjjulious

Posté(e)
  • Auteur
Posté(e)

Ok MAINTENANT HIJACK THIS

COMPTE RENDU HIJACK THIS (PARTIE 1 / 3 )

 

StartupList report, 14/07/2007, 03:16:13

StartupList version: 1.52.2

Started from : C:\HijackThis\HijackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wpabaln.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\HijackThis\HijackThis.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\Jrg Julio\Start Menu\Programs\Startup]

OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

hp psc 1000 series.lnk = ?

hpoddt01.exe.lnk = ?

Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

nwiz = nwiz.exe /install

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

Picasa Media Detector = C:\Program Files\Picasa2\PicasaMediaDetector.exe

TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

[setup]

*No values found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" /S

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

 

--------------------------------------------------

 

SUIVI DE ....

jjjjulious Member

jjjjulious

Posté(e)
  • Auteur
Posté(e)

COMPTE RENDU HIJACK THIS (PARTIE 2 / 3)

 

--------------------------------------------------

 

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

 

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP

 

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

 

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *

StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

 

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

 

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

 

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*No subkeys found*

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registry Editor'

 

Registry check passed

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

(no name) - C:\Program Files\Java\jre1.6.0\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

FRU Task #Hewlett-Packard#hp psc 1200 series#1183323397.job

WebReg 20070701225728.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[CKAVWebScan Object]

InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll

CODEBASE = http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

 

[Windows Genuine Advantage Validation Tool]

InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL

CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

 

[YInstStarter Class]

InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll

CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll

 

[Java Plug-in 1.6.0]

InProcServer32 = C:\Program Files\Java\jre1.6.0\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

 

[ActiveScan Installer Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll

CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

 

[Java Plug-in 1.6.0]

InProcServer32 = C:\Program Files\Java\jre1.6.0\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

 

[Java Plug-in 1.6.0]

InProcServer32 = C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

--------------------------------------------------

 

ET ENFIN SUIVI DE ...

jjjjulious Member

jjjjulious

Posté(e)
  • Auteur
Posté(e)

COMPTE RENDU HIJACK THIS (PARTIE 3 / 3 )

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

 

--------------------------------------------------

 

Enumerating Windows NT/2000/XP services

 

Ad-Aware 2007 Service: C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (autostart)

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)

Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)

Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)

Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)

ASAPIW2K: system32\drivers\ASAPIW2k.sys (manual start)

avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart)

RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)

Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)

ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)

avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart)

avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)

avast! Web Scanner: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)

Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

MAC Bridge: System32\DRIVERS\bridge.sys (manual start)

MAC Bridge Miniport: System32\DRIVERS\bridge.sys (manual start)

Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

catchme: \??\C:\DOCUME~1\JRGJUL~1\LOCALS~1\Temp\catchme.sys (manual start)

CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)

Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)

ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)

COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Disk Driver: System32\DRIVERS\disk.sys (system)

Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

dmio: System32\drivers\dmio.sys (disabled)

dmload: System32\drivers\dmload.sys (disabled)

Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Creative AudioPCI (ES1371,ES1373) (WDM): system32\drivers\es1371mp.sys (manual start)

Event Log: %SystemRoot%\system32\services.exe (autostart)

COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)

Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Carte réseau virtuelle FreeBox USB: System32\DRIVERS\fbxusb32.sys (manual start)

Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)

Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\drivers\fltmgr.sys (system)

Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)

Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)

Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)

Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (autostart)

Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)

IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start)

Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start)

USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)

IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)

Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)

IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)

IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)

IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)

IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)

IPSEC driver: System32\DRIVERS\ipsec.sys (system)

IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)

Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Pinnacle Marvin Bus: system32\DRIVERS\MarvinBus.sys (manual start)

Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)

Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)

Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)

WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: System32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)

Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)

Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)

Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)

Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)

Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)

Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)

NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)

Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)

NetBIOS Interface: System32\DRIVERS\netbios.sys (system)

NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)

Network DDE: %SystemRoot%\system32\netdde.exe (disabled)

Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)

Net Logon: %SystemRoot%\System32\lsass.exe (manual start)

Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)

Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)

Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

nv: System32\DRIVERS\nv4_mini.sys (manual start)

NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart)

IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)

IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)

OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)

Parallel port driver: System32\DRIVERS\parport.sys (manual start)

PCI Bus Driver: System32\DRIVERS\pci.sys (system)

PCIIde: System32\DRIVERS\pciide.sys (system)

PCLEPCI: \??\C:\WINDOWS\system32\drivers\pclepci.sys (system)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (manual start)

IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)

WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)

Processor Driver: System32\DRIVERS\processr.sys (system)

Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)

QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)

Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)

PxHelp20: System32\Drivers\PxHelp20.sys (system)

Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)

Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)

Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)

Direct Parallel: System32\DRIVERS\raspti.sys (manual start)

Rdbss: System32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)

Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)

Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)

SBP-2 Transport/Protocol Bus Driver: System32\DRIVERS\sbp2port.sys (system)

Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)

Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: System32\DRIVERS\secdrv.sys (manual start)

Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)

Serial port driver: System32\DRIVERS\serial.sys (system)

Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

SiS AGP Filter: System32\DRIVERS\SISAGPX.sys (system)

SiSide: System32\DRIVERS\siside.sys (system)

SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)

Add Performance Filter Driver: system32\drivers\sisperf.sys (system)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

System Restore Filter Driver: System32\DRIVERS\sr.sys (system)

System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Srv: System32\DRIVERS\srv.sys (manual start)

SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)

Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{3F5AD97E-DC8F-4939-AE91-A66F81CB97D8} (manual start)

Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)

Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)

Terminal Device Driver: System32\DRIVERS\termdd.sys (system)

Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Microcode Update Driver: System32\DRIVERS\update.sys (manual start)

Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)

Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)

Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)

Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)

Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)

USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)

USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)

VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)

Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)

Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)

Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)

Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Automatic Updates: %systemRoot%\System32\svchost.exe -k netsvcs (autostart)

Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

 

 

--------------------------------------------------

 

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

 

Windows NT checkdisk command:

BootExecute = autocheck autochk *

 

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

 

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*No values found*

 

--------------------------------------------------

 

End of report, 33 277 bytes

Report generated in 0,093 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

 

VOILA CHARLES ... COURAGE .... JE PENSE QUE DOIT MANQUER PAS GRAND CHOSE non?

MERCI ENCORE POUR TON MAGNIFIQUE AIDE

a+

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

Je regarde tes rapport et te dis ce qu'il en est ...

Que de boulot et beaucoup de listings! a) sur IE j 'ai supprimé parmi les "editeurs approuvés" : egroupe (mais je n'ai pas trouvé son équivalent sur Firefox (Mozilla) ??

oui le certificat n'apparait que sous Internet Explorer et pas sous Firefox :P

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

Rien de mauvais sur les derniers rapports :P

Tu ne dois plus avoir de pubs lorsque tu surfes à présent?

 

Pour terminer >

  • Télécharge Erase!Beta de A.Rothstein qui va supprimer ce que l'on à téléchargé durant la procédure.
  • Enregistre le fichier sur le Bureau puis dézippe le .
  • Double-clique sur le fichier Erase!beta sur ton bureau >3707a12f26a138c8a4bddb3349c8.gif< L'outil va procéder au nettoyage.
  • Copie le rapport qui se trouve ici > C:\RapportEP.txt et poste le dans ta prochaine réponse.

Désactive puis réactive la restauration système comme ceci => aide visuelle

Clique sur Démarrer.

Clique avec le bouton droit sur l'icône Poste de travail, puis cliquez sur Propriétés.

Clique sur l'onglet «Restauration du système».

Sélectionne «Désactiver la Restauration du système» ou «Désactiver la Restauration du système sur tous les lecteurs»

Clique sur "Appliquer".

Comme le dit le message, ceci supprimera tous les points de restauration existants. Pour faire cela, clique sur Oui.

Clique sur OK.Redémarre ton PC.Fais l'opération inverse, et réactive la restauration:un nouveau point sera automatiquement créé.

 

je repasse plus tard...après le boulot!!

jjjjulious Member

jjjjulious

Posté(e)
  • Auteur
Posté(e)

Salut CHARLES,

Je croyais que tu ne serais pas aujourd'hui ... bon tant mieux pour moi!

a) Oui le problème de sites intempestives, c'est réglé !! Je suis bien content ! :P

 

b) Exécution d' ERASE!BETA

LE RAPPORT :

********EraseProg! (A.Rothstein) V1.8********

 

 

 

Nettoyage commence le 15/07/2007 a 0:00:45,73

 

***************************************

 

-KillBox = Trouve!

 

-KillBox = Suppression effectuee!

 

-Navilog = trouve!

 

-Navilog = Suppression effectuee!

 

Programme(s) supprime(s) avec succes!

***************************************

 

Fin le 15/07/2007 a 0:00:46,59

 

Merci d'avoir utilise EraseProg!

 

c) Et qu'est ce que passe avec ActiveX installé par Kaspersky ? (Ce n'est pas un problème? )

 

d) Bon il ne me reste que Desactiver et Reactiver la Restauration du Système.

e) Et remettre les valeurs initiales (pour les fichiers et dossiers cachés)

BON JE LE FAIS ET JE REVIENS POUR T INFORMER.

SINON CELA FAIT DU BIEN SAVOIR QUE LE PC est libre de tout cela !!

MERCI ET A PLUS TARD!!

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...