> Tous les forumsSécurité

 rapport Ewido et HijackSujet résolu
Statut du sujet : RESOLU Imprimer
 vincent 66
  Posté le 25/08/2006 @ 11:41  
 Petit astucien

130 Messages
bonjour, j'ai fait un pré nettoyage de mon pc avec le logiciel EasyCleaner pour pc infecté car mon pc ramé. Suite a ca j'ai effectué une anlyse de mon pc (avec Ewido et HijackThis). Je vous envoi les rapports. Merci d'avance pour votre aide et pour me dire les manipulations a effectué pour retrouver un pc nettoyer en profondeur. ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 22:34:02 24/08/2006 + Scan result: C:\Program Files\HbTools\Bin\4.7.7.0\HbtCoreSrv.dll -> Adware.HotBar : Cleaned with backup (quarantined). C:\Program Files\HbTools\Bin\4.7.7.0\HbtGuard.exe -> Adware.HotBar : Cleaned with backup (quarantined). C:\Program Files\HbTools\Bin\4.7.7.0\HbtHostIE.dll -> Adware.HotBar : Cleaned with backup (quarantined). C:\Program Files\HbTools\Bin\4.7.7.0\HbtHostOE.dll -> Adware.Hotbar : Cleaned with backup (quarantined). C:\Program Files\HbTools\Bin\4.7.7.0\HbtHostOL.dll -> Adware.HotBar : Cleaned with backup (quarantined). C:\Program Files\HbTools\Bin\4.7.7.0\HbtInstIE.dll -> Adware.HotBar : Cleaned with backup (quarantined). C:\Program Files\HbTools\Bin\4.7.7.0\HbtOEAddOn.exe -> Adware.HotBar : Cleaned with backup (quarantined). C:\Program Files\HbTools\Bin\4.7.7.0\HbtSrv.exe -> Adware.HotBar : Cleaned with backup (quarantined). C:\Program Files\HbTools\Bin\4.7.7.0\HbtToolbar.dll -> Adware.HotBar : Cleaned with backup (quarantined). C:\Program Files\HbTools\Bin\4.8.0.0\Cml.exe -> Adware.HotBar : Cleaned with backup (quarantined). C:\Program Files\HbTools\Bin\4.8.0.0\HbtGuard.exe -> Adware.HotBar : Cleaned with backup (quarantined). C:\Program Files\HbTools\Bin\4.8.0.0\HbtWeatherOnTray.exe -> Adware.Hotbar : Cleaned with backup (quarantined). C:\Program Files\HbTools\Bin\4.8.0.0\\\\\\__delete_on_reboot__H_b_t_H_o_s_t_O_E_._d_l_l_ -> Adware.Hotbar : Cleaned with backup (quarantined). C:\Program Files\HbTools\Bin\4.8.0.0\\\\\\__delete_on_reboot__H_b_t_S_r_v_._e_x_e_ -> Adware.HotBar : Cleaned with backup (quarantined). C:\WINDOWS\system32\rwnsvypx.exe -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager.1 -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager\CLSID -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager\CurVer -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\HbTools -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\HbTools\Install -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\HbTools\MachineInfo -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\HbTools\Mail -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\HbTools\PI -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\HbTools\Updates -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\HbTools\Upgrade -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\HostOI -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\HostOI\Mail -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\HostOI\Updates -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\HostOL -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\HostOL\Mail -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\HostOL\Updates -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\Hotbar\Install -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\Install -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\Install\CmpMap -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\Install\Icons -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\HbTools\Install\Links -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HbToolsOutlookTools -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HbToolsWebTools -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\Common -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\Common\Time -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\Common\Updates -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\EUI -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\HtmlPPP -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\ImagesHistory -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\Install -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\Local -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\MachineInfo -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\PI -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\Sample -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\Sample\Hist -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\Sample\Hist\sg860 -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\Sample\Hist\sg861 -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\Sample\Hist\sg887 -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\Sample\Hist\sg888 -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\Sample\Hist\sg889 -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\Sample\Hist\sg910 -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\Sample\Hist\sg912 -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\Sample\Hist\sg913 -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\Sample\Hist\sg914 -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\Sample\Hist\sg915 -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\Sample\Hist\sg928 -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\Sample\Hist\sg929 -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\UserInfo -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\Weather -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\dynamic -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\init -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\links -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\mail -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\options -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HbTools\updates -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HostOI -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HostOI\Updates -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\HostOI\links -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\Time -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\Time\HostIE -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\Time\HostIE\Updates -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\Time\HostOE -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\Time\HostOE\Updates -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\Time\HostOI -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\Time\HostOI\Updates -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\Time\HostOL -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\Time\HostOL\Updates -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\hostol -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\hostol\Mail -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\hostol\Updates -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\hostol\links -> Adware.HotBar : Cleaned with backup (quarantined). HKU\S-1-5-21-4018030368-2089636853-1555132074-1008\Software\HbTools\hostol\soho -> Adware.HotBar : Cleaned with backup (quarantined). [1192] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [1252] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [1544] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [2436] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [2444] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [2452] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [2460] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [2488] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [2708] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [2752] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [2776] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [2808] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [2816] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [2852] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [2900] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [2940] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [3028] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [3084] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [3412] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [3456] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [3528] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [3668] C:\Program Files\HbTools\Bin\4.8.0.0\HbtWeatherOnTray.exe -> Adware.Hotbar : Error during cleaning. [3716] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [3748] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [3864] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [3904] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [3924] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [3944] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [3972] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [3984] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [4012] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [4016] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. [4576] C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostOE.dll -> Adware.Hotbar : Error during cleaning. C:\Program Files\Adverts\uninst.exe -> Adware.Lop : Cleaned with backup (quarantined). C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@revenue[1].txt -> TrackingCookie.Revenue : Cleaned. ::Report end Logfile of HijackThis v1.99.1 Scan saved at 22:43:29, on 24/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\HbTools\Bin\4.8.0.0\HbtOEAddOn.exe C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hbtools\HBTV\HBTV.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguiexe.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\Watch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\Program Files\Hijackthis Version Française\hijackthis vf.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alisook.com/rub/erotique_adulte.asp R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D778597B402E38C3 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\hbtools\hbtv\hbtvhelper.dll O2 - BHO: (no name) - {514F64D5-2801-CB80-4EF1-EED1C2EB38D7} - (no file) O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostIE.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.0.0\HbtHostIE.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.8.0.0\HbtOEAddOn.exe O4 - HKLM\..\Run: [cool trans ante regs] C:\Documents and Settings\All Users\Application Data\Sizereadmecooltrans\Plusbin.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.8.0.0\HbtWeatherOnTray.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4996AD2E-71C7-4A78-82B8-AE00969346DB}: NameServer = 80.10.246.130 80.10.246.3 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: MSNim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
 Afficher le profil de vincent 66 Envoyer un message privé à vincent 66
 
 
Publicité
 philae  Posté le 25/08/2006 à 15:29  
  Groupe Sécurité


36539 Messages
Bonjour, fait les manips indiquées sur cette page http://perso.orange.fr/jesses/Docs/Nuisibles/Hotbar.htm reposte ensuite un nouveau rapport ewido et HijackThis
Afficher le profil de philae Voir la configuration de philaeEnvoyer un message privé à philae
 Revenir en haut de la page
 vincent 66  Posté le 25/08/2006 à 15:48  
Petit astucien

130 Messages
bonjour philae, tout d'abord merci beaucoup pour ton aide. je fais les manipulations que tu me demandes et je te renvoi les rapports. merci encore et a de suite
Afficher le profil de vincent 66 Voir la configuration de vincent 66Envoyer un message privé à vincent 66
 Revenir en haut de la page
 vincent 66  Posté le 25/08/2006 à 17:13  
Petit astucien

130 Messages
re , j'ai fait les manips demandés et refait une anlyse dont je poste les rapports. merci de votre aide ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 17:05:47 25/08/2006 + Scan result: D:\I386\Apps\APP23511\src\da\js\LURegWMI.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\I386\Apps\APP23511\src\de\js\LURegWMI.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\I386\Apps\APP23511\src\en\JS\LUREGWMI.EXE -> Adware.Dm : Cleaned with backup (quarantined). D:\I386\Apps\APP23511\src\es\JS\LURegWMI.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\I386\Apps\APP23511\src\fi\js\LURegWMI.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\I386\Apps\APP23511\src\fr\JS\LURegWMI.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\I386\Apps\APP23511\src\it\js\LURegWMI.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\I386\Apps\APP23511\src\ko\JS\LUREGWMI.EXE -> Adware.Dm : Cleaned with backup (quarantined). D:\I386\Apps\APP23511\src\nl\js\LURegWMI.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\I386\Apps\APP23511\src\no\js\LURegWMI.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\I386\Apps\APP23511\src\pt\js\LURegWMI.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\I386\Apps\APP23511\src\sv\js\LURegWMI.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\I386\Apps\APP23511\src\zh\cn\JS\LUREGWMI.EXE -> Adware.Dm : Cleaned with backup (quarantined). D:\I386\Apps\APP23511\src\zh\tw\JS\LURegWMI.exe -> Adware.Dm : Cleaned with backup (quarantined). C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@adtech[2].txt -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@advertising[2].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned. ::Report end Logfile of HijackThis v1.99.1 Scan saved at 17:10:29, on 25/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguiexe.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\PollingModule.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Hijackthis Version Française\hijackthis vf.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alisook.com/rub/erotique_adulte.asp R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: (no name) - {514F64D5-2801-CB80-4EF1-EED1C2EB38D7} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [cool trans ante regs] C:\Documents and Settings\All Users\Application Data\Sizereadmecooltrans\Plusbin.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4996AD2E-71C7-4A78-82B8-AE00969346DB}: NameServer = 80.10.246.130 80.10.246.3 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: MSNim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe et encore merci
Afficher le profil de vincent 66 Voir la configuration de vincent 66Envoyer un message privé à vincent 66
 Revenir en haut de la page
 philae  Posté le 25/08/2006 à 17:24  
  Groupe Sécurité


36539 Messages
Re Il y a certains sites à éviter R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http ://www.aliso ok.com /rub/ erotique_adulte.asp Démarrer ------- "Exécuter…" ----------- Tape "services.msc" et valide par [OK]. La fenêtre des Services s'ouvre => vérifier dans la partie inférieure que l'onglet "Etendu" est bien sélectionné, sinon faites le France Telecom Routing Table Service (FTRTSVC) et le chemin C:\WINDOWS\System32\FTRTSVC.exe - Dans la colonne "Nom", DOUBLE CLIQUE sur le service noté en GRAS ci dessus, pour faire apparaître "Propriétés". - Vérifie dans "Chemin d'accès des fichiers exécutables" qu'il s'agit bien de l'emplacement souligné. - Puis clique sur [Arrêter]. - Dans le menu déroulant "Type de démarrage", sélectionne "Désactivé". - valide la modification par [OK]. - Ferme la fenêtre des Services. PUIS * Lance HijackThis pour un scan seulement Puis coche les lignes suivantes en GRAS dans HijackThis Logfile of HijackThis v1.99.1 Scan saved at 17:10:29, on 25/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguiexe.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\PollingModule.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Hijackthis Version Française\hijackthis vf.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alisook.com/rub/erotique_adulte.asp R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: (no name) - {514F64D5-2801-CB80-4EF1-EED1C2EB38D7} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [cool trans ante regs] C:\Documents and Settings\All Users\Application Data\Sizereadmecooltrans\Plusbin.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4996AD2E-71C7-4A78-82B8-AE00969346DB}: NameServer = 80.10.246.130 80.10.246.3 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: MSNim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe * Fermer toutes les fenêtres Windows, Internet Explorer, Outlook .....sauf le logiciel HijackThis et clique sur Fixer l'objet * Assure toi d'avoir accès à tous les fichiers en image [url="http://forum.pcastuces.com/sujet.asp?SUJET_ID=291882#haut"]ICI[/url] - démarrer----------------poste de travail ou autre dossier------------menu outils-----------options des dossiers---------------onglet affichage : - activer la case : Afficher les fichiers et dossiers cachés - désactiver la case : Masquer les extensions des fichiers dont le type est connu - désactiver la case : Masquer les fichier protégés du système d'exploitation Puis - Appliquer * et Supprime le(s) fichier(s) ci dessous si il(s) est (sont) présent(s) : C:\Documents and Settings\All Users\Application Data\Sizereadmecooltrans\ * Dans l'Explorateur Windows recache les fichiers système afin de ne pas faire d'erreur à l'avenir. Retourne à la fenêtre <Paramètres de dossiers> et sélectionne <Ne pas afficher les fichiers cachés ou les fichiers système> * Vide la Corbeille * Lance et exécute Ccleaner * Lance et exécute Ewido pour un scan complet et copie colle le rapport ici
Afficher le profil de philae Voir la configuration de philaeEnvoyer un message privé à philae
 Revenir en haut de la page
 vincent 66  Posté le 25/08/2006 à 18:25  
Petit astucien

130 Messages
re, je fais ce que tu me demande et je te poste l'analyse a toute et merci
Afficher le profil de vincent 66 Voir la configuration de vincent 66Envoyer un message privé à vincent 66
 Revenir en haut de la page
 vincent 66  Posté le 25/08/2006 à 19:24  
Petit astucien

130 Messages
re, voici ma nouvelle analyse ewido. Faut il que je fasse aussi une anlyse HijackThis? Merci [smile] ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 19:19:47 25/08/2006 + Scan result: D:\System Volume Information\\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP192\A0046948.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\System Volume Information\\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP192\A0046949.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\System Volume Information\\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP192\A0046950.EXE -> Adware.Dm : Cleaned with backup (quarantined). D:\System Volume Information\\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP192\A0046951.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\System Volume Information\\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP192\A0046952.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\System Volume Information\\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP192\A0046953.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\System Volume Information\\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP192\A0046954.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\System Volume Information\\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP192\A0046955.EXE -> Adware.Dm : Cleaned with backup (quarantined). D:\System Volume Information\\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP192\A0046956.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\System Volume Information\\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP192\A0046957.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\System Volume Information\\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP192\A0046958.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\System Volume Information\\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP192\A0046959.exe -> Adware.Dm : Cleaned with backup (quarantined). D:\System Volume Information\\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP192\A0046960.EXE -> Adware.Dm : Cleaned with backup (quarantined). D:\System Volume Information\\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP192\A0046961.exe -> Adware.Dm : Cleaned with backup (quarantined). ::Report end

Modifié par vincent 66 le 25/08/2006 19:26
Afficher le profil de vincent 66 Voir la configuration de vincent 66Envoyer un message privé à vincent 66
 Revenir en haut de la page
 philae  Posté le 25/08/2006 à 20:39  
  Groupe Sécurité


36539 Messages
re oui reposte stp un rapport HijackThis
Afficher le profil de philae Voir la configuration de philaeEnvoyer un message privé à philae
 Revenir en haut de la page
 vincent 66  Posté le 25/08/2006 à 21:19  
Petit astucien

130 Messages
re, voila le rapport HijackThis Logfile of HijackThis v1.99.1 Scan saved at 21:17:45, on 25/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguiexe.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\PollingModule.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\Program Files\Hijackthis Version Française\hijackthis vf.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\..\{4996AD2E-71C7-4A78-82B8-AE00969346DB}: NameServer = 80.10.246.130 80.10.246.3 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: MSNim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe merci
Afficher le profil de vincent 66 Voir la configuration de vincent 66Envoyer un message privé à vincent 66
 Revenir en haut de la page
 philae  Posté le 25/08/2006 à 21:26  
  Groupe Sécurité


36539 Messages
re je démarre l'analyse du dernier rapport, réponse dans un moment
Afficher le profil de philae Voir la configuration de philaeEnvoyer un message privé à philae
 Revenir en haut de la page
 philae  Posté le 25/08/2006 à 21:30  
  Groupe Sécurité


36539 Messages
re ton dernier rapport est propre * désactive ta restauration système
Pour désactiver le système de Restauration : démarrer-----------panneau de configuration------------système---------- onglet Restauration système-----------coche la case (Désactiver la restauration système)-------------- redémarre l'ordinateur
* relance ewido * recréé un point de restauration système. Ton pc est-il moins lent ?
Afficher le profil de philae Voir la configuration de philaeEnvoyer un message privé à philae
 Revenir en haut de la page
 vincent 66  Posté le 25/08/2006 à 22:40  
Petit astucien

130 Messages
Re, j'ai fais les manips,et voila mon dernier rapport ewido et HijackThis. pourrai tu me dire aussi ce que je peux installer sur mon pc pour eviter les fenetres de pub. mille merci --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 22:34:31 25/08/2006 + Scan result: C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@adtech[2].txt -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@advertising[2].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@ehg-yvesrocher.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@lop[1].txt -> TrackingCookie.Lop : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned. C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end Logfile of HijackThis v1.99.1 Scan saved at 22:36:11, on 25/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguiexe.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\Program Files\Hijackthis Version Française\hijackthis vf.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\..\{4996AD2E-71C7-4A78-82B8-AE00969346DB}: NameServer = 80.10.246.1 80.10.246.132 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: MSNim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus <