cristelle
-
Modifié par cristelle le 1/11/2010 à 09:38
fabul
Messages postés39525Date d'inscriptiondimanche 18 janvier 2009StatutModérateurDernière intervention 9 janvier 2025
-
4 déc. 2010 à 01:46
Bonjour,
je n comprend ps ce rapport, merci, c 1 kestion de vi ou de mort ke dieu vs beniss
RegRun Reanimator - Scan for Viruses... Start check 29.10.2010 at:22:10:50
Prohibited:0 Suspicious:15 Warnings:0
Suspicious:URLSearchHook
{08C06D61-F1F3-4799-86F8-BE1A89362C85}=C:\PROGRAM FILES\ORANGEHSS\SEARCHURLHOOK\SEARCHPAGEURL.DLL
******************************
Suspicious:Print Monitors
Canon BJ Language Monitor MP160=C:\Windows\system32\CNMLM83.DLL
IJ Language Monitor CANON INC. Canon IJ Printer Driver 2.00.4.21
******************************
Suspicious:Context Menu Handlers
DAP_ShredMenu=C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL
DAPCtxMenuShell Module Speedbit Ltd. DAPCtxMenuShell Module 9, 2, 0, 0
******************************
Suspicious:Auto Services
KMWDSERVICE=C:\Program Files\Mouse Driver\KMWDSrv.exe
Internal Name: KMWDSERVICE. Status: service running. Actual File: C:\Program Files\Mouse Driver\KMWDSrv.exe * Keyboard And Mouse Communication Service Keyboard And Mouse Communication Service UASSOFT.COM Keyboard And Mouse Communication Service 1, 0, 6, 0
******************************
Suspicious:Auto Services
yksvc=RUNDLL32.EXE ykx32coinst,serviceStartProc
Internal Name: yksvc. Status: service running. Actual File: RUNDLL32.EXE ykx32coinst,serviceStartProc * Service for Marvell® Yukon® Network Adapters
******************************
Suspicious:Registry Run
sxsaeu=RUNDLL32.EXE C:\Users\R\AppData\Local\Temp\mspuyxjb.dll,w
File is deleted or hidden by rootkit or could not be located.
******************************
Suspicious:Registry Run
hqkcomkaw=C:\Users\R\hqkcomkaw.exe
File is deleted or hidden by rootkit or could not be located.
******************************
Suspicious:Registry Run
bqfjns=RUNDLL32.EXE C:\Users\R\AppData\Local\Temp\msghfrmi.dll,w
File is deleted or hidden by rootkit or could not be located.
******************************
Suspicious:Registry Run
hqkcomkaí=C:\Users\R\hqkcomkaí.exe
File is deleted or hidden by rootkit or could not be located.
******************************
Suspicious:Registry Run
SuperCopier2.exe=C:\PROGRAM FILES\SUPERCOPIER2\SUPERCOPIER2.EXE
SuperCopier 2 (explorer file copy replacement) SFX TEAM 2
******************************
Suspicious:Registry Run
KMCONFIG=C:\PROGRAM FILES\MOUSE DRIVER\STARTAUTORUN.EXE
DRIVER AUTORUN UASSOFT.COM DRIVER AUTORUN 1.0.0.1
******************************
Suspicious:Running Processes
StartAutorun.exe=C:\PROGRAM FILES\MOUSE DRIVER\STARTAUTORUN.EXE
DRIVER AUTORUN UASSOFT.COM DRIVER AUTORUN 1.0.0.1
******************************
Suspicious:Running Processes
KMConfig.exe=C:\PROGRAM FILES\MOUSE DRIVER\KMCONFIG.EXE
USB Keyboard And PS/2 Keyboard Driver UASSOFT.COM USB Keyboard And PS/2 Keyboard Driver 3, 0, 0, 1
******************************
Suspicious:Running Processes
KMProcess.exe=C:\PROGRAM FILES\MOUSE DRIVER\KMPROCESS.EXE
Keyboard And Mouse Processing UASSOFT.COM Keyboard And Mouse Processing 4.0.0.1
******************************
-------------------------------------------------------
RegRun Reanimator - Scan for Viruses... Start check 30.10.2010 at:06:41:15
Prohibited:0 Suspicious:12 Warnings:0
Suspicious:URLSearchHook
{08C06D61-F1F3-4799-86F8-BE1A89362C85}=C:\PROGRAM FILES\ORANGEHSS\SEARCHURLHOOK\SEARCHPAGEURL.DLL
******************************
Suspicious:Auto Services
KMWDSERVICE=C:\Program Files\Mouse Driver\KMWDSrv.exe
Internal Name: KMWDSERVICE. Status: service running. Actual File: C:\Program Files\Mouse Driver\KMWDSrv.exe * Keyboard And Mouse Communication Service Keyboard And Mouse Communication Service UASSOFT.COM Keyboard And Mouse Communication Service 1, 0, 6, 0
******************************
Suspicious:Auto Services
yksvc=RUNDLL32.EXE ykx32coinst,serviceStartProc
Internal Name: yksvc. Status: service running. Actual File: RUNDLL32.EXE ykx32coinst,serviceStartProc * Service for Marvell® Yukon® Network Adapters
******************************
Suspicious:Services detected by Partizan
ApfiltrService=system32\DRIVERS\Apfiltr.sys
Driver Alps Touch Pad Filter Driver for Windows 2000/XP/Vista Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
******************************
Suspicious:Services detected by Partizan
ZDPSp60=System32\Drivers\ZDPSp60.sys
Driver ZDPSp60 NDIS Protocol Driver Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
******************************
Suspicious:Registry Run
sxsaeu=RUNDLL32.EXE C:\Users\R\AppData\Local\Temp\mspuyxjb.dll,w
File is deleted or hidden by rootkit or could not be located.
******************************
Suspicious:Registry Run
hqkcomkaw=C:\Users\R\hqkcomkaw.exe
File is deleted or hidden by rootkit or could not be located.
******************************
Suspicious:Registry Run
bqfjns=RUNDLL32.EXE C:\Users\R\AppData\Local\Temp\msghfrmi.dll,w
File is deleted or hidden by rootkit or could not be located.
******************************
Suspicious:Registry Run
hqkcomkaí=C:\Users\R\hqkcomkaí.exe
File is deleted or hidden by rootkit or could not be located.
******************************
Suspicious:Registry Run
SuperCopier2.exe=C:\PROGRAM FILES\SUPERCOPIER2\SUPERCOPIER2.EXE
SuperCopier 2 (explorer file copy replacement) SFX TEAM 2
******************************
Suspicious:Registry Run
KMCONFIG=C:\PROGRAM FILES\MOUSE DRIVER\STARTAUTORUN.EXE
DRIVER AUTORUN UASSOFT.COM DRIVER AUTORUN 1.0.0.1
******************************
-------------------------------------------------------
RegRun Reanimator - Scan for Viruses... Start check 30.10.2010 at:19:37:37
Prohibited:0 Suspicious:1 Warnings:1
Suspicious:URLSearchHook
{08C06D61-F1F3-4799-86F8-BE1A89362C85}=C:\PROGRAM FILES\ORANGEHSS\SEARCHURLHOOK\SEARCHPAGEURL.DLL
******************************
-------------------------------------------------------
RegRun Reanimator - Scan for Viruses... Start check 31.10.2010 at:09:40:28
Prohibited:0 Suspicious:1 Warnings:1
Suspicious:URLSearchHook
{08C06D61-F1F3-4799-86F8-BE1A89362C85}=C:\PROGRAM FILES\ORANGEHSS\SEARCHURLHOOK\SEARCHPAGEURL.DLL
******************************
-------------------------------------------------------
RegRun Reanimator - Scan for Viruses... Start check 31.10.2010 at:19:35:28
Prohibited:0 Suspicious:4 Warnings:0
Suspicious:URLSearchHook
{08C06D61-F1F3-4799-86F8-BE1A89362C85}=C:\PROGRAM FILES\ORANGEHSS\SEARCHURLHOOK\SEARCHPAGEURL.DLL
******************************
Suspicious:Auto Services
KMWDSERVICE=C:\Program Files\Mouse Driver\KMWDSrv.exe
Internal Name: KMWDSERVICE. Status: service running. Actual File: C:\Program Files\Mouse Driver\KMWDSrv.exe * Keyboard And Mouse Communication Service Keyboard And Mouse Communication Service UASSOFT.COM Keyboard And Mouse Communication Service 1, 0, 6, 0
******************************
Suspicious:Auto Services
yksvc=RUNDLL32.EXE ykx32coinst,serviceStartProc
Internal Name: yksvc. Status: service running. Actual File: RUNDLL32.EXE ykx32coinst,serviceStartProc * Service for Marvell® Yukon® Network Adapters
******************************
Suspicious:Services detected by Partizan
ApfiltrService=system32\DRIVERS\Apfiltr.sys
Driver Alps Touch Pad Filter Driver for Windows 2000/XP/Vista Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
******************************
-------------------------------------------------------
RegRun Reanimator - Scan for Viruses... Start check 31.10.2010 at:19:43:15
Prohibited:0 Suspicious:12 Warnings:0
Suspicious:URLSearchHook
{08C06D61-F1F3-4799-86F8-BE1A89362C85}=C:\PROGRAM FILES\ORANGEHSS\SEARCHURLHOOK\SEARCHPAGEURL.DLL
******************************
Suspicious:Auto Services
KMWDSERVICE=C:\Program Files\Mouse Driver\KMWDSrv.exe
Internal Name: KMWDSERVICE. Status: service running. Actual File: C:\Program Files\Mouse Driver\KMWDSrv.exe * Keyboard And Mouse Communication Service Keyboard And Mouse Communication Service UASSOFT.COM Keyboard And Mouse Communication Service 1, 0, 6, 0
******************************
Suspicious:Auto Services
yksvc=RUNDLL32.EXE ykx32coinst,serviceStartProc
Internal Name: yksvc. Status: service running. Actual File: RUNDLL32.EXE ykx32coinst,serviceStartProc * Service for Marvell® Yukon® Network Adapters
******************************
Suspicious:Services detected by Partizan
ApfiltrService=system32\DRIVERS\Apfiltr.sys
Driver Alps Touch Pad Filter Driver for Windows 2000/XP/Vista Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
******************************
Suspicious:Services detected by Partizan
ZDPSp60=System32\Drivers\ZDPSp60.sys
Driver ZDPSp60 NDIS Protocol Driver Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
******************************
fabul
Messages postés39525Date d'inscriptiondimanche 18 janvier 2009StatutModérateurDernière intervention 9 janvier 20255 458 Modifié par fabul le 4/12/2010 à 01:59
Ça sent pas bon:
Registry Run
sxsaeu=RUNDLL32.EXE C:\Users\R\AppData\Local\Temp\mspuyxjb.dll,w
Registry Run
hqkcomkaw=C:\Users\R\hqkcomkaw.exe
Registry Run
bqfjns=RUNDLL32.EXE C:\Users\R\AppData\Local\Temp\msghfrmi.dll,w
Registry Run
hqkcomkaí=C:\Users\R\hqkcomkaí.exe
Registry Run
sxsaeu=RUNDLL32.EXE C:\Users\R\AppData\Local\Temp\mspuyxjb.dll,w
Registry Run
hqkcomkaw=C:\Users\R\hqkcomkaw.exe
Registry Run
bqfjns=RUNDLL32.EXE C:\Users\R\AppData\Local\Temp\msghfrmi.dll,w
laisses tomber Regrun reanimator car il détecte beaucoup trop de FP.
Fais ce qui suit.
On va faire une analyse de ton systéme.
* Télécharge ftp://zebulon.fr/ZHPDiag.exe ZHPDiag ( de Nicolas coolman ).
ou
http://www.premiumorange.com/zeb-help-process/zhpdiag.html (En bas de page).
***********************
/!\Utilisateurs de Vista et Windows 7 : Clique droit sur le logo de ZHPDiag.exe, " exécuter en tant qu'Administrateur /!\
* Laisse toi guider lors de l'installation
* Il se lancera automatiquement à la fin de l'installation
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur le site cijoint.fr ou toofiles puis copie/colle le lien fournit dans ta prochaine réponse sur le forum
