[Virus]rapport d'interprétation de hijackthis
nancy
-
nancy -
nancy -
bonjour tout le monde
voici le rapport de scan de hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 13:52:48, on 1/16/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nokia\Connectivity Server\bin\mediator.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Nokia\Connectivity Server\bin\zimu.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\WinRoute Pro\winroute.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\system32\mqsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MORATE~1.SER\LOCALS~1\Temp\Rar$EX00.719\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F0 - system.ini: Shell=Explorer.exe C:\WINNT\system32\winmgd.win
F1 - win.ini: run=C:\WINNT\system32\mouse_configurator.win
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - E:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll (file missing)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_14.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - C:\Program Files\AV VCS 3.0\Vcs3RT.dll (file missing)
O2 - BHO: Windows Genuine Tool - {c815ace8-3dbf-4ffd-8231-ab1d21e8b7ee} - C:\WINNT\shginas.dll
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [McSpyVirusMap] c:\progra~1\mcafee\MCAFEE~1\McSpy.exe /cmd:VirusMap
O4 - HKLM\..\Run: [Kernel32] C:\WINNT\system32\Kernel32.win
O4 - HKLM\..\Run: [Israfel] C:\WINNT\system32\Israfel.vbs
O4 - HKLM\..\Run: [vcs3demo] C:\PROGRA~1\AVVCS3~1.0\Vcs3Cmd.exe
O4 - HKLM\..\Run: [lqEbq] C:\WINNT\mueblrah.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\uwfx5.exe" /scan
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .m14: C:\Program Files\Internet Explorer\plugins\NPEdoc32.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_serial.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=56&id=60871&ex&1s&ppd=4
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://amecspiesupport.webex.com/client/v_mywebex-t20/support/ieatgpc.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BCD663F-9B2F-4C21-8AEC-607E43871376}: NameServer = 212.217.65.13 212.217.65.10
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Nokia TETRA Connectivity Server Manager (mediator) - Nokia Oyj - C:\Program Files\Nokia\Connectivity Server\bin\mediator.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: WinRoute Pro 4.2 (WinRoute) - Unknown owner - C:\Program Files\WinRoute Pro\winroute.exe
je vous remercie d'avance pour votre aide
voici le rapport de scan de hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 13:52:48, on 1/16/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nokia\Connectivity Server\bin\mediator.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Nokia\Connectivity Server\bin\zimu.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\WinRoute Pro\winroute.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\system32\mqsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MORATE~1.SER\LOCALS~1\Temp\Rar$EX00.719\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F0 - system.ini: Shell=Explorer.exe C:\WINNT\system32\winmgd.win
F1 - win.ini: run=C:\WINNT\system32\mouse_configurator.win
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - E:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll (file missing)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_14.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - C:\Program Files\AV VCS 3.0\Vcs3RT.dll (file missing)
O2 - BHO: Windows Genuine Tool - {c815ace8-3dbf-4ffd-8231-ab1d21e8b7ee} - C:\WINNT\shginas.dll
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [McSpyVirusMap] c:\progra~1\mcafee\MCAFEE~1\McSpy.exe /cmd:VirusMap
O4 - HKLM\..\Run: [Kernel32] C:\WINNT\system32\Kernel32.win
O4 - HKLM\..\Run: [Israfel] C:\WINNT\system32\Israfel.vbs
O4 - HKLM\..\Run: [vcs3demo] C:\PROGRA~1\AVVCS3~1.0\Vcs3Cmd.exe
O4 - HKLM\..\Run: [lqEbq] C:\WINNT\mueblrah.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\uwfx5.exe" /scan
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .m14: C:\Program Files\Internet Explorer\plugins\NPEdoc32.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_serial.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=56&id=60871&ex&1s&ppd=4
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://amecspiesupport.webex.com/client/v_mywebex-t20/support/ieatgpc.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BCD663F-9B2F-4C21-8AEC-607E43871376}: NameServer = 212.217.65.13 212.217.65.10
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Nokia TETRA Connectivity Server Manager (mediator) - Nokia Oyj - C:\Program Files\Nokia\Connectivity Server\bin\mediator.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: WinRoute Pro 4.2 (WinRoute) - Unknown owner - C:\Program Files\WinRoute Pro\winroute.exe
je vous remercie d'avance pour votre aide
A voir également:
- [Virus]rapport d'interprétation de hijackthis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Virus mcafee - Accueil - Piratage
- Plan rapport de stage - Guide
- Virus informatique - Guide
- Thème rapport de stage comptabilité - Forum Word
7 réponses
salut t'es trop infecté !!!
commence par desinstaller ces programe dans ajout/suppression de programe
MySearch
RXToolBar
Internet Optimizer
WinFixer 2005
NewDotNet
lance hijack /coche ces ligne et clike sur fix checked
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - E:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll (file missing)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_14.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - C:\Program Files\AV VCS 3.0\Vcs3RT.dll (file missing)
O2 - BHO: Windows Genuine Tool - {c815ace8-3dbf-4ffd-8231-ab1d21e8b7ee} - C:\WINNT\shginas.dll
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O4 - HKLM\..\Run: [Kernel32] C:\WINNT\system32\Kernel32.win
O4 - HKLM\..\Run: [Israfel] C:\WINNT\system32\Israfel.vbs
O4 - HKLM\..\Run: [vcs3demo] C:\PROGRA~1\AVVCS3~1.0\Vcs3Cmd.exe
O4 - HKLM\..\Run: [lqEbq] C:\WINNT\mueblrah.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\uwfx5.exe" /scan
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_serial.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=56&id=60871&ex&1s&ppd=4
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://amecspiesupport.webex.com/client/v_mywebex-t20/support/ieatgpc.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
1.redemarre en mode sans echec (redemarage + tapotte sans arret sur F8 desque l'ordi s'allume)
2. desactive ta restauration (pour win xp ) comme ceci :
clike droit sur post de travaille/proprietes/restauration system et la tu coche desactiver la restauration du systeme tu applique
3. affiche les fichier cacher comme ceci :
clicker sur demarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Puis fais «Ok» pour valider les changements.
Decocher masquer les extentions dont le type est connues
4.ensuite va dans demarrer/rechercher et tape: un par un
iMeshBHO.dll
newdotnet7_14.dll
IMESHBAR.DLL
shginas.dll
iasada.dll
Kernel32.win
Israfel.vbs
Vcs3Cmd.exe
mueblrah.exe
optimize.exe"
istsvc.exe
uwfx5.exe
suprime les et vide ta corebeille
reactive la restauration et masque les fichiers caché en suivant le meme chemin
redemare en mode normal
telecharge et execute ces antispywares ( pense a les mettre a jour avant de les lancées)
(1) ad-aware version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
***
(2) spybot version 1.4
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
***
(3)ccleaner :
http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
son tutorial :
http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
(4)Edwido
http://download.ewido.net/ewido-setup.exe
Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour.
Clique sur scanner puis sur scan complet du système. colle le resultat d'edwido ici suivi d'un log hijack
@+++++++++
commence par desinstaller ces programe dans ajout/suppression de programe
MySearch
RXToolBar
Internet Optimizer
WinFixer 2005
NewDotNet
lance hijack /coche ces ligne et clike sur fix checked
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - E:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll (file missing)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_14.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - C:\Program Files\AV VCS 3.0\Vcs3RT.dll (file missing)
O2 - BHO: Windows Genuine Tool - {c815ace8-3dbf-4ffd-8231-ab1d21e8b7ee} - C:\WINNT\shginas.dll
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O4 - HKLM\..\Run: [Kernel32] C:\WINNT\system32\Kernel32.win
O4 - HKLM\..\Run: [Israfel] C:\WINNT\system32\Israfel.vbs
O4 - HKLM\..\Run: [vcs3demo] C:\PROGRA~1\AVVCS3~1.0\Vcs3Cmd.exe
O4 - HKLM\..\Run: [lqEbq] C:\WINNT\mueblrah.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\uwfx5.exe" /scan
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_serial.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=56&id=60871&ex&1s&ppd=4
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://amecspiesupport.webex.com/client/v_mywebex-t20/support/ieatgpc.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
1.redemarre en mode sans echec (redemarage + tapotte sans arret sur F8 desque l'ordi s'allume)
2. desactive ta restauration (pour win xp ) comme ceci :
clike droit sur post de travaille/proprietes/restauration system et la tu coche desactiver la restauration du systeme tu applique
3. affiche les fichier cacher comme ceci :
clicker sur demarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Puis fais «Ok» pour valider les changements.
Decocher masquer les extentions dont le type est connues
4.ensuite va dans demarrer/rechercher et tape: un par un
iMeshBHO.dll
newdotnet7_14.dll
IMESHBAR.DLL
shginas.dll
iasada.dll
Kernel32.win
Israfel.vbs
Vcs3Cmd.exe
mueblrah.exe
optimize.exe"
istsvc.exe
uwfx5.exe
suprime les et vide ta corebeille
reactive la restauration et masque les fichiers caché en suivant le meme chemin
redemare en mode normal
telecharge et execute ces antispywares ( pense a les mettre a jour avant de les lancées)
(1) ad-aware version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
***
(2) spybot version 1.4
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
***
(3)ccleaner :
http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
son tutorial :
http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
(4)Edwido
http://download.ewido.net/ewido-setup.exe
Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour.
Clique sur scanner puis sur scan complet du système. colle le resultat d'edwido ici suivi d'un log hijack
@+++++++++
Re,
j'ai suivi les toutes les étapes. voila le rapport de scan de edwido :
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 15:51:05, 1/17/2006
+ Somme de contrôle: 25955C60
+ Résultats du scan:
HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Altnet\TopSearch -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\CLSID\{014DA6CB-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -> Spyware.Azsearch : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\CLSID\{DC341F1B-EC77-47BE-8F58-96E83861CC5A} -> Spyware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Spyware.MoneyTree : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Spyware.MoneyTree : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Spyware.MoneyTree : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Spyware.MoneyTree : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} -> Spyware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001} -> Spyware.SafeSurfing : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543} -> Spyware.SideFind : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F} -> Spyware.SideFind : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ISTx.Installer -> Spyware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ISTx.Installer\CLSID -> Spyware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TypeLib\{014DA6C0-189F-421A-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB} -> Spyware.MoneyTree : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671} -> Spyware.SideFind : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} -> Spyware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36} -> Spyware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA} -> Spyware.SideFind : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\WUSN.1 -> Spyware.SaveNow : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools -> Spyware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\HbTools -> Spyware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\HbTools\PI -> Spyware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\HbTools\PI\3.2 -> Spyware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\Hotbar -> Spyware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\Hotbar\Install -> Spyware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\ISTsvc -> Spyware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\ISTsvc\history -> Spyware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\MainPean Highspeed -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} -> Spyware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\SideFind -> Spyware.SideFind : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall -> Spyware.Need2Find : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Spyware.MoneyTree : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Spyware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Nettoyer et sauvegarder
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Nettoyer et sauvegarder
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Nettoyer et sauvegarder
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Nettoyer et sauvegarder
HKLM\SOFTWARE\sais -> Spyware.180Solutions : Nettoyer et sauvegarder
HKU\S-1-5-21-1409082233-1801674531-725345543-1013\Software\Avenue Media -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKU\S-1-5-21-1409082233-1801674531-725345543-1013\Software\IST -> Spyware.ISTBar : Nettoyer et sauvegarder
HKU\S-1-5-21-1409082233-1801674531-725345543-1013\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Nettoyer et sauvegarder
HKU\S-1-5-21-1409082233-1801674531-725345543-1013\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKU\S-1-5-21-1409082233-1801674531-725345543-1013\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKU\S-1-5-21-1409082233-1801674531-725345543-1013\Software\PowerScan -> Spyware.PowerScan : Nettoyer et sauvegarder
HKU\S-1-5-21-1409082233-1801674531-725345543-1013\Software\WhenU -> Spyware.SaveNow : Nettoyer et sauvegarder
C:\a.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\MORATEL.SERVEUR\Cookies\moratel@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
C:\Program Files\AVPersonal\INFECTED\istsvc.VIR -> Downloader.IstBar : Nettoyer et sauvegarder
C:\Program Files\AVPersonal\INFECTED\istsvc.VIR00 -> Downloader.IstBar : Nettoyer et sauvegarder
C:\Program Files\AVPersonal\INFECTED\istsvc.VIR01 -> Downloader.IstBar : Nettoyer et sauvegarder
C:\Program Files\AVPersonal\INFECTED\winupdates.VIR -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\ISTsvc -> Spyware.ISTBar : Nettoyer et sauvegarder
C:\WINNT\azesearch.bmp -> Adware.Azesearch : Nettoyer et sauvegarder
C:\WINNT\Downloaded Program Files\UWFX5V_0001_N57M1212NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Nettoyer et sauvegarder
C:\WINNT\NDNuninstall6_98.exe -> Adware.NewDotNet : Nettoyer et sauvegarder
C:\WINNT\NDNuninstall7_14.exe -> Adware.NewDotNet : Nettoyer et sauvegarder
C:\WINNT\shginas1.dll -> Spyware.MoneyGainer : Nettoyer et sauvegarder
C:\WINNT\system32\azesearch4.ocx -> Spyware.AzSearch : Nettoyer et sauvegarder
C:\WINNT\system32\ccrpbds6b.dll -> Adware.MoneyGainer : Nettoyer et sauvegarder
C:\WINNT\system32\P2P Networking -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\WINNT\system32\P2P Networking\Cache -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\WINNT\system32\P2P Networking\Cache\Database -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\WINNT\system32\P2P Networking\Cache\Database\file-10000-0xb6e3fdc669cab9a5ddd5442744c33b1e.sig -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\WINNT\system32\P2P Networking\Cache\Database\file-10000-0xcce1eb975a834b1b0ed5a2fff50c3997.sig -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\WINNT\system32\P2P Networking\Cache\Database\file-10001-105.sig -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\WINNT\system32\P2P Networking\Cache\Database\file-10001-3342323397.sig -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\WINNT\system32\P2P Networking\Cache\Database\file-1005-1020048.sig -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\WINNT\system32\P2P Networking\Cache\Database\index256.dbb -> Spyware.P2PNetworking : Nettoyer et sauvegarder
D:\Telechargement\!estimated jackpot .zip/SetupMonacoGold.exe -> Adware.Casino : Nettoyer et sauvegarder
D:\Telechargement\!board of estimate.zip/SetupMonacoGold.exe -> Adware.Casino : Nettoyer et sauvegarder
D:\Telechargement\GRAVAGE\Hackers\complete set of hacking tools and manuals [html and txt ebooks, and programs]\complete_set_hacking_tools+manuals\hacking_tools\wingatespoof_hlp.zip/UHANFO.EXE -> Trojan.DOS.ControlDuSockets.a : Nettoyer et sauvegarder
D:\Telechargement\GRAVAGE\Hackers\hacking tool from FBI - cracks servers, password searching, steal\complete set of hacking tools and manuals [html and txt ebooks, and programs]\complete_set_hacking_tools+manuals\hacking_tools\hvlscan.zip/UHANFO.EXE -> Trojan.DOS.ControlDuSockets.a : Nettoyer et sauvegarder
D:\Telechargement\GRAVAGE\Hackers\hacking tool from FBI - cracks servers, password searching, steal\complete set of hacking tools and manuals [html and txt ebooks, and programs]\complete_set_hacking_tools+manuals\hacking_tools\wingatespoof_hlp.zip/UHANFO.EXE -> Trojan.DOS.ControlDuSockets.a : Nettoyer et sauvegarder
D:\Telechargement\All soft for hack er!!!(sub7, brutus, schoolbus, xmas2001, mailbomber, atomicmail, gencb, icqsnifferip, scanner...) -_- by Seth6\backorifice.zip/FREEZE.EXE -> Trojan.BackOrifice.Freeze : Nettoyer et sauvegarder
D:\Telechargement\All soft for hack er!!!(sub7, brutus, schoolbus, xmas2001, mailbomber, atomicmail, gencb, icqsnifferip, scanner...) -_- by Seth6\backorifice.zip/MELT.EXE -> Trojan.BackOrifice.Melt : Nettoyer et sauvegarder
D:\Telechargement\All soft for hack er!!!(sub7, brutus, schoolbus, xmas2001, mailbomber, atomicmail, gencb, icqsnifferip, scanner...) -_- by Seth6\wwwhack.zip/patch.exe -> Not-A-Virus.HackTool.WwwHack.a : Nettoyer et sauvegarder
F:\telechargement\ADSL Speed 1.0.8.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
::Fin du rapport
Qu'est ce que je dois faire?
Merci pour votre aide.
j'ai suivi les toutes les étapes. voila le rapport de scan de edwido :
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 15:51:05, 1/17/2006
+ Somme de contrôle: 25955C60
+ Résultats du scan:
HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Altnet\TopSearch -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\CLSID\{014DA6CB-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -> Spyware.Azsearch : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\CLSID\{DC341F1B-EC77-47BE-8F58-96E83861CC5A} -> Spyware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Spyware.MoneyTree : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Spyware.MoneyTree : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Spyware.MoneyTree : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Spyware.MoneyTree : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} -> Spyware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001} -> Spyware.SafeSurfing : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543} -> Spyware.SideFind : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F} -> Spyware.SideFind : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ISTx.Installer -> Spyware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ISTx.Installer\CLSID -> Spyware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Spyware.Altnet : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TypeLib\{014DA6C0-189F-421A-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB} -> Spyware.MoneyTree : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671} -> Spyware.SideFind : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} -> Spyware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36} -> Spyware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA} -> Spyware.SideFind : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\WUSN.1 -> Spyware.SaveNow : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools -> Spyware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\HbTools -> Spyware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\HbTools\PI -> Spyware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\HbTools\PI\3.2 -> Spyware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\Hotbar -> Spyware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\Hotbar\Install -> Spyware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\ISTsvc -> Spyware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\ISTsvc\history -> Spyware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\MainPean Highspeed -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} -> Spyware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\SideFind -> Spyware.SideFind : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall -> Spyware.Need2Find : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Spyware.MoneyTree : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Spyware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Nettoyer et sauvegarder
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Nettoyer et sauvegarder
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Nettoyer et sauvegarder
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Nettoyer et sauvegarder
HKLM\SOFTWARE\sais -> Spyware.180Solutions : Nettoyer et sauvegarder
HKU\S-1-5-21-1409082233-1801674531-725345543-1013\Software\Avenue Media -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKU\S-1-5-21-1409082233-1801674531-725345543-1013\Software\IST -> Spyware.ISTBar : Nettoyer et sauvegarder
HKU\S-1-5-21-1409082233-1801674531-725345543-1013\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Nettoyer et sauvegarder
HKU\S-1-5-21-1409082233-1801674531-725345543-1013\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKU\S-1-5-21-1409082233-1801674531-725345543-1013\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
HKU\S-1-5-21-1409082233-1801674531-725345543-1013\Software\PowerScan -> Spyware.PowerScan : Nettoyer et sauvegarder
HKU\S-1-5-21-1409082233-1801674531-725345543-1013\Software\WhenU -> Spyware.SaveNow : Nettoyer et sauvegarder
C:\a.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
C:\Documents and Settings\MORATEL.SERVEUR\Cookies\moratel@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
C:\Program Files\AVPersonal\INFECTED\istsvc.VIR -> Downloader.IstBar : Nettoyer et sauvegarder
C:\Program Files\AVPersonal\INFECTED\istsvc.VIR00 -> Downloader.IstBar : Nettoyer et sauvegarder
C:\Program Files\AVPersonal\INFECTED\istsvc.VIR01 -> Downloader.IstBar : Nettoyer et sauvegarder
C:\Program Files\AVPersonal\INFECTED\winupdates.VIR -> Worm.VB.an : Nettoyer et sauvegarder
C:\Program Files\ISTsvc -> Spyware.ISTBar : Nettoyer et sauvegarder
C:\WINNT\azesearch.bmp -> Adware.Azesearch : Nettoyer et sauvegarder
C:\WINNT\Downloaded Program Files\UWFX5V_0001_N57M1212NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Nettoyer et sauvegarder
C:\WINNT\NDNuninstall6_98.exe -> Adware.NewDotNet : Nettoyer et sauvegarder
C:\WINNT\NDNuninstall7_14.exe -> Adware.NewDotNet : Nettoyer et sauvegarder
C:\WINNT\shginas1.dll -> Spyware.MoneyGainer : Nettoyer et sauvegarder
C:\WINNT\system32\azesearch4.ocx -> Spyware.AzSearch : Nettoyer et sauvegarder
C:\WINNT\system32\ccrpbds6b.dll -> Adware.MoneyGainer : Nettoyer et sauvegarder
C:\WINNT\system32\P2P Networking -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\WINNT\system32\P2P Networking\Cache -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\WINNT\system32\P2P Networking\Cache\Database -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\WINNT\system32\P2P Networking\Cache\Database\file-10000-0xb6e3fdc669cab9a5ddd5442744c33b1e.sig -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\WINNT\system32\P2P Networking\Cache\Database\file-10000-0xcce1eb975a834b1b0ed5a2fff50c3997.sig -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\WINNT\system32\P2P Networking\Cache\Database\file-10001-105.sig -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\WINNT\system32\P2P Networking\Cache\Database\file-10001-3342323397.sig -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\WINNT\system32\P2P Networking\Cache\Database\file-1005-1020048.sig -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\WINNT\system32\P2P Networking\Cache\Database\index256.dbb -> Spyware.P2PNetworking : Nettoyer et sauvegarder
D:\Telechargement\!estimated jackpot .zip/SetupMonacoGold.exe -> Adware.Casino : Nettoyer et sauvegarder
D:\Telechargement\!board of estimate.zip/SetupMonacoGold.exe -> Adware.Casino : Nettoyer et sauvegarder
D:\Telechargement\GRAVAGE\Hackers\complete set of hacking tools and manuals [html and txt ebooks, and programs]\complete_set_hacking_tools+manuals\hacking_tools\wingatespoof_hlp.zip/UHANFO.EXE -> Trojan.DOS.ControlDuSockets.a : Nettoyer et sauvegarder
D:\Telechargement\GRAVAGE\Hackers\hacking tool from FBI - cracks servers, password searching, steal\complete set of hacking tools and manuals [html and txt ebooks, and programs]\complete_set_hacking_tools+manuals\hacking_tools\hvlscan.zip/UHANFO.EXE -> Trojan.DOS.ControlDuSockets.a : Nettoyer et sauvegarder
D:\Telechargement\GRAVAGE\Hackers\hacking tool from FBI - cracks servers, password searching, steal\complete set of hacking tools and manuals [html and txt ebooks, and programs]\complete_set_hacking_tools+manuals\hacking_tools\wingatespoof_hlp.zip/UHANFO.EXE -> Trojan.DOS.ControlDuSockets.a : Nettoyer et sauvegarder
D:\Telechargement\All soft for hack er!!!(sub7, brutus, schoolbus, xmas2001, mailbomber, atomicmail, gencb, icqsnifferip, scanner...) -_- by Seth6\backorifice.zip/FREEZE.EXE -> Trojan.BackOrifice.Freeze : Nettoyer et sauvegarder
D:\Telechargement\All soft for hack er!!!(sub7, brutus, schoolbus, xmas2001, mailbomber, atomicmail, gencb, icqsnifferip, scanner...) -_- by Seth6\backorifice.zip/MELT.EXE -> Trojan.BackOrifice.Melt : Nettoyer et sauvegarder
D:\Telechargement\All soft for hack er!!!(sub7, brutus, schoolbus, xmas2001, mailbomber, atomicmail, gencb, icqsnifferip, scanner...) -_- by Seth6\wwwhack.zip/patch.exe -> Not-A-Virus.HackTool.WwwHack.a : Nettoyer et sauvegarder
F:\telechargement\ADSL Speed 1.0.8.zip/Setup.exe -> Worm.VB.an : Nettoyer et sauvegarder
::Fin du rapport
Qu'est ce que je dois faire?
Merci pour votre aide.
salut aranjuez31 et jpdeclermont :)
salut nancy post un hijack pour voir si tout est parti
@+++++++++
salut nancy post un hijack pour voir si tout est parti
@+++++++++
salut tout le monde
voila le rapport de hijack :
Logfile of HijackThis v1.99.1
Scan saved at 16:31:58, on 1/17/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nokia\Connectivity Server\bin\mediator.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Nokia\Connectivity Server\bin\zimu.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\WinRoute Pro\winroute.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\system32\mqsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MORATE~1.SER\LOCALS~1\Temp\Rar$EX00.375\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F0 - system.ini: Shell=Explorer.exe C:\WINNT\system32\winmgd.win
F1 - win.ini: run=C:\WINNT\system32\mouse_configurator.win
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [McSpyVirusMap] c:\progra~1\mcafee\MCAFEE~1\McSpy.exe /cmd:VirusMap
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O12 - Plugin for .m14: C:\Program Files\Internet Explorer\plugins\NPEdoc32.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BCD663F-9B2F-4C21-8AEC-607E43871376}: NameServer = 212.217.65.13 212.217.65.10
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Nokia TETRA Connectivity Server Manager (mediator) - Nokia Oyj - C:\Program Files\Nokia\Connectivity Server\bin\mediator.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: WinRoute Pro 4.2 (WinRoute) - Unknown owner - C:\Program Files\WinRoute Pro\winroute.exe
est ce qu'il reste encore des infection ?
merci pour votre aide
voila le rapport de hijack :
Logfile of HijackThis v1.99.1
Scan saved at 16:31:58, on 1/17/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nokia\Connectivity Server\bin\mediator.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Nokia\Connectivity Server\bin\zimu.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\WinRoute Pro\winroute.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\system32\mqsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MORATE~1.SER\LOCALS~1\Temp\Rar$EX00.375\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F0 - system.ini: Shell=Explorer.exe C:\WINNT\system32\winmgd.win
F1 - win.ini: run=C:\WINNT\system32\mouse_configurator.win
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [McSpyVirusMap] c:\progra~1\mcafee\MCAFEE~1\McSpy.exe /cmd:VirusMap
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O12 - Plugin for .m14: C:\Program Files\Internet Explorer\plugins\NPEdoc32.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BCD663F-9B2F-4C21-8AEC-607E43871376}: NameServer = 212.217.65.13 212.217.65.10
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Nokia TETRA Connectivity Server Manager (mediator) - Nokia Oyj - C:\Program Files\Nokia\Connectivity Server\bin\mediator.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: WinRoute Pro 4.2 (WinRoute) - Unknown owner - C:\Program Files\WinRoute Pro\winroute.exe
est ce qu'il reste encore des infection ?
merci pour votre aide
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ben t'as du boulot là, jess
salut aranjuez :)
-------------------------------
... WinErr 01B : Erreur illégale - Windows ne vous a pas autorisé à avoir cette erreur