Mon log hijackthi pour un trojan elitebar

Résolu
sammmm47 Messages postés 14 Statut Membre -  
 Utilisateur anonyme -
bonjour tout le monde
je suis embeté par un virus betalire
j ai telechargé
cleanup
ad awar
spyboot
et a2 free

merci d avance a tous ceux qui m aideront

Logfile of HijackThis v1.99.1
Scan saved at 18:17:27, on 09/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Office Mouse\moffice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Office Mouse\MOUSE32A.DAT
C:\Program Files\Changeur de fond d'écran\Data\CFE TrayIcon.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Mes documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows update] C:\WINDOWS\system32\udupdate.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] C:\WINDOWS\system32\Battlefield2 .exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Office Mouse\moffice.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Startup: CFE TrayIcon.lnk = ?
O4 - Startup: CFE.lnk = ?
O4 - Startup: Groom Agent.lnk = C:\Program Files\ZonejeuX\GRoom\GroomAgent.exe
O4 - Startup: TribalWeb.net.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
Configuration: windows xp pack pros

5 réponses

  1. Utilisateur anonyme
     
    Bonjour,

    Méthode à suivre dans l'ordre...

    Rend toi sur ce site :
    http://www.virustotal.com/xhtml/virustotal_en.html
    Clik sur parcourir
    Recherche ceci :
    C:\WINDOWS\system32\Battlefield2 .exe
    Clik send et colle le rapport stp

    ----------------------------------------------------------------------------
    ¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

    1/

    Spybot S&D 1.4 <<nouvelle version.
    http://www.safer-networking.org/fr/index.html

    Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    2/

    Ad-Aware SE 1.06 <<nouvelle version.
    http://www.lavasoftusa.com/software/adaware/
    -Une aide:
    http://www.tutopat.com/viewtopic.php?t=1191
    - installe le patch français, tu pourras le trouver ici:
    http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
    et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
    http://pageperso.aol.fr/balltrap34/adawrevid.asf

    3/ Ewido:
    http://download.ewido.net/ewido-setup.exe

    Installation puis mises à jour.

    4/ Ccleaner :

    http://www.pcastuces.com/logitheque/ccleaner.htm
    ----------------------------------------------------------------------------
    ¤Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !
    ----------------------------------------------------------------------------
    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    O4 - HKLM\..\Run: [Windows update] C:\WINDOWS\system32\udupdate.exe

    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] C:\WINDOWS\system32\Battlefield2 .exe

    ----------------------------------------------------------------------------
    ¤Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    ¤Vide tes fichiers temps et temporary internet file:

    :: Supprimer les fichiers temporaires ::
    vider tout le contenu de ces dossiers.

    * C:\Documents and Settings\ton compte\Local Settings\Temp
    * C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
    * C:\Windows\Temp

    :: Le contenu du dossier prefetch ::

    * C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

    * Ne pas oublier de vider la corbeille !
    ----------------------------------------------------------------------------
    ¤Recherche et supprime ceci:
    attention seulement les fichiers (si présents).

    C:\WINDOWS\system32\udupdate.exe
    C:\WINDOWS\system32\Battlefield2 .exe <--- si l analyse en ligne indique partout no found, (1ere manip que tu as fait sur le site) tu ne le supprimes pas.Par contre s il indique un nom de malware, supprimes le !

    ----------------------------------------------------------------------------
    ¤ Lancer et exécuter Ewido pour un scan complet et copier/coller le rapport en forum.
    ----------------------------------------------------------------------------
    ¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
    ----------------------------------------------------------------------------
    ¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
    -------------------------------------------------------------------------------------------
    ¤ Lance le nettoyage avec CCleaner.
    ----------------------------------------------------------------------------
    ¤ Vide ta Corbeille.
    ----------------------------------------------------------------------------
    ¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

    Précise tes soucis s’il en reste....

    Tiens-moi au courant

    A+
    0
    1. sammmm47 Messages postés 14 Statut Membre
       
      salut
      voila mon log puis le rapport ewido

      Logfile of HijackThis v1.99.1
      Scan saved at 21:51:58, on 09/02/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
      C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Office Mouse\moffice.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      C:\Program Files\POP Peeper\POPPeeper.exe
      C:\Program Files\ewido anti-malware\ewidoctrl.exe
      C:\Program Files\Office Mouse\MOUSE32A.DAT
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\a-squared\a2guard.exe
      C:\Program Files\ewido anti-malware\ewidoguard.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Changeur de fond d'écran\Data\CFE TrayIcon.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LVComS.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\ZonejeuX\GRoom\GroomAgent.exe
      C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
      C:\Program Files\Logitech\Video\LowLight.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\Administrateur\Mes documents\hijackthis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
      O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Office Mouse\moffice.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
      O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
      O4 - Startup: CFE TrayIcon.lnk = ?
      O4 - Startup: CFE.lnk = ?
      O4 - Startup: Groom Agent.lnk = C:\Program Files\ZonejeuX\GRoom\GroomAgent.exe
      O4 - Startup: TribalWeb.net.lnk = ?
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
      O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe




      ewido anti-malware - Rapport de scan
      ---------------------------------------------------------

      + Créé le: 20:11:20, 09/02/2006
      + Somme de contrôle: 7CDC6798

      + Résultats du scan:

      HKLM\SOFTWARE\HbTools -> Adware.HotBar : Nettoyer et sauvegarder
      HKLM\SOFTWARE\HbTools\HbTools -> Adware.HotBar : Nettoyer et sauvegarder
      HKLM\SOFTWARE\HbTools\HbTools\PI -> Adware.HotBar : Nettoyer et sauvegarder
      HKLM\SOFTWARE\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Nettoyer et sauvegarder
      HKLM\SOFTWARE\HbTools\Hotbar -> Adware.HotBar : Nettoyer et sauvegarder
      HKLM\SOFTWARE\HbTools\Hotbar\Install -> Adware.HotBar : Nettoyer et sauvegarder
      C:\Documents and Settings\Administrateur\Mes documents\telechargements\ecran de veille\Fireworks_s_Inst-58.exe -> Adware.Gator : Nettoyer et sauvegarder
      C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1MSXYXMH\EliteBar61[1].dll -> Adware.EliteBar : Nettoyer et sauvegarder
      C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MH0Z0TQZ\pre8[1].exe -> Trojan.EliteBar.d : Nettoyer et sauvegarder
      C:\WINDOWS\system32\username.exe -> Dropper.Agent.xc : Nettoyer et sauvegarder


      ::Fin du rapport
      j espere que tu vas trouver quelque chose merci
      0
  2. Utilisateur anonyme
     
    salut

    ou en sont tes soucis?

    Si tu as un soucis avec ezula. A la fin du scan d adaware, tu as l onglet rapport, copie/colle moi ce qu il y a

    a+
    0
  3. sammmm47 Messages postés 14 Statut Membre
     
    salut regis59 et merci de me repondre

    je te met le rapport de ad aware et le rapport de a-squared
    je pense qu il y a toujours un souci car l ordi rame toujours autant voir plus

    Ad-Aware SE Build 1.06r1
    Logfile Created on:vendredi 10 février 2006 12:36:02
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R91 08.02.2006
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    EzuLa(TAC index:6):1 total references
    MRU List(TAC index:0):11 total references
    Tracking Cookie(TAC index:3):6 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan within archives
    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects

    10-02-2006 12:36:02 - Scan started. (Full System Scan)

    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct3d

    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct X

    MRU List Object Recognized!
    Location: : software\microsoft\directdraw\mostrecentapplication
    Description : most recent application to use microsoft directdraw

    MRU List Object Recognized!
    Location: : S-1-5-21-1417001333-573735546-839522115-500\software\microsoft\directinput\mostrecentapplication
    Description : most recent application to use microsoft directinput

    MRU List Object Recognized!
    Location: : S-1-5-21-1417001333-573735546-839522115-500\software\microsoft\directinput\mostrecentapplication
    Description : most recent application to use microsoft directinput

    MRU List Object Recognized!
    Location: : S-1-5-21-1417001333-573735546-839522115-500\software\microsoft\internet explorer\typedurls
    Description : list of recently entered addresses in microsoft internet explorer

    MRU List Object Recognized!
    Location: : S-1-5-21-1417001333-573735546-839522115-500\software\microsoft\mediaplayer\player\recentfilelist
    Description : list of recently used files in microsoft windows media player

    MRU List Object Recognized!
    Location: : S-1-5-21-1417001333-573735546-839522115-500\software\microsoft\mediaplayer\preferences
    Description : last playlist index loaded in microsoft windows media player

    MRU List Object Recognized!
    Location: : S-1-5-21-1417001333-573735546-839522115-500\software\microsoft\mediaplayer\preferences
    Description : last playlist loaded in microsoft windows media player

    MRU List Object Recognized!
    Location: : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement
    Description : nvidia nview cached application window positions

    MRU List Object Recognized!
    Location: : S-1-5-21-1417001333-573735546-839522115-500\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk

    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 600
    ThreadCreationTime : 10-02-2006 00:53:32
    BasePriority : Normal

    #:2 [csrss.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 820
    ThreadCreationTime : 10-02-2006 00:53:36
    BasePriority : Normal

    #:3 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 844
    ThreadCreationTime : 10-02-2006 00:53:37
    BasePriority : High

    #:4 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 888
    ThreadCreationTime : 10-02-2006 00:53:39
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Applications Services et Contrôleur
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : services.exe

    #:5 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 900
    ThreadCreationTime : 10-02-2006 00:53:39
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1056
    ThreadCreationTime : 10-02-2006 00:53:41
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:7 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1116
    ThreadCreationTime : 10-02-2006 00:53:42
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:8 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1260
    ThreadCreationTime : 10-02-2006 00:53:42
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:9 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1408
    ThreadCreationTime : 10-02-2006 00:53:43
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:10 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1488
    ThreadCreationTime : 10-02-2006 00:53:43
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:11 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 1744
    ThreadCreationTime : 10-02-2006 00:53:45
    BasePriority : Normal
    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 6.00.2900.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Explorateur Windows
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : EXPLORER.EXE

    #:12 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1852
    ThreadCreationTime : 10-02-2006 00:53:46
    BasePriority : Normal
    FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
    ProductVersion : 5.1.2600.2696
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : spoolsv.exe

    #:13 [soundman.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 2036
    ThreadCreationTime : 10-02-2006 00:53:48
    BasePriority : Normal
    FileVersion : 5.1.14
    ProductVersion : 5.1.14
    ProductName : Realtek Sound Manager
    CompanyName : Realtek Semiconductor Corp.
    FileDescription : Realtek Sound Manager
    InternalName : ALSMTray
    LegalCopyright : Copyright (c) 2001-2003 Realtek Semiconductor Corp.
    OriginalFilename : ALSMTray.exe
    Comments : Realtek AC97 Audio Sound Manager

    #:14 [logitray.exe]
    FilePath : C:\Program Files\Logitech\Video\
    ProcessID : 156
    ThreadCreationTime : 10-02-2006 00:53:48
    BasePriority : Normal
    FileVersion : 8.0.3.1112
    ProductVersion : 8.0.3.1112
    ProductName : Logitech QuickCam
    CompanyName : Logitech Inc.
    FileDescription : ImageStudio Tray Application
    InternalName : LogiTray.exe
    LegalCopyright : (c) 1996-2003 Logitech. All rights reserved.
    OriginalFilename : LogiTray.exe

    #:15 [realsched.exe]
    FilePath : C:\Program Files\Fichiers communs\Real\Update_OB\
    ProcessID : 196
    ThreadCreationTime : 10-02-2006 00:53:48
    BasePriority : Normal
    FileVersion : 0.1.0.3427
    ProductVersion : 0.1.0.3427
    ProductName : RealPlayer (32-bit)
    CompanyName : RealNetworks, Inc.
    FileDescription : RealNetworks Scheduler
    InternalName : schedapp
    LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
    LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
    OriginalFilename : realsched.exe

    #:16 [qttask.exe]
    FilePath : C:\Program Files\QuickTime\
    ProcessID : 212
    ThreadCreationTime : 10-02-2006 00:53:48
    BasePriority : Normal
    FileVersion : 7.0.3
    ProductVersion : QuickTime 7.0.3
    ProductName : QuickTime
    CompanyName : Apple Computer, Inc.
    FileDescription : QuickTime Task
    InternalName : QuickTime Task
    LegalCopyright : Copyright Apple Computer, Inc. 1989-2005
    OriginalFilename : QTTask.exe

    #:17 [cavtray.exe]
    FilePath : C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\
    ProcessID : 224
    ThreadCreationTime : 10-02-2006 00:53:49
    BasePriority : Normal
    FileVersion : Version 11.0.1.6
    ProductVersion : Version 11.0.1.6
    ProductName : Computer Associates Antivirus
    CompanyName : Computer Associates International, Inc.
    FileDescription : CA Antivirus System Tray Application
    InternalName : CAVTray
    LegalCopyright : © 2004 Computer Associates International, Inc.
    LegalTrademarks : Trademark of Computer Associates International, Inc.
    OriginalFilename : CAVTray.exe

    #:18 [cavrid.exe]
    FilePath : C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\
    ProcessID : 232
    ThreadCreationTime : 10-02-2006 00:53:49
    BasePriority : Normal
    FileVersion : Version 11.0.1.6
    ProductVersion : Version 11.0.1.6
    ProductName : Computer Associates Antivirus
    CompanyName : Computer Associates International, Inc.
    FileDescription : CA Antivirus Realtime Infection Report
    InternalName : CAVRid
    LegalCopyright : © 2004 Computer Associates International, Inc.
    LegalTrademarks : Trademark of Computer Associates International, Inc.
    OriginalFilename : CAVRid.exe

    #:19 [rundll32.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 284
    ThreadCreationTime : 10-02-2006 00:53:50
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Exécuter une DLL en tant qu'application
    InternalName : rundll
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : RUNDLL.EXE

    #:20 [moffice.exe]
    FilePath : C:\Program Files\Office Mouse\
    ProcessID : 292
    ThreadCreationTime : 10-02-2006 00:53:50
    BasePriority : Normal
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    ProductName : MOffice Application
    FileDescription : MOffice MFC Application
    InternalName : MOffice
    LegalCopyright : Copyright (C) 2002
    OriginalFilename : MOffice.EXE

    #:21 [ctfmon.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 308
    ThreadCreationTime : 10-02-2006 00:53:51
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : CTF Loader
    InternalName : CTFMON
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : CTFMON.EXE

    #:22 [poppeeper.exe]
    FilePath : C:\Program Files\POP Peeper\
    ProcessID : 324
    ThreadCreationTime : 10-02-2006 00:53:51
    BasePriority : Normal
    FileVersion : 2, 4, 3, 0
    ProductVersion : 2, 4, 3, 0
    ProductName : POPPeeper Application
    CompanyName : Mortal Universe
    FileDescription : POP Peeper
    InternalName : POPPeeper
    LegalCopyright : Copyright (C) 2001-2005
    OriginalFilename : POPPeeper.EXE

    #:23 [a2guard.exe]
    FilePath : C:\Program Files\a-squared\
    ProcessID : 336
    ThreadCreationTime : 10-02-2006 00:53:51
    BasePriority : Normal

    #:24 [mouse32a.dat]
    FilePath : C:\Program Files\Office Mouse\
    ProcessID : 464
    ThreadCreationTime : 10-02-2006 00:53:53
    BasePriority : High
    FileVersion : 3.0.1.0
    ProductVersion : 3.0.0.0
    LegalCopyright : Copyright 2001 by LEE,WEI-BIN.

    #:25 [cdac11ba.exe]
    FilePath : C:\WINDOWS\system32\drivers\
    ProcessID : 520
    ThreadCreationTime : 10-02-2006 00:53:55
    BasePriority : Normal
    FileVersion : 4.20.020
    ProductVersion : 4.20.020 Windows NT 2002/12/10
    ProductName : SafeCast Windows NT
    CompanyName : Macrovision
    FileDescription : Macrovision RTS Service
    InternalName : CDANTSRV
    LegalCopyright : Copyright (c) 1998-2002 Macrovision Corp.
    OriginalFilename : CDANTSRV.EXE
    Comments : StringFileInfo: U.S. English

    #:26 [rundll32.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 544
    ThreadCreationTime : 10-02-2006 00:53:56
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Exécuter une DLL en tant qu'application
    InternalName : rundll
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : RUNDLL.EXE

    #:27 [isafe.exe]
    FilePath : C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\
    ProcessID : 552
    ThreadCreationTime : 10-02-2006 00:53:56
    BasePriority : Normal
    FileVersion : Version 11.0.1.6
    ProductVersion : Version 11.0.1.6
    ProductName : Computer Associates Antivirus
    CompanyName : Computer Associates International, Inc.
    FileDescription : CA ISafe Service
    InternalName : ISafe
    LegalCopyright : © 2004 Computer Associates International, Inc.
    LegalTrademarks : Trademark of Computer Associates International, Inc.
    OriginalFilename : ISafe.exe

    #:28 [ewidoctrl.exe]
    FilePath : C:\Program Files\ewido anti-malware\
    ProcessID : 724
    ThreadCreationTime : 10-02-2006 00:53:57
    BasePriority : Normal
    FileVersion : 3, 0, 0, 1
    ProductVersion : 3, 0, 0, 1
    ProductName : ewido control
    CompanyName : ewido networks
    FileDescription : ewido control
    InternalName : ewido control
    LegalCopyright : Copyright © 2004
    OriginalFilename : ewidoctrl.exe

    #:29 [ewidoguard.exe]
    FilePath : C:\Program Files\ewido anti-malware\
    ProcessID : 148
    ThreadCreationTime : 10-02-2006 00:54:00
    BasePriority : Normal
    FileVersion : 3, 0, 0, 1
    ProductVersion : 3, 0, 0, 1
    ProductName : guard
    CompanyName : ewido networks
    FileDescription : guard
    InternalName : guard
    LegalCopyright : Copyright © 2004
    OriginalFilename : guard.exe

    #:30 [nvsvc32.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1424
    ThreadCreationTime : 10-02-2006 00:54:08
    BasePriority : Normal
    FileVersion : 6.14.10.7777
    ProductVersion : 6.14.10.7777
    ProductName : NVIDIA Driver Helper Service, Version 77.77
    CompanyName : NVIDIA Corporation
    FileDescription : NVIDIA Driver Helper Service, Version 77.77
    InternalName : NVSVC
    LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
    OriginalFilename : nvsvc32.exe

    #:31 [starwindservice.exe]
    FilePath : C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\
    ProcessID : 1468
    ThreadCreationTime : 10-02-2006 00:54:10
    BasePriority : Normal
    FileVersion : 2.6.1 Build 0x20050401
    ProductVersion : 2.6.1 Build 0x20050401
    ProductName : StarWind
    CompanyName : Rocket Division Software
    FileDescription : StarWind iSCSI Target (Alcohol Edition)
    InternalName : StarWind
    LegalCopyright : Copyright (c) Rocket Division Software 2003-2005. All rights reserved.
    OriginalFilename : StarWind

    #:32 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1520
    ThreadCreationTime : 10-02-2006 00:54:11
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:33 [lvcoms.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1268
    ThreadCreationTime : 10-02-2006 00:54:19
    BasePriority : Normal
    FileVersion : 8.0.3.1110
    ProductVersion : 8.0.3.1110
    ProductName : Logitech QuickCam
    CompanyName : Logitech Inc.
    FileDescription : LVCom Server
    InternalName : LVComS.exe
    LegalCopyright : (c) 1996-2003 Logitech. All rights reserved.
    OriginalFilename : LVComS.exe

    #:34 [wdfmgr.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 2028
    ThreadCreationTime : 10-02-2006 00:54:19
    BasePriority : Normal
    FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
    ProductVersion : 5.2.3790.1230
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows User Mode Driver Manager
    InternalName : WdfMgr
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : WdfMgr.exe

    #:35 [lowlight.exe]
    FilePath : C:\Program Files\Logitech\Video\
    ProcessID : 1196
    ThreadCreationTime : 10-02-2006 00:54:29
    BasePriority : Normal
    FileVersion : 8.0.3.1112
    ProductVersion : 8.0.3.1112
    ProductName : Logitech QuickCam
    CompanyName : Logitech Inc.
    FileDescription : Automatic Low Light Module
    InternalName : LowLight.exe
    LegalCopyright : (c) 1996-2003 Logitech. All rights reserved.
    OriginalFilename : LowLight.exe

    #:36 [alg.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 2280
    ThreadCreationTime : 10-02-2006 00:54:56
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Application Layer Gateway Service
    InternalName : ALG.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : ALG.exe

    #:37 [emule.exe]
    FilePath : C:\Program Files\eMule\
    ProcessID : 3932
    ThreadCreationTime : 10-02-2006 03:09:09
    BasePriority : Normal
    FileVersion : 0.46.2 Unicode
    ProductVersion : 0.46.2 Unicode
    ProductName : eMule
    CompanyName : http://www.emule-project.net
    FileDescription : eMule
    InternalName : emule.exe
    LegalCopyright : Copyright © 2002-2005 Merkur - read license.txt for more infos
    OriginalFilename : emule.exe

    #:38 [vetmsg.exe]
    FilePath : C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\
    ProcessID : 2508
    ThreadCreationTime : 10-02-2006 07:41:08
    BasePriority : Normal
    FileVersion : Version 11.0.1.6
    ProductVersion : Version 11.0.1.6
    ProductName : Computer Associates Antivirus
    CompanyName : Computer Associates International, Inc.
    FileDescription : CA Antivirus Realtime Messaging Service
    InternalName : vetmsg
    LegalCopyright : © 2004 Computer Associates International, Inc.
    LegalTrademarks : Trademark of Computer Associates International, Inc.
    OriginalFilename : vetmsg.exe

    #:39 [iexplore.exe]
    FilePath : C:\Program Files\Internet Explorer\
    ProcessID : 2680
    ThreadCreationTime : 10-02-2006 11:34:24
    BasePriority : Normal
    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 6.00.2900.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Internet Explorer
    InternalName : iexplore
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : IEXPLORE.EXE

    #:40 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID : 2544
    ThreadCreationTime : 10-02-2006 11:35:42
    BasePriority : Normal
    FileVersion : 6.2.0.236
    ProductVersion : SE 106
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft AB Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 11

    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    EzuLa Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 6
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : clsid\{0288b94b-0288-b94b-0288-b94b0288b94b}

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 1
    Objects found so far: 12

    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 12

    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : administrateur@www.cibleclick[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:administrateur@www.cibleclick.com/
    Expires : 27-09-2037 01:00:00
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : administrateur@www.smartadserver[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:administrateur@www.smartadserver.com/
    Expires : 27-11-2010
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : administrateur@qksrv[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:2
    Value : Cookie:administrateur@qksrv.net/
    Expires : 08-02-2011 22:47:52
    LastSync : Hits:2
    UseCount : 0
    Hits : 2

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : administrateur@247realmedia[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:3
    Value : Cookie:administrateur@247realmedia.com/
    Expires : 01-01-2021 01:00:00
    LastSync : Hits:3
    UseCount : 0
    Hits : 3

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : administrateur@2o7[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:8
    Value : Cookie:administrateur@2o7.net/
    Expires : 08-02-2011 23:26:50
    LastSync : Hits:8
    UseCount : 0
    Hits : 8

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : administrateur@apmebf[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:2
    Value : Cookie:administrateur@apmebf.com/
    Expires : 08-02-2011 22:47:52
    LastSync : Hits:2
    UseCount : 0
    Hits : 2

    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 6
    Objects found so far: 18

    Deep scanning and examining files (C:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for C:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 18

    Scanning Hosts file......
    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    1 entries scanned.
    New critical objects:0
    Objects found so far: 18

    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 18

    12:46:57 Scan Complete

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:10:55.375
    Objects scanned:129903
    Objects identified:7
    Objects ignored:0
    New critical objects:7

    voila ce qui reste apres que je nettois

    ArchiveData(auto-quarantine- 2006-02-10 12-49-35.bckp)
    Referencefile : SE1R91 08.02.2006
    ======================================================

    MRU LIST
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[0]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
    obj[1]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
    obj[2]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
    obj[3]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\microsoft\directinput\mostrecentapplication name
    obj[4]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\microsoft\directinput\mostrecentapplication id
    obj[5]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\microsoft\internet explorer\typedurls
    obj[6]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\microsoft\mediaplayer\player\recentfilelist
    obj[7]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\microsoft\mediaplayer\preferences lastplaylistindex
    obj[8]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\microsoft\mediaplayer\preferences lastplaylist
    obj[9]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\3dsmax
    obj[10]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\a2guard
    obj[11]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\ad-aware
    obj[12]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\astuces
    obj[13]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\autodown
    obj[14]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\cavrid
    obj[15]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\cavtray
    obj[16]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\changeur de fond d'écran
    obj[17]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\czero
    obj[18]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\czero~10
    obj[19]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\devenv
    obj[20]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\Dialogs
    obj[21]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\Exceptions
    obj[22]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\explorer
    obj[23]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\helpctr
    obj[24]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\hijackthis
    obj[25]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\iexplore
    obj[26]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\logitray
    obj[27]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\lvcoms
    obj[28]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\moffice
    obj[29]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\mouse32a
    obj[30]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\moviemk
    obj[31]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\msdev
    obj[32]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\msimn
    obj[33]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\msn6
    obj[34]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\mspaint
    obj[35]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\notepad
    obj[36]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\nvappbar
    obj[37]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\nvdvd
    obj[38]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\nwiz
    obj[39]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\photoshop
    obj[40]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\poppeeper
    obj[41]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\qttask
    obj[42]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\realsched
    obj[43]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\rtvscan
    obj[44]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\rundll32
    obj[45]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\setup
    obj[46]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\smartcenter
    obj[47]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\spider
    obj[48]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\taskmgr
    obj[49]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\toolbarxp
    obj[50]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\ultramon taskbar
    obj[51]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\uninstall
    obj[52]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\unwise
    obj[53]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\vlc
    obj[54]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\wab
    obj[55]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\nvidia corporation\global\nview\windowmanagement\wmplayer
    obj[57]=MRU RegReference : S-1-5-21-1417001333-573735546-839522115-500\software\microsoft\windows media\wmsdk\general computername

    EZULA
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[11]=Regkey : clsid\{0288b94b-0288-b94b-0288-b94b0288b94b}

    TRACKING COOKIE
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[12]=IECache Entry : Cookie:administrateur@2o7.net/
    obj[13]=IECache Entry : Cookie:administrateur@apmebf.com/
    0
  4. sammmm47 Messages postés 14 Statut Membre
     
    je te met le rapport de a-squarred

    Diagnostic
    Key: HKEY_LOCAL_MACHINE\software\classes\ed2k\defaulticon Trace.Registry.BearShare
    Key: HKEY_LOCAL_MACHINE\software\classes\ed2k\shell\open\command Trace.Registry.BearShare
    Key: HKEY_LOCAL_MACHINE\software\classes\ed2k Trace.Registry.BearShare
    Key: HKEY_CLASSES_ROOT\clsid\{72d59b9c-1e59-4958-803a-abdee2d4cfa6} Trace.Registry.DivXPro
    C:\Documents and Settings\Administrateur\Application Data\hbtools Trace.Directory.Hotbar.ShopperReports
    Key: HKEY_LOCAL_MACHINE\software\classes\ed2k Trace.Registry.BearShare
    Value: HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping --> {946b3e9e-e21a-49c8-9f63-900533fafe14} Trace.Registry.Hotbar.ShopperReports
    Value: HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\shellbrowser --> {74cc49f7-eb32-4a08-b204-948962a6e3db} Trace.Registry.HotBar
    C:\Documents and Settings\Administrateur\Application Data\hbtools Trace.Directory.Hotbar.ShopperReports
    Value: HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping --> {946b3e9e-e21a-49c8-9f63-900533fafe14} Trace.Registry.Hotbar.ShopperReports
    Value: HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\shellbrowser --> {74cc49f7-eb32-4a08-b204-948962a6e3db} Trace.Registry.HotBar
    C:\Documents and Settings\Administrateur\Cookies\administrateur@247realmedia[1].txt Trace.TrackingCookie
    C:\Documents and Settings\Administrateur\Cookies\administrateur@qksrv[2].txt Trace.TrackingCookie
    C:\Documents and Settings\Administrateur\Cookies\administrateur@www.cibleclick[1].txt Trace.TrackingCookie
    C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\runner.exe Adware.BackWeb.a
    C:\WINDOWS\system32\wudupdate.exe Trojan.Win32.Pakes
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Salut:

    HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> enregistre le fichier -> fais-en un copier/coller ici.

    +

    Télécharge ceci Registry Search Tool
    http://www.billsway.com/vbspage/
    décompresse le et tape ou colle
    0288b94b-0288-b94b-0288-b94b0288b94b
    et copie colle le résultat dans le bloc note et donne le nous

    A+
    0