Mon log hijackthis
Fermé
salsa man
-
Thom@s Messages postés 3416 Statut Modérateur -
Thom@s Messages postés 3416 Statut Modérateur -
voici mon log hijackthis et un rapport ewido que j'ai oublié de vous laisser ds mon précédent message. encore merci de votre patience.
Logfile of HijackThis v1.99.1
Scan saved at 03:35:42, on 24/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\HP_Propriétaire\Mes documents\omartini007\eMule\emule.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Ahead\nero\nero.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavil...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavil...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavil...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavil...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hpC4F7.tmp
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\system32\yaemu.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://www.mirarsearch.com (HKLM)
O16 - DPF: {33331111-1111-1111-1111-611111193423} - http://www.www2.p0rt2.com/files/777.cab
O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl85bd.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - http://www.www2.p0rt2.com/files/MirarSetup-875498.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1107D5AE-47F7-4B1A-BF0D-CAA9226BAAA2}: NameServer = 85.255.115.158,85.255.112.107
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EE4A086-1CF5-458A-8459-D1D11EA3510D}: NameServer = 85.255.115.158,85.255.112.107
O17 - HKLM\System\CCS\Services\Tcpip\..\{859D90B0-BA11-4948-ADDA-8F19A926443A}: NameServer = 85.255.115.158,85.255.112.107
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9B813AF-209A-40C5-AC50-53690B49651C}: NameServer = 80.10.246.1 80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{1107D5AE-47F7-4B1A-BF0D-CAA9226BAAA2}: NameServer = 85.255.115.158,85.255.112.107
O17 - HKLM\System\CS2\Services\Tcpip\..\{1107D5AE-47F7-4B1A-BF0D-CAA9226BAAA2}: NameServer = 85.255.115.158,85.255.112.107
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\system32\vbsys2.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
ewido anti-malware - Rapport des processus
---------------------------------------------------------
+ Créé le: 23:43:53, 23/04/2006
+ Somme de contrôle: 27283B38
0: System Process
4: System Process
148: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
192: C:\windows\system\hpsysdrv.exe
196: C:\WINDOWS\system32\hphmon06.exe
224: C:\HP\KBD\KBD.EXE
232: C:\Program Files\iTunes\iTunesHelper.exe
292: C:\WINDOWS\system32\keyhook.exe
304: C:\WINDOWS\AGRSMMSG.exe
316: C:\WINDOWS\ALCXMNTR.EXE
340: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
468: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
476: C:\WINDOWS\system32\rundll32.exe
488: C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
540: C:\Program Files\QuickTime\qttask.exe
548: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
600: \SystemRoot\System32\smss.exe
636: C:\Program Files\MSN Messenger\msnmsgr.exe
660: \??\C:\WINDOWS\system32\csrss.exe
684: \??\C:\WINDOWS\system32\winlogon.exe
704: C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
728: C:\WINDOWS\system32\services.exe
740: C:\WINDOWS\system32\lsass.exe
744: C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
800: C:\Program Files\Ahead\nero\nero.exe
880: C:\WINDOWS\system32\svchost.exe
940: C:\WINDOWS\system32\svchost.exe
976: C:\WINDOWS\System32\svchost.exe
1024: C:\WINDOWS\system32\svchost.exe
1100: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
1120: C:\WINDOWS\system32\svchost.exe
1348: C:\WINDOWS\Explorer.EXE
1388: C:\WINDOWS\system32\spoolsv.exe
1492: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
1508: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
1520: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
1580: C:\WINDOWS\System32\FTRTSVC.exe
1608: C:\WINDOWS\system32\nvsvc32.exe
1684: C:\WINDOWS\system32\svchost.exe
1724: C:\WINDOWS\system32\wdfmgr.exe
1764: C:\WINDOWS\system32\nvctrl.exe
1796: C:\WINDOWS\system32\ZoneLabs\vsmon.exe
2084: C:\WINDOWS\system32\imapi.exe
2116: C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
2136: C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
2144: C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
2380: C:\Program Files\iPod\bin\iPodService.exe
2668: C:\WINDOWS\System32\alg.exe
2908: C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
3124: C:\Program Files\iTunes\iTunes.exe
3156: C:\Documents and Settings\HP_Propriétaire\Mes documents\omartini007\eMule\emule.exe
3208: C:\Program Files\Wanadoo\EspaceWanadoo.exe
3220: C:\Program Files\Wanadoo\ComComp.exe
3240: C:\PROGRA~1\Wanadoo\Toaster.exe
3248: C:\PROGRA~1\Wanadoo\Inactivity.exe
3256: C:\PROGRA~1\Wanadoo\PollingModule.exe
3280: C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
3420: C:\Program Files\Wanadoo\Watch.exe
3648: C:\Program Files\ewido anti-malware\SecuritySuite.exe
3928: System Process
3988: C:\Program Files\ewido anti-malware\ewidoctrl.exe
4064: C:\WINDOWS\System32\svchost.exe
4080: C:\Program Files\Ahead\nero\nero.exe
Logfile of HijackThis v1.99.1
Scan saved at 03:35:42, on 24/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\HP_Propriétaire\Mes documents\omartini007\eMule\emule.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Ahead\nero\nero.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavil...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavil...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavil...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavil...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hpC4F7.tmp
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\system32\yaemu.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://www.mirarsearch.com (HKLM)
O16 - DPF: {33331111-1111-1111-1111-611111193423} - http://www.www2.p0rt2.com/files/777.cab
O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl85bd.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - http://www.www2.p0rt2.com/files/MirarSetup-875498.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1107D5AE-47F7-4B1A-BF0D-CAA9226BAAA2}: NameServer = 85.255.115.158,85.255.112.107
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EE4A086-1CF5-458A-8459-D1D11EA3510D}: NameServer = 85.255.115.158,85.255.112.107
O17 - HKLM\System\CCS\Services\Tcpip\..\{859D90B0-BA11-4948-ADDA-8F19A926443A}: NameServer = 85.255.115.158,85.255.112.107
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9B813AF-209A-40C5-AC50-53690B49651C}: NameServer = 80.10.246.1 80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{1107D5AE-47F7-4B1A-BF0D-CAA9226BAAA2}: NameServer = 85.255.115.158,85.255.112.107
O17 - HKLM\System\CS2\Services\Tcpip\..\{1107D5AE-47F7-4B1A-BF0D-CAA9226BAAA2}: NameServer = 85.255.115.158,85.255.112.107
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\system32\vbsys2.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
ewido anti-malware - Rapport des processus
---------------------------------------------------------
+ Créé le: 23:43:53, 23/04/2006
+ Somme de contrôle: 27283B38
0: System Process
4: System Process
148: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
192: C:\windows\system\hpsysdrv.exe
196: C:\WINDOWS\system32\hphmon06.exe
224: C:\HP\KBD\KBD.EXE
232: C:\Program Files\iTunes\iTunesHelper.exe
292: C:\WINDOWS\system32\keyhook.exe
304: C:\WINDOWS\AGRSMMSG.exe
316: C:\WINDOWS\ALCXMNTR.EXE
340: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
468: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
476: C:\WINDOWS\system32\rundll32.exe
488: C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
540: C:\Program Files\QuickTime\qttask.exe
548: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
600: \SystemRoot\System32\smss.exe
636: C:\Program Files\MSN Messenger\msnmsgr.exe
660: \??\C:\WINDOWS\system32\csrss.exe
684: \??\C:\WINDOWS\system32\winlogon.exe
704: C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
728: C:\WINDOWS\system32\services.exe
740: C:\WINDOWS\system32\lsass.exe
744: C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
800: C:\Program Files\Ahead\nero\nero.exe
880: C:\WINDOWS\system32\svchost.exe
940: C:\WINDOWS\system32\svchost.exe
976: C:\WINDOWS\System32\svchost.exe
1024: C:\WINDOWS\system32\svchost.exe
1100: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
1120: C:\WINDOWS\system32\svchost.exe
1348: C:\WINDOWS\Explorer.EXE
1388: C:\WINDOWS\system32\spoolsv.exe
1492: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
1508: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
1520: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
1580: C:\WINDOWS\System32\FTRTSVC.exe
1608: C:\WINDOWS\system32\nvsvc32.exe
1684: C:\WINDOWS\system32\svchost.exe
1724: C:\WINDOWS\system32\wdfmgr.exe
1764: C:\WINDOWS\system32\nvctrl.exe
1796: C:\WINDOWS\system32\ZoneLabs\vsmon.exe
2084: C:\WINDOWS\system32\imapi.exe
2116: C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
2136: C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
2144: C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
2380: C:\Program Files\iPod\bin\iPodService.exe
2668: C:\WINDOWS\System32\alg.exe
2908: C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
3124: C:\Program Files\iTunes\iTunes.exe
3156: C:\Documents and Settings\HP_Propriétaire\Mes documents\omartini007\eMule\emule.exe
3208: C:\Program Files\Wanadoo\EspaceWanadoo.exe
3220: C:\Program Files\Wanadoo\ComComp.exe
3240: C:\PROGRA~1\Wanadoo\Toaster.exe
3248: C:\PROGRA~1\Wanadoo\Inactivity.exe
3256: C:\PROGRA~1\Wanadoo\PollingModule.exe
3280: C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
3420: C:\Program Files\Wanadoo\Watch.exe
3648: C:\Program Files\ewido anti-malware\SecuritySuite.exe
3928: System Process
3988: C:\Program Files\ewido anti-malware\ewidoctrl.exe
4064: C:\WINDOWS\System32\svchost.exe
4080: C:\Program Files\Ahead\nero\nero.exe
A voir également:
- Mon log hijackthis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Vpn no log - Guide
- View rescue log traduction - Guide
- Log freebox - Forum Freebox
- Log crash windows - Guide
1 réponse
Bonjour,
Merci de continuer dans la discussion d'origine :
https://forums.commentcamarche.net/forum/affich-2205800-virus-iworm-attck-v12202a
A+ :-)
Merci de continuer dans la discussion d'origine :
https://forums.commentcamarche.net/forum/affich-2205800-virus-iworm-attck-v12202a
A+ :-)
