Cheval de troie, fichier dll et espace disque
lesimple
Messages postés
20
Statut
Membre
-
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour,
J'ai machine qui est devenue très lente, le disque dur est plein bien que j'ia le ménage, des alerte de avast pour des fichier .dll infecté sous windows\system32. La totale. Ci-joint le journal de avast sur les fichier que j'ai mis en quarantaine et le fichier EGACCESS4_1058.DLL que j'ai supprimer par erreur et que le rundll me réclamme à chaque démarrage.
11/11/2006 06:18:40 SERVICE LOCAL 1872 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\WINDOWS\Debug\UserMode\userenv.log (C:\WINDOWS\Debug\UserMode\userenv.log) returning error, 00000005.
11/11/2006 06:19:20 SERVICE LOCAL 1872 Sign of "Win32:Porndialer-CC [Trj]" has been found in "C:\WINDOWS\SYSTEM32\EGACCESS4_1058.DLL\[UPX]" file.
11/11/2006 10:23:25 SERVICE LOCAL 1888 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\WINDOWS\Debug\UserMode\userenv.log (C:\WINDOWS\Debug\UserMode\userenv.log) returning error, 00000005.
11/11/2006 19:38:58 Tarek 264 Sign of "Win32:Agent-RE [Trj]" has been found in "C:\Program Files\IBM\Rational\SMTrial\6.0\core.20051231.000602.4556.dmp" file.
11/11/2006 22:47:45 Tarek 264 Sign of "Win32:Dialer-CI [Trj]" has been found in "C:\WINDOWS\Downloaded Program Files\610515.exe\[UPX]" file.
11/11/2006 22:48:03 Tarek 264 Sign of "Win32:Dialer-CI [Trj]" has been found in "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\610515.exe\[UPX]" file.
11/11/2006 22:48:06 Tarek 264 Sign of "Win32:Winfixer-B [Tool]" has been found in "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWAS6_0001_N68M2301NetInstaller.exe" file.
11/11/2006 22:48:09 Tarek 264 Sign of "Win32:Dialer-CI [Trj]" has been found in "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\610515.exe\[UPX]" file.
11/11/2006 22:48:10 Tarek 264 Sign of "Win32:Winfixer-B [Tool]" has been found in "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6PV_0001_N69M0303NetInstaller.exe" file.
11/11/2006 22:48:12 Tarek 264 Sign of "Win32:Winfixer-B [Tool]" has been found in "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWAS6_0001_N68M2301NetInstaller.exe" file.
11/11/2006 22:48:15 Tarek 264 Sign of "Win32:Dialer-CI [Trj]" has been found in "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\610515.exe\[UPX]" file.
11/11/2006 22:48:16 Tarek 264 Sign of "Win32:Winfixer-B [Tool]" has been found in "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWAS6_0001_N68M2301NetInstaller.exe" file.
11/11/2006 22:55:27 Tarek 264 Sign of "Win32:P2E-gen [Trj]" has been found in "C:\WINDOWS\p2esocks_1041.dll" file.
11/11/2006 22:55:34 Tarek 264 Sign of "Win32:P2E-gen [Trj]" has been found in "C:\WINDOWS\p2esocks_1047.dll" file.
11/11/2006 22:55:39 Tarek 264 Sign of "Win32:P2E-gen [Trj]" has been found in "C:\WINDOWS\p2esocks_1049.dll" file.
11/11/2006 23:02:49 Tarek 264 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\EGACCESS.dll" file.
11/11/2006 23:02:56 Tarek 264 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\egaccess4_1059.dll" file.
11/11/2006 23:02:58 Tarek 264 Sign of "Win32:Agent-RD [Trj]" has been found in "C:\WINDOWS\system32\EGDACCESS.dll\[UPX]" file.
11/11/2006 23:03:00 Tarek 264 Sign of "Win32:Agent-RD [Trj]" has been found in "C:\WINDOWS\system32\EGDACCESS_1068.dll\[UPX]" file.
11/11/2006 23:03:01 Tarek 264 Sign of "Win32:Dialer-gen. [Trj]" has been found in "C:\WINDOWS\system32\EGDACCESS_1070.dll" file.
11/11/2006 23:03:03 Tarek 264 Sign of "Win32:Dialer-gen. [Trj]" has been found in "C:\WINDOWS\system32\EGDACCESS_1073.dll" file.
11/11/2006 23:03:04 Tarek 264 Sign of "Win32:Agent-RD [Trj]" has been found in "C:\WINDOWS\system32\EGDACCESS_1074.dll\[UPX]" file.
11/11/2006 23:03:05 Tarek 264 Sign of "Win32:P2E-gen [Trj]" has been found in "C:\WINDOWS\system32\eg_auth_srv_1041.dll" file.
11/11/2006 23:03:06 Tarek 264 Sign of "Win32:P2E-gen [Trj]" has been found in "C:\WINDOWS\system32\eg_auth_srv_1047.dll" file.
11/11/2006 23:03:07 Tarek 264 Sign of "Win32:P2E-gen [Trj]" has been found in "C:\WINDOWS\system32\eg_auth_srv_1049.dll" file.
11/11/2006 23:03:47 Tarek 264 Sign of "Win32:Wintrim-019 [Trj]" has been found in "C:\WINDOWS\system32\Mservice.dll" file.
11/11/2006 23:05:23 Tarek 264 Sign of "Win32:Pcclient-BO [Trj]" has been found in "C:\WINDOWS\system32\sysiasvc32.dll" file.
11/11/2006 23:05:31 Tarek 264 Sign of "Win32:Dialer-gen. [Trj]" has been found in "C:\WINDOWS\system32\sysinetsvc32.dll" file.
merci pour votre aide.
J'ai machine qui est devenue très lente, le disque dur est plein bien que j'ia le ménage, des alerte de avast pour des fichier .dll infecté sous windows\system32. La totale. Ci-joint le journal de avast sur les fichier que j'ai mis en quarantaine et le fichier EGACCESS4_1058.DLL que j'ai supprimer par erreur et que le rundll me réclamme à chaque démarrage.
11/11/2006 06:18:40 SERVICE LOCAL 1872 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\WINDOWS\Debug\UserMode\userenv.log (C:\WINDOWS\Debug\UserMode\userenv.log) returning error, 00000005.
11/11/2006 06:19:20 SERVICE LOCAL 1872 Sign of "Win32:Porndialer-CC [Trj]" has been found in "C:\WINDOWS\SYSTEM32\EGACCESS4_1058.DLL\[UPX]" file.
11/11/2006 10:23:25 SERVICE LOCAL 1888 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\WINDOWS\Debug\UserMode\userenv.log (C:\WINDOWS\Debug\UserMode\userenv.log) returning error, 00000005.
11/11/2006 19:38:58 Tarek 264 Sign of "Win32:Agent-RE [Trj]" has been found in "C:\Program Files\IBM\Rational\SMTrial\6.0\core.20051231.000602.4556.dmp" file.
11/11/2006 22:47:45 Tarek 264 Sign of "Win32:Dialer-CI [Trj]" has been found in "C:\WINDOWS\Downloaded Program Files\610515.exe\[UPX]" file.
11/11/2006 22:48:03 Tarek 264 Sign of "Win32:Dialer-CI [Trj]" has been found in "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\610515.exe\[UPX]" file.
11/11/2006 22:48:06 Tarek 264 Sign of "Win32:Winfixer-B [Tool]" has been found in "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWAS6_0001_N68M2301NetInstaller.exe" file.
11/11/2006 22:48:09 Tarek 264 Sign of "Win32:Dialer-CI [Trj]" has been found in "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\610515.exe\[UPX]" file.
11/11/2006 22:48:10 Tarek 264 Sign of "Win32:Winfixer-B [Tool]" has been found in "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6PV_0001_N69M0303NetInstaller.exe" file.
11/11/2006 22:48:12 Tarek 264 Sign of "Win32:Winfixer-B [Tool]" has been found in "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWAS6_0001_N68M2301NetInstaller.exe" file.
11/11/2006 22:48:15 Tarek 264 Sign of "Win32:Dialer-CI [Trj]" has been found in "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\610515.exe\[UPX]" file.
11/11/2006 22:48:16 Tarek 264 Sign of "Win32:Winfixer-B [Tool]" has been found in "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWAS6_0001_N68M2301NetInstaller.exe" file.
11/11/2006 22:55:27 Tarek 264 Sign of "Win32:P2E-gen [Trj]" has been found in "C:\WINDOWS\p2esocks_1041.dll" file.
11/11/2006 22:55:34 Tarek 264 Sign of "Win32:P2E-gen [Trj]" has been found in "C:\WINDOWS\p2esocks_1047.dll" file.
11/11/2006 22:55:39 Tarek 264 Sign of "Win32:P2E-gen [Trj]" has been found in "C:\WINDOWS\p2esocks_1049.dll" file.
11/11/2006 23:02:49 Tarek 264 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\EGACCESS.dll" file.
11/11/2006 23:02:56 Tarek 264 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\egaccess4_1059.dll" file.
11/11/2006 23:02:58 Tarek 264 Sign of "Win32:Agent-RD [Trj]" has been found in "C:\WINDOWS\system32\EGDACCESS.dll\[UPX]" file.
11/11/2006 23:03:00 Tarek 264 Sign of "Win32:Agent-RD [Trj]" has been found in "C:\WINDOWS\system32\EGDACCESS_1068.dll\[UPX]" file.
11/11/2006 23:03:01 Tarek 264 Sign of "Win32:Dialer-gen. [Trj]" has been found in "C:\WINDOWS\system32\EGDACCESS_1070.dll" file.
11/11/2006 23:03:03 Tarek 264 Sign of "Win32:Dialer-gen. [Trj]" has been found in "C:\WINDOWS\system32\EGDACCESS_1073.dll" file.
11/11/2006 23:03:04 Tarek 264 Sign of "Win32:Agent-RD [Trj]" has been found in "C:\WINDOWS\system32\EGDACCESS_1074.dll\[UPX]" file.
11/11/2006 23:03:05 Tarek 264 Sign of "Win32:P2E-gen [Trj]" has been found in "C:\WINDOWS\system32\eg_auth_srv_1041.dll" file.
11/11/2006 23:03:06 Tarek 264 Sign of "Win32:P2E-gen [Trj]" has been found in "C:\WINDOWS\system32\eg_auth_srv_1047.dll" file.
11/11/2006 23:03:07 Tarek 264 Sign of "Win32:P2E-gen [Trj]" has been found in "C:\WINDOWS\system32\eg_auth_srv_1049.dll" file.
11/11/2006 23:03:47 Tarek 264 Sign of "Win32:Wintrim-019 [Trj]" has been found in "C:\WINDOWS\system32\Mservice.dll" file.
11/11/2006 23:05:23 Tarek 264 Sign of "Win32:Pcclient-BO [Trj]" has been found in "C:\WINDOWS\system32\sysiasvc32.dll" file.
11/11/2006 23:05:31 Tarek 264 Sign of "Win32:Dialer-gen. [Trj]" has been found in "C:\WINDOWS\system32\sysinetsvc32.dll" file.
merci pour votre aide.
A voir également:
- Cheval de troie, fichier dll et espace disque
- Fichier bin - Guide
- Espace insécable - Guide
- Cloner disque dur - Guide
- Defragmenter disque dur - Guide
- Fichier epub - Guide
16 réponses
J'ai fait aussi un scan avec hijackthis. Voic le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 16:09:32, on 12/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Fichiers communs\Nokia\NCLTools\NclTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Nokia\Services\ServiceLayer.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Salaat Time\SalaatTime.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tarek\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/fr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache-sop:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [vqxijhi] C:\WINDOWS\system32\hxrxuu.exe
O4 - HKLM\..\Run: [LiveChatut] C:\WINDOWS\LiveChatut.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [qvUpkoXyO.exe] C:\documents and settings\tarek\local settings\temp\qvUpkoXyO.exe
O4 - HKLM\..\Run: [x76i3nQ] memrprop.exe
O4 - HKLM\..\Run: [qvUpkoXyO] C:\documents and settings\tarek\local settings\temp\qvUpkoXyO.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Fichiers communs\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [frymxins] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [gwpsRhc2e] mdhsip.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1058.dll,InstantAccess
O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En®istrement - C:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
Logfile of HijackThis v1.99.1
Scan saved at 16:09:32, on 12/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Fichiers communs\Nokia\NCLTools\NclTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Nokia\Services\ServiceLayer.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Salaat Time\SalaatTime.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tarek\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/fr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache-sop:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [vqxijhi] C:\WINDOWS\system32\hxrxuu.exe
O4 - HKLM\..\Run: [LiveChatut] C:\WINDOWS\LiveChatut.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [qvUpkoXyO.exe] C:\documents and settings\tarek\local settings\temp\qvUpkoXyO.exe
O4 - HKLM\..\Run: [x76i3nQ] memrprop.exe
O4 - HKLM\..\Run: [qvUpkoXyO] C:\documents and settings\tarek\local settings\temp\qvUpkoXyO.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Fichiers communs\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [frymxins] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [gwpsRhc2e] mdhsip.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1058.dll,InstantAccess
O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En®istrement - C:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
Salut
j'ai mis en quarantaine et le fichier EGACCESS4_1058.DLL que j'ai supprimer par erreur et que le rundll me réclamme à chaque démarrage.
pas grave, ce fichier est une salté !!!
pas ailleurs, tu es pas mal infecté !!! il te manque un parfeu ...
fais le 1/ et 2/ de ce liens stp :
virus methode preliminaire de desinfection version fr
@+
j'ai mis en quarantaine et le fichier EGACCESS4_1058.DLL que j'ai supprimer par erreur et que le rundll me réclamme à chaque démarrage.
pas grave, ce fichier est une salté !!!
pas ailleurs, tu es pas mal infecté !!! il te manque un parfeu ...
fais le 1/ et 2/ de ce liens stp :
virus methode preliminaire de desinfection version fr
@+
en fait j'ai sygate qui marche bien.
je pense que mon erreur est que j'ai jamais fait de scan total de ma machine de puis j'ai installé le avast.
Anti-spyware est cours de scan.
je pense que mon erreur est que j'ai jamais fait de scan total de ma machine de puis j'ai installé le avast.
Anti-spyware est cours de scan.
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 18:13:21 12/11/2006
+ Résultat de l'analyse:
HKU\S-1-5-21-291960248-4294672164-1540087425-1004\Software\IST -> Adware.ISTBar : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069957.dll -> Dialer.EGroup.s : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069967.dll -> Dialer.EGroup.s : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069970.dll -> Dialer.EGroup.u : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access -> Dialer.Generic : Aucune action entreprise.
HKU\S-1-5-21-291960248-4294672164-1540087425-1004\Software\EGDHTML -> Dialer.Generic : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069971.dll -> Dialer.InstantAccess.e : Aucune action entreprise.
C:\WINDOWS\system32\syswbsvc32.dll -> Dialer.InstantAccess.e : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069962.dll -> Dialer.InstantAccess.f : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069963.dll -> Dialer.InstantAccess.f : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069961.dll -> Dialer.InstantAccess.m : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069964.dll -> Dialer.InstantAccess.m : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069965.dll -> Dialer.InstantAccess.m : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069969.dll -> Downloader.Wintrim.cj : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temp\ICD1.tmp\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temp\ICD2.tmp\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temp\ICD3.tmp\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temp\ICD4.tmp\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temp\ICD6.tmp\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temp\ICD8.tmp\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temporary Internet Files\Content.IE5\JJLPL5DM\installdrivecleanerstart_fr[1].cab/UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temp\ICD5.tmp\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temp\ICD7.tmp\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temp\ICD9.tmp\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temporary Internet Files\Content.IE5\G7XRM2Z5\WinAntiVirusPro2006FreeInstall_fr[1].cab/UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@247realmedia[2].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@2o7[2].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@hertz.122.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@casalemedia[1].txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@doubleclick[2].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@ehg-oreilly.hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@hitbox[1].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@questionmarket[1].txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@revenue[1].txt -> TrackingCookie.Revenue : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@zedo[1].txt -> TrackingCookie.Zedo : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069959.dll -> Trojan.Dialer.pc : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069960.dll -> Trojan.Dialer.pc : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069956.dll -> Trojan.P2E.bt : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069966.dll -> Trojan.P2E.bt : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069958.dll -> Trojan.P2E.cl : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069968.dll -> Trojan.P2E.cl : Aucune action entreprise.
Fin du rapport
--------------------------------------------------------
je vais faire maintenant l'étape 2)
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 18:13:21 12/11/2006
+ Résultat de l'analyse:
HKU\S-1-5-21-291960248-4294672164-1540087425-1004\Software\IST -> Adware.ISTBar : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069957.dll -> Dialer.EGroup.s : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069967.dll -> Dialer.EGroup.s : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069970.dll -> Dialer.EGroup.u : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access -> Dialer.Generic : Aucune action entreprise.
HKU\S-1-5-21-291960248-4294672164-1540087425-1004\Software\EGDHTML -> Dialer.Generic : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069971.dll -> Dialer.InstantAccess.e : Aucune action entreprise.
C:\WINDOWS\system32\syswbsvc32.dll -> Dialer.InstantAccess.e : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069962.dll -> Dialer.InstantAccess.f : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069963.dll -> Dialer.InstantAccess.f : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069961.dll -> Dialer.InstantAccess.m : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069964.dll -> Dialer.InstantAccess.m : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069965.dll -> Dialer.InstantAccess.m : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069969.dll -> Downloader.Wintrim.cj : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temp\ICD1.tmp\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temp\ICD2.tmp\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temp\ICD3.tmp\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temp\ICD4.tmp\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temp\ICD6.tmp\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temp\ICD8.tmp\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temporary Internet Files\Content.IE5\JJLPL5DM\installdrivecleanerstart_fr[1].cab/UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temp\ICD5.tmp\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temp\ICD7.tmp\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temp\ICD9.tmp\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Aucune action entreprise.
C:\Documents and Settings\Tarek\Local Settings\Temporary Internet Files\Content.IE5\G7XRM2Z5\WinAntiVirusPro2006FreeInstall_fr[1].cab/UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@247realmedia[2].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@2o7[2].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@hertz.122.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@casalemedia[1].txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@doubleclick[2].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@ehg-oreilly.hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@hitbox[1].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@questionmarket[1].txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@revenue[1].txt -> TrackingCookie.Revenue : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@zedo[1].txt -> TrackingCookie.Zedo : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069959.dll -> Trojan.Dialer.pc : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069960.dll -> Trojan.Dialer.pc : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069956.dll -> Trojan.P2E.bt : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069966.dll -> Trojan.P2E.bt : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069958.dll -> Trojan.P2E.cl : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP568\A0069968.dll -> Trojan.P2E.cl : Aucune action entreprise.
Fin du rapport
--------------------------------------------------------
je vais faire maintenant l'étape 2)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
re
ok pour le parfeu !
Aucune action entreprise.
il va falloir refaire le scan est reglé avg sur "supprimer" pour qu'il te vire tout ce qu'il trouve !
cf tuto :
ttp://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
++
ok pour le parfeu !
Aucune action entreprise.
il va falloir refaire le scan est reglé avg sur "supprimer" pour qu'il te vire tout ce qu'il trouve !
cf tuto :
ttp://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
++
en fait je l'ai déja configuré sur "supprimer" dans mon premier scan. Et j'ai valider après toutes les actions. normalement il a tous viré.
maintenant je suis entrain de scanner avec BitDefender, mais il est un peu long. L'estimation de temps est de 4 h51 mn.
Je vais rentrer chez moi et je relancerai le scan.
à tout à l'heure.
et merci bien pour votre aide :)
PS: si je n'arriverai pas à me connecter de chez moi, je serai en ligne demain matin, pour continuer la procédure.
maintenant je suis entrain de scanner avec BitDefender, mais il est un peu long. L'estimation de temps est de 4 h51 mn.
Je vais rentrer chez moi et je relancerai le scan.
à tout à l'heure.
et merci bien pour votre aide :)
PS: si je n'arriverai pas à me connecter de chez moi, je serai en ligne demain matin, pour continuer la procédure.
re
ok, pour l'estimation du scan en ligne, elle est un peu exagéré :)
mais il peut facilement mettre 1h30 !!!
@+
ok, pour l'estimation du scan en ligne, elle est un peu exagéré :)
mais il peut facilement mettre 1h30 !!!
@+
salut,
le BitDefender scanne depuis plus de 3 heures. Il lui reste presque une demi-heure. Mais entre temps je voulais savoir qu'est ce que fais des fichiers que j'ai mis en quarantaine de AVAST. Ils sont des dichiers dll sous le répertoire \windows\system32. Est ce que je les restaure ou je les supprime ?
le BitDefender scanne depuis plus de 3 heures. Il lui reste presque une demi-heure. Mais entre temps je voulais savoir qu'est ce que fais des fichiers que j'ai mis en quarantaine de AVAST. Ils sont des dichiers dll sous le répertoire \windows\system32. Est ce que je les restaure ou je les supprime ?
Excuse moi, j'ai oublier de le préciser.
Il est dans le premier message de la discussion.
Mais je te rappelle que le scan de Avast je l'ai fait avant la procédure que tu m'as donné (i.e. AVG et le BitDefender).
Il est dans le premier message de la discussion.
Mais je te rappelle que le scan de Avast je l'ai fait avant la procédure que tu m'as donné (i.e. AVG et le BitDefender).
C:\Documents and Settings\Tarek\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-1169efa4.zip
Infected with: Trojan.Downloader.Java.Openstream.U
C:\Documents and Settings\Tarek\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-1169efa4.zip
Disinfection failed
C:\Documents and Settings\Tarek\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-1169efa4.zip
Deleted
-------------------------------------------------------------------
je vais lancer maintenant le HijackThis
Infected with: Trojan.Downloader.Java.Openstream.U
C:\Documents and Settings\Tarek\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-1169efa4.zip
Disinfection failed
C:\Documents and Settings\Tarek\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-1169efa4.zip
Deleted
-------------------------------------------------------------------
je vais lancer maintenant le HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 23:45:44, on 12/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Fichiers communs\Nokia\NCLTools\NclTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Nokia\Services\ServiceLayer.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Salaat Time\SalaatTime.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Tarek\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/fr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache-sop:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [vqxijhi] C:\WINDOWS\system32\hxrxuu.exe
O4 - HKLM\..\Run: [LiveChatut] C:\WINDOWS\LiveChatut.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [qvUpkoXyO.exe] C:\documents and settings\tarek\local settings\temp\qvUpkoXyO.exe
O4 - HKLM\..\Run: [x76i3nQ] memrprop.exe
O4 - HKLM\..\Run: [qvUpkoXyO] C:\documents and settings\tarek\local settings\temp\qvUpkoXyO.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Fichiers communs\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [frymxins] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [gwpsRhc2e] mdhsip.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1058.dll,InstantAccess
O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En®istrement - C:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
Scan saved at 23:45:44, on 12/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Fichiers communs\Nokia\NCLTools\NclTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Nokia\Services\ServiceLayer.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Salaat Time\SalaatTime.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Tarek\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/fr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache-sop:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [vqxijhi] C:\WINDOWS\system32\hxrxuu.exe
O4 - HKLM\..\Run: [LiveChatut] C:\WINDOWS\LiveChatut.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [qvUpkoXyO.exe] C:\documents and settings\tarek\local settings\temp\qvUpkoXyO.exe
O4 - HKLM\..\Run: [x76i3nQ] memrprop.exe
O4 - HKLM\..\Run: [qvUpkoXyO] C:\documents and settings\tarek\local settings\temp\qvUpkoXyO.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Fichiers communs\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [frymxins] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [gwpsRhc2e] mdhsip.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1058.dll,InstantAccess
O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En®istrement - C:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
Bonsoir,
Quand j'ai rebouté ma machien ce matin. La machine est devu très lente.
j'ai trouvé sur le gestionnaire des tâches que le processus ashServ.exe occupe la totalité du processeur. Quand je l'ai arreté c'est explorer.exe qui prend la relève. C'est quoi le problème !!!
J'ai fait après ça un démarrage en mode sans échec et j'ai passé le AVG anti-spyware qui détecté 18 traces. Bien qu'hier il a fait un scan total de la machine (voir le rapport plus haut). Le rapport du scan d'aujourd'hui est le suivant:
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 17:06:08 13/11/2006
+ Résultat de l'analyse:
C:\WINDOWS\system32\MSCLOCK32.DLL -> Adware.NaviPromo : Aucune action entreprise.
C:\WINDOWS\system32\msplock32.dll -> Adware.NaviPromo : Aucune action entreprise.
HKLM\SOFTWARE\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP570\A0070186.dll -> Dialer.InstantAccess.e : Aucune action entreprise.
:mozilla.13:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.14:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.15:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.16:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@247realmedia[1].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.48:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.49:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.50:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.52:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.53:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.11:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.12:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.95:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.98:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.99:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.
Fin du rapport
Qu'est ce que je fait
Quand j'ai rebouté ma machien ce matin. La machine est devu très lente.
j'ai trouvé sur le gestionnaire des tâches que le processus ashServ.exe occupe la totalité du processeur. Quand je l'ai arreté c'est explorer.exe qui prend la relève. C'est quoi le problème !!!
J'ai fait après ça un démarrage en mode sans échec et j'ai passé le AVG anti-spyware qui détecté 18 traces. Bien qu'hier il a fait un scan total de la machine (voir le rapport plus haut). Le rapport du scan d'aujourd'hui est le suivant:
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 17:06:08 13/11/2006
+ Résultat de l'analyse:
C:\WINDOWS\system32\MSCLOCK32.DLL -> Adware.NaviPromo : Aucune action entreprise.
C:\WINDOWS\system32\msplock32.dll -> Adware.NaviPromo : Aucune action entreprise.
HKLM\SOFTWARE\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Aucune action entreprise.
C:\System Volume Information\_restore{885FCFDA-B4A3-4CC2-B355-E8F0CDB1EF7E}\RP570\A0070186.dll -> Dialer.InstantAccess.e : Aucune action entreprise.
:mozilla.13:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.14:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.15:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.16:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@247realmedia[1].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.48:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.49:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.50:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.52:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.53:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.11:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.12:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.95:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.98:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.99:C:\Documents and Settings\Tarek\Application Data\Mozilla\Firefox\Profiles\axukcr9a.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\Tarek\Cookies\tarek@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.
Fin du rapport
Qu'est ce que je fait
Salut
Aucune action entreprise.
voici un tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
petits verification :
Télécharge Blacklight (de F-Secure) :
https://europe.f-secure.com/exclude/blacklight/index.shtml
et sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse
@+
**En vérité, le chemin importe peu, la volonté d'arriver suffit à tout ( A.Camus ) **
Aucune action entreprise.
voici un tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
petits verification :
Télécharge Blacklight (de F-Secure) :
https://europe.f-secure.com/exclude/blacklight/index.shtml
et sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse
@+
**En vérité, le chemin importe peu, la volonté d'arriver suffit à tout ( A.Camus ) **
J'ai supprimé tous le truc détéctés pas AVG. C'est vrai le rapport que j'ai posté ne contient pas l'action de suppression.
La Blacklight n'a rien trouvé voici le rapport:
11/13/06 23:29:28 [Info]: BlackLight Engine 1.0.47 initialized
11/13/06 23:29:28 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/13/06 23:29:29 [Note]: 7019 4
11/13/06 23:29:29 [Note]: 7005 0
11/13/06 23:29:31 [Note]: 7006 0
11/13/06 23:29:31 [Note]: 7011 2484
11/13/06 23:29:32 [Note]: 7026 0
11/13/06 23:29:32 [Note]: 7026 0
11/13/06 23:29:50 [Note]: FSRAW library version 1.7.1020
11/14/06 04:38:05 [Note]: 7007 0
-------------------------------------------------
PS: je suis entrain de faire une procedure de réparation avec chercheurbis sur une autre discussion "Machine trsè lente" qui j'ai lancé hier. Je pense ça soit complémentaire.
Mais ma machine est très lente à cause de ashServ.exe qui bouffe tout le CPU.
La Blacklight n'a rien trouvé voici le rapport:
11/13/06 23:29:28 [Info]: BlackLight Engine 1.0.47 initialized
11/13/06 23:29:28 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/13/06 23:29:29 [Note]: 7019 4
11/13/06 23:29:29 [Note]: 7005 0
11/13/06 23:29:31 [Note]: 7006 0
11/13/06 23:29:31 [Note]: 7011 2484
11/13/06 23:29:32 [Note]: 7026 0
11/13/06 23:29:32 [Note]: 7026 0
11/13/06 23:29:50 [Note]: FSRAW library version 1.7.1020
11/14/06 04:38:05 [Note]: 7007 0
-------------------------------------------------
PS: je suis entrain de faire une procedure de réparation avec chercheurbis sur une autre discussion "Machine trsè lente" qui j'ai lancé hier. Je pense ça soit complémentaire.
Mais ma machine est très lente à cause de ashServ.exe qui bouffe tout le CPU.
