Sujet Précédent Sujet Suivant

Adware Purityscan / Dialer.iDialer et autres

Fermé
loupdulac - 9 janv. 2007 à 16:36
 yenamarre - 21 avril 2008 à 19:22
Bonjour à tous,
après avoir un peu galéré me voici parmis vous.
J'ai récupéré vendredi dernier l'Adware.Putityscan et le dialer.idialer. A quelques reprises, sont apparus Trojan.Nebuler, Trojan.Vundo, Downloader.Trojan.
Après plusieurs manips avec notamment, Spybot, mon antivirus, AVG et CleanUp et d'autres log installés aujourd'hui.. ça a l'air d'aller mieux.
Néanmoins je voudrais être sur que tout est ok et désinstaller tous les logs qui tournent ou n'en garder que quelque uns.
Pouvez vous m'aider à nettoyer tout ça?
Je lance les divers scan et copie les rapports en suivant.
Merci de votre aide.
A voir également:

6 réponses

Réponse 1 / 6
loupdulac Messages postés 21 Date d'inscription mardi 9 janvier 2007 Statut Membre Dernière intervention 15 novembre 2012
9 janv. 2007 à 17:06
Ad-Aware SE Build 1.06r1
Logfile Created on:mardi 9 janvier 2007 16:40:02
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R143 08.01.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):9 total references
Tracking Cookie(TAC index:3):3 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


09-01-2007 16:40:02 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\jm.navarro\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1595569382-2297305275-87640226-1006\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1595569382-2297305275-87640226-1006\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1595569382-2297305275-87640226-1006\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1595569382-2297305275-87640226-1006\software\microsoft\office\9.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1595569382-2297305275-87640226-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 644
ThreadCreationTime : 09-01-2007 15:01:33
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 708
ThreadCreationTime : 09-01-2007 15:01:38
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 09-01-2007 15:01:41
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 776
ThreadCreationTime : 09-01-2007 15:01:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 788
ThreadCreationTime : 09-01-2007 15:01:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ibmpmsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 988
ThreadCreationTime : 09-01-2007 15:01:48
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1016
ThreadCreationTime : 09-01-2007 15:01:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1092
ThreadCreationTime : 09-01-2007 15:01:50
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1188
ThreadCreationTime : 09-01-2007 15:01:50
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [evteng.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1256
ThreadCreationTime : 09-01-2007 15:01:50
BasePriority : Normal
FileVersion : 9, 0, 1, 83
ProductVersion : 9, 0, 1, 4
ProductName : EvtEng Module
CompanyName : Intel Corporation
FileDescription : EvtEng Module
InternalName : EvtEng
LegalCopyright : Copyright (c) Intel Corporation 1999-2005
OriginalFilename : EvtEng.EXE

#:11 [s24evmon.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1308
ThreadCreationTime : 09-01-2007 15:01:51
BasePriority : Normal
FileVersion : 9, 0, 1, 83
ProductVersion : 9, 0, 1, 4
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright (c) Intel Corporation 1999-2005
OriginalFilename : S24EvMon.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1384
ThreadCreationTime : 09-01-2007 15:01:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1476
ThreadCreationTime : 09-01-2007 15:01:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1656
ThreadCreationTime : 09-01-2007 15:01:55
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 668
ThreadCreationTime : 09-01-2007 15:02:02
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE

#:16 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 792
ThreadCreationTime : 09-01-2007 15:02:02
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:17 [ccsetmgr.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 1044
ThreadCreationTime : 09-01-2007 15:02:03
BasePriority : Normal
FileVersion : 103.5.1.9
ProductVersion : 103.5.1.9
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:18 [defwatch.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 1168
ThreadCreationTime : 09-01-2007 15:02:06
BasePriority : Normal
FileVersion : 10.0.0.359
ProductVersion : 10.0.0.359
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright 1998 - 2005 Symantec Corporation. All rights reserved.
OriginalFilename : DefWatch.exe

#:19 [rrpcsb.exe]
FilePath : C:\Program Files\IBM\IBM Rapid Restore Ultra\
ProcessID : 1324
ThreadCreationTime : 09-01-2007 15:02:08
BasePriority : Normal
FileVersion : 4,0,0,4026
ProductVersion : 4,0,0,4026
ProductName : rrpcsb Module
FileDescription : rrpcsb Module
InternalName : rrpcsb
LegalCopyright : Copyright 2002
OriginalFilename : rrpcsb.EXE

#:20 [qconsvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1380
ThreadCreationTime : 09-01-2007 15:02:10
BasePriority : Normal
FileVersion : 3, 7, 1, 0
ProductVersion : 3, 7, 1, 0
ProductName : IBM ThinkPad Utility
CompanyName : IBM Corp.
FileDescription : IBM Access Connections - Service Component.
InternalName : QConSvc
LegalCopyright : Copyright (C) IBM Corp. 2001, 2005
OriginalFilename : QConSvc.Exe
Comments : IBM Access Connections Component.

#:21 [regsrvc.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1424
ThreadCreationTime : 09-01-2007 15:02:11
BasePriority : Normal
FileVersion : 9, 0, 1, 83
ProductVersion : 9, 0, 1, 4
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright (c) Intel Corporation 1999-2005
OriginalFilename : RegSrvc.EXE
Comments : Registry Interface for Intel Wireless Products

#:22 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 1492
ThreadCreationTime : 09-01-2007 15:02:11
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:23 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 912
ThreadCreationTime : 09-01-2007 15:02:12
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:24 [rtvscan.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 1692
ThreadCreationTime : 09-01-2007 15:02:14
BasePriority : Normal
FileVersion : 10.0.0.359
ProductVersion : 10.0.0.359
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2005 Symantec Corporation. All rights reserved.

#:25 [tp4serv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1844
ThreadCreationTime : 09-01-2007 15:02:20
BasePriority : Normal
FileVersion : 3.12
ProductVersion : 3.12
ProductName : IBM PS/2 TrackPoint Support
CompanyName : IBM Corporation
FileDescription : IBM PS/2 TrackPoint Daemon
InternalName : daemon.exe
LegalCopyright : Copyright (C) IBM Corporation 1997-2003
OriginalFilename : daemon.exe

#:26 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1852
ThreadCreationTime : 09-01-2007 15:02:22
BasePriority : Normal
FileVersion : 3.0.0.3879
ProductVersion : 7.0.0.3879
ProductName : Intel(R) Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE

#:27 [tpkmpsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1896
ThreadCreationTime : 09-01-2007 15:02:23
BasePriority : Normal


#:28 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1912
ThreadCreationTime : 09-01-2007 15:02:23
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:29 [ccevtmgr.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 1996
ThreadCreationTime : 09-01-2007 15:02:25
BasePriority : Normal
FileVersion : 103.5.1.9
ProductVersion : 103.5.1.9
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:30 [tphkmgr.exe]
FilePath : C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\
ProcessID : 524
ThreadCreationTime : 09-01-2007 15:02:27
BasePriority : Above Normal


#:31 [tponscr.exe]
FilePath : C:\Program Files\ThinkPad\PkgMgr\HOTKEY\
ProcessID : 1152
ThreadCreationTime : 09-01-2007 15:02:29
BasePriority : Normal


#:32 [tpscrex.exe]
FilePath : C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\
ProcessID : 1164
ThreadCreationTime : 09-01-2007 15:02:29
BasePriority : Normal
FileVersion : 1.06
ProductVersion : 1.06
ProductName : ThinkPad UltraZoom
CompanyName : IBM Corporation
FileDescription : ThinkPad UltraZoom
InternalName : TPSCREX
LegalCopyright : Copyright (c) 2000, IBM Corporation
OriginalFilename : TpScrEx.exe

#:33 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 1928
ThreadCreationTime : 09-01-2007 15:02:33
BasePriority : Normal
FileVersion : 1.04.08a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

#:34 [ibmprc.exe]
FilePath : C:\IBMTOOLS\UTILS\
ProcessID : 2068
ThreadCreationTime : 09-01-2007 15:02:34
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 1
ProductName : ibmprc Application
CompanyName : IBM Corp.
FileDescription : ibmprc Application
InternalName : ibmprc
LegalCopyright : Copyright (C) 2004 IBM
OriginalFilename : ibmprc.exe

#:35 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2088
ThreadCreationTime : 09-01-2007 15:02:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Exécuter une DLL en tant qu'application
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : RUNDLL.EXE

#:36 [ccapp.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 2096
ThreadCreationTime : 09-01-2007 15:02:36
BasePriority : Normal
FileVersion : 103.5.1.9
ProductVersion : 103.5.1.9
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:37 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\
ProcessID : 2196
ThreadCreationTime : 09-01-2007 15:02:36
BasePriority : Normal
FileVersion : 10.0.0.359
ProductVersion : 10.0.0.359
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2005 Symantec Corporation. All rights reserved.

#:38 [lvcomsx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2388
ThreadCreationTime : 09-01-2007 15:02:38
BasePriority : Normal
FileVersion : 8.4.7.1036
ProductVersion : 8.4.7.1036
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : (c) 1996-2005 Logitech. All rights reserved.
OriginalFilename : LVComS.exe

#:39 [dragdiag.exe]
FilePath : C:\Program Files\Thomson\SpeedTouch USB\
ProcessID : 2416
ThreadCreationTime : 09-01-2007 15:02:40
BasePriority : Normal
FileVersion : 301.0.0.12
ProductVersion : 301.0.0.12
ProductName : SpeedTouch USB
CompanyName : THOMSON Telecom Belgium
FileDescription : SpeedTouch Statistics
LegalCopyright : Copyright© THOMSON Telecom Belgium 1999-2004
LegalTrademarks : SpeedTouch

#:40 [logitray.exe]
FilePath : C:\Program Files\Logitech\Video\
ProcessID : 2436
ThreadCreationTime : 09-01-2007 15:02:42
BasePriority : Normal
FileVersion : 8.4.7.1034
ProductVersion : 8.4.7.1034
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : (c) 1996-2005 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe

#:41 [smax4pnp.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 2468
ThreadCreationTime : 09-01-2007 15:02:43
BasePriority : Normal
FileVersion : 5, 0, 1, 57
ProductVersion : 5, 0, 1, 57
ProductName : SMax4PNP Application
CompanyName : Analog Devices, Inc.
FileDescription : SMax4PNP MFC Application
InternalName : SMax4PNP
LegalCopyright : Copyright (C) 2002-2004 Analog Devices
OriginalFilename : SMax4PNP.EXE

#:42 [tomtomhome.exe]
FilePath : C:\Program Files\TomTom HOME\
ProcessID : 2564
ThreadCreationTime : 09-01-2007 15:02:47
BasePriority : Normal


#:43 [fxsvr2.exe]
FilePath : C:\Program Files\Logitech\Video\
ProcessID : 3344
ThreadCreationTime : 09-01-2007 15:03:10
BasePriority : Normal
FileVersion : 8.4.7.1034
ProductVersion : 8.4.7.1034
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : QuickCam Framework Server
InternalName : FxSvr.EXE
LegalCopyright : (c) 1996-2005 Logitech. All rights reserved.
OriginalFilename : FxSvr.EXE

#:44 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3372
ThreadCreationTime : 09-01-2007 15:03:12
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:45 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3908
ThreadCreationTime : 09-01-2007 15:03:16
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:46 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 552
ThreadCreationTime : 09-01-2007 15:03:18
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe

#:47 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3300
ThreadCreationTime : 09-01-2007 15:03:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:48 [dlg.exe]
FilePath : C:\Program Files\Digital Line Detect\
ProcessID : 3516
ThreadCreationTime : 09-01-2007 15:03:47
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:49 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 4036
ThreadCreationTime : 09-01-2007 15:04:12
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:50 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 2360
ThreadCreationTime : 09-01-2007 15:04:28
BasePriority : Normal
FileVersion : 8,1,0,0
ProductVersion : 8,1,0,0
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger Tray
LegalCopyright : (c) 1998-2006 Yahoo! Inc. All rights reserved.

#:51 [ad-aware.exe]
FilePath : C:\Program Files\adaware\
ProcessID : 2688
ThreadCreationTime : 09-01-2007 15:39:09
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : notepad.exe %1
TAC Rating : 3
Category : Vulnerability
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : regfile\shell\open\command
Value :
Data : notepad.exe %1

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 10


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jm.navarro@247realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:18
Value : Cookie:jm.navarro@247realmedia.com/
Expires : 01-01-2021 01:00:00
LastSync : Hits:18
UseCount : 0
Hits : 18

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jm.navarro@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\jm.navarro\Cookies\jm.navarro@247realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jm.navarro@ads.addynamix[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\jm.navarro\Cookies\jm.navarro@ads.addynamix[1].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 13



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2872 entries scanned.
New critical objects:0
Objects found so far: 13




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

16:49:45 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:42.958
Objects scanned:163825
Objects identified:4
Objects ignored:0
New critical objects:4
0
Réponse 2 / 6
loupdulac Messages postés 21 Date d'inscription mardi 9 janvier 2007 Statut Membre Dernière intervention 15 novembre 2012
9 janv. 2007 à 17:34
et voici le rapport Spybot

Smitfraud-C.Toolbar888: Réglages (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR

DoubleClick: Cookie traceur (Firefox: mon profil) (Cookie, nothing done)

MediaPlex: Cookie traceur (Firefox: mon profil) (Cookie, nothing done)

Log: Activity: SchedLgU.Txt (Sauver le fichier, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: Sti_Trace.log (Sauver le fichier, nothing done)
C:\WINDOWS\Sti_Trace.log

Log: Shutdown: System32\wbem\logs\wbemess.log (Sauver le fichier, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Sauver le fichier, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Sauver le fichier, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

MS Media Player: Anonymous ID (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1595569382-2297305275-87640226-1006\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS DirectDraw: Most recent application (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

MS Office 9.0 (Word): Recently used file list (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1595569382-2297305275-87640226-1006\Software\Microsoft\Office\9.0\Word\Data\Settings

Windows Explorer: User Assistant history IE (7 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-1595569382-2297305275-87640226-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB78 0-7743-11CF-A12B-00A
A004AE837}\Count

Windows Explorer: User Assistant history files (33 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-1595569382-2297305275-87640226-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{7504870 0-EF1F-11D0-9888-006
097DEACF9}\Count

Cookie: Cookie (5) (Cookie, nothing done)

Cache: Cache (401) (Cache, nothing done)

Cookie: Cookie (14) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2007-01-05 TeaTimer.exe (1.5.0.2)
2006-03-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-02 advcheck.dll (1.2.0.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-01-05 Includes\Beta.sbi (*)
2005-02-16 Includes\Beta.uti (*)
2007-01-05 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-01-05 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2007-01-05 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-01-05 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-12-22 Includes\Malware.sbi (*)
2007-01-05 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2007-01-05 Includes\PUPSC.sbi (*)
2007-01-05 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-01-05 Includes\SecurityC.sbi (*)


2006-10-13 Includes\Spybots.sbi (*)
2007-01-05 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2006-12-08 Includes\Trojans.sbi (*)
2007-01-05 Includes\TrojansC.sbi (*)

0
Réponse 3 / 6
loupdulac Messages postés 21 Date d'inscription mardi 9 janvier 2007 Statut Membre Dernière intervention 15 novembre 2012
9 janv. 2007 à 17:54
Le log Edwigo n'existant plus dans un un lien précédent, voici le rapport fait par a-squared antimalware

Version - a-squared Anti-Malware 2.1

Réglages Scan:

Objets: Mémoire, Traces, Cookies, C:\WINDOWS\,
Scan archives: Marche
Heuristiques: Marche
Scan ADS: Marche

Début du scan: 09/01/2007 17:39:16

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc Détecter: Trace.Directory.VNC
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc server 4 (service-mode) Détecter: Trace.Directory.VNCServer
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc server 4 (user-mode) Détecter: Trace.Directory.VNCServer
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc viewer 4 Détecter: Trace.Directory.VNCViewer
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc viewer 4\run listening vnc viewer.lnk Détecter: Trace.File.VNC
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc viewer 4\run vnc viewer.lnk Détecter: Trace.File.VNC
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc server 4 (service-mode)\configure vnc service.lnk Détecter: Trace.File.VNCServer
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc server 4 (service-mode)\register vnc service.lnk Détecter: Trace.File.VNCServer
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc server 4 (service-mode)\start vnc service.lnk Détecter: Trace.File.VNCServer
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc server 4 (service-mode)\stop vnc service.lnk Détecter: Trace.File.VNCServer
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc server 4 (service-mode)\unregister vnc service.lnk Détecter: Trace.File.VNCServer
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc server 4 (user-mode)\configure user-mode settings.lnk Détecter: Trace.File.VNCServer
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc server 4 (user-mode)\run vnc server.lnk Détecter: Trace.File.VNCServer
Key: HKEY_CLASSES_ROOT\.vnc Détecter: Trace.Registry.VNC.CommonComponents
Key: HKEY_CLASSES_ROOT\vnc.connectioninfo Détecter: Trace.Registry.VNC.CommonComponents
Key: HKEY_CLASSES_ROOT\.vnc Détecter: Trace.Registry.VNC
Key: HKEY_CLASSES_ROOT\vnc.connectioninfo Détecter: Trace.Registry.VNC
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\realvnc_is1 Détecter: Trace.Registry.VNC
Key: HKEY_LOCAL_MACHINE\software\realvnc Détecter: Trace.Registry.VNC
Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\winvnc4 Détecter: Trace.Registry.VNC
Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winvnc4 Détecter: Trace.Registry.VNC
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\realvnc_is1 Détecter: Trace.Registry.VNCServer
Key: HKEY_LOCAL_MACHINE\software\realvnc\winvnc4 Détecter: Trace.Registry.VNCServer
Key: HKEY_CURRENT_USER\software\realvnc\vncviewer4 Détecter: Trace.Registry.VNCViewer
Value: HKEY_CURRENT_USER\software\realvnc\vncviewer4 --> dummy Détecter: Trace.Registry.VNCViewer
Value: HKEY_LOCAL_MACHINE\software\realvnc\winvnc4 --> dummy Détecter: Trace.Registry.VNCViewer
C:\Documents and Settings\jm.navarro\Cookies\jm.navarro@247realmedia[1].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\jm.navarro\Cookies\jm.navarro@247realmedia[2].txt Détecter: Trace.TrackingCookie
C:\WINDOWS\system32\kncyuedi.dll Détecter: Trojan-Spy.Win32.VBStat.j
C:\WINDOWS\Temp\winD02.tmp.exe Détecter: Heuristic.Dialer
C:\WINDOWS\Temp\winD2A.tmp.exe Détecter: Heuristic.Dialer
C:\WINDOWS\Temp\winD31.tmp.exe Détecter: Heuristic.Dialer

Scanné

Fichiers: 11494
Traces: 93461
Cookies: 15
Processus: 49

Trouver

Fichiers: 4
Traces: 26
Cookies: 2
Processus: 0
Clés de Registre: 0

Fin du Scan: 09/01/2007 17:48:47
Temps du Scan: 00:09:31
0
Réponse 4 / 6
loupdulac Messages postés 21 Date d'inscription mardi 9 janvier 2007 Statut Membre Dernière intervention 15 novembre 2012
9 janv. 2007 à 18:18
et voici la suite du scan faite par

a-squared Anti-Dialer 2.1


Début du scan: 09/01/2007 17:57:11

C:\Documents and Settings\jm.navarro\Local Settings\Temporary Internet Files\Content.IE5\TAT7QZK5\srvucc[1].exe Détecté: Dialer Possible
C:\WINDOWS\Temp\winD02.tmp.exe Détecté: Dialer Possible
C:\WINDOWS\Temp\winD2A.tmp.exe Détecté: Dialer Possible
C:\WINDOWS\Temp\winD31.tmp.exe Détecté: Dialer Possible


Fichiers: 4

Fin du scan: 09/01/2007 18:15:37
Temps du scan: 00:18:26
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
loupdulac Messages postés 21 Date d'inscription mardi 9 janvier 2007 Statut Membre Dernière intervention 15 novembre 2012
9 janv. 2007 à 22:33
Logfile of HijackThis v1.99.1
Scan saved at 22:31:17, on 09/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Documents and Settings\jm.navarro\Bureau\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {B1F00B0D-CBEA-CB39-BB4B-976C2468019C} - (no file)
R3 - URLSearchHook: (no name) - {56AF4389-DC3C-DDEA-6F86-8BAD780DE496} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: (no name) - {0315EF6B-78DD-780E-8978-74129333B591} - (disabled by BHODemon)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06CA2BD6-4DCA-474B-9975-5F6E6FAE0278} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {56AF4389-DC3C-DDEA-6F86-8BAD780DE496} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\byknaxoq.dll (disabled by BHODemon)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {B1F00B0D-CBEA-CB39-BB4B-976C2468019C} - (no file)
O2 - BHO: (no name) - {B4A062B6-F310-475C-9483-FABA4F8300BF} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\jyrhimfq.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Program Files\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {204D07F5-A3D9-4872-9A11-C750A5B52163} (PreloadX Class) - https://www.e-col.com/livelinksupport/brava/PreloadX.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://voltigeurdesmots.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16FE74EB-B057-4824-92A4-7BCC8F27E985}: NameServer = 80.10.246.1 80.10.246.132
O17 - HKLM\System\CS4\Services\Tcpip\..\{16FE74EB-B057-4824-92A4-7BCC8F27E985}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awtrq - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: urqrqnn - urqrqnn.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winxoo32 - winxoo32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - (no file)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
0
Réponse 6 / 6
yenamarre
21 avril 2008 à 19:22
Bonjour,
voila j'ai une saloperie de virus sur mon pc qui se prénomme adware.purytiscan et axkugl.dll
s'il vous plait aidez moi
je n'y connais absolument rien en informatique
HELP......
MERCI
0

Discussions similaires

adware.pokki
SuperFun -
SuperFun -

9 réponses
Win32:Adware-gen [Adw]
nico -
nico -

98 réponses
virus crossrider
viaumax -
viaumax -

6 réponses
Adware.Elex.ShrtCln : impossible à retirer
jackloup -
jayc -

8 réponses
c'est quoi un tracking cookie?
Berivan -
Berivan -

45 réponses