[Virus] infecte par SpyWorm.win32 ?

jindrak2 -  
alphaboy Messages postés 13 Statut Membre -
Bonjour tout le monde,

J'ai attrape un virus en telechargeant un fichier.
Je pense qu'il se nomme "spyWorm.win32"
Il m'a mis une nouvelle icone dans la barre de tache : un point d'interrogation avec une barre rouge qui s'affiche.

Cette icone m'affiche svt des fenetres du style :
- System alert : u have been affected by spyware ... qui me demande d'installer des logiciels anti spyware
- une pub de casino
- des fenetres sur les virus
- ...

J'ai McAffee comme antivirus
j'ai utilise Spybot Search and Destroy, il a detecte des entrees registres suspectes dans Microsoft/Windows/policies/explorer/run
il s'agit de "rare" et "user32.dll" , qui proviennent de C:\Program Files\Video ActiveX Access c'est a dire du telechargement effectue.

Le contenu de ce fichier est : iesmin, iesbunst, iesmn, imsmain,imsmn qui sont des dll ou executables , ainsi que deux icones : ot ,ts

De plus, lorque j'eteinds ou redemarre l'ordi, il m'embete avec une de ces dll mais bon il redemarre et s'eteind quand meme.

Voila, j'espere que vous pourrez m'aider à tuer ce virus, j'ai besoin de mon ordi pour mes exams et travaux et g pas envie de formater l'ordi ...

Merci d'avance
Configuration: Windows XP
Firefox 2.0.0.3

10 réponses

  1. jindrak2
     
    Voila le rapport,

    Logfile of HijackThis v1.99.1
    Scan saved at 13:35:47, on 12/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Video ActiveX Access\iesmn.exe
    C:\Program Files\Video ActiveX Access\imsmain.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\ICO.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Video ActiveX Access\imsmn.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Creative\Mixer\CTSVolFE.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Outils\Elaborate Bytes\CloneCD\CloneCDTray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Video ActiveX Access\iesmin.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Outils\PowerArchiver\PASTARTER.EXE
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\SiteAdvisor\6066\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    c:\program files\mcafee\msc\mcshell.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Lolo\Bureau\Scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.be/ig/dell?hl=fr&client=dell-row&channel=be&ibd=6070209
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-be?c=be&l=fr&s=gen&redirect=1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-be?c=be&l=fr&s=gen&redirect=1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=fr&client=dell-row&channel=be&ibd=6070209
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8} - C:\Program Files\Video ActiveX Access\iesplg.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Protection Bar - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - C:\Program Files\Video ActiveX Access\iesbpl.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Outils\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Outils\Elaborate Bytes\CloneCD\CloneCDTray.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Outils\PowerArchiver\PASTARTER.EXE
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?0a82992ae3d741e6b69818de45d55f0a
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?0a82992ae3d741e6b69818de45d55f0a
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{277DE1BC-4A6D-465E-A529-62C50B36A996}: NameServer = 138.48.4.4,138.48.4.10
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Outils\MATLAB7\webserver\bin\win32\matlabserver.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
    $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

    J'ai transmis le rapport a hijack.de

    headleft

    HijackThis.de Security
    Téléchargement direct
    Vers le site du développeur
    Database
    Deutsch English Français Italian Czech

    headright

    Evaluation de votre log créé par HijackThis
    HijackThis opens you a possibility to find and fix nasty entries on your computer easier.
    Therefore it will scan special parts in the registry and on your harddisk and compare them with the default settings. If there is some abnormality detected on your computer HijackThis will save them into a logfile. In order to find out what entries are nasty and what are installed by the user, you need some background information.
    A logfile is not so easy to analyze. Even for an advanced computer user. With the help of this automatic analyzer you are able to get some additional support. Just paste your complete logfile into the textbox at the bottom of this page.
    A cause de quelques malentendus, je précise que je développe seulement cette analyse en ligne et non l'utilitaire HijackThis.

    Service & Support
    HijackThis.de Supportforum Deutsch | English

    Current information
    Information - If you send us unknown or incorrect rated entries please fill out all the fields in english or german language. We will ignore it otherwise. We also ignore everything which doesn't contain reliable information to this entry.
    Furthermore the contact forms on this page are not intended to help with your computer problems. Please use our forum if you have problems with your computer.

    Evaluation du log
    veuillez copier votre log ci-dessous

    ou bien recherchez un log sauvegardé sur votre disque dur

    The following analyses has been stored temporarily
    Logfile of Hijac...[Remove Logfile] 13.05.2007, 18:32:23

    Show the visitors ratings

    Aidez-nous à garder ce service gratuit en ligne! Faites-nous, s'il vous plaît, une petite donation via PayPal.
    Actions

    Inscription

    Genre

    Visitor's assessment

    Information
    Analyzerdetails
    Logfile of HijackThis v1.99.1

    Genre

    Votre version semble être actuelle.

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    Genre

    Analyzerdetails
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Genre

    Votre version semble être actuelle.
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\System32\smss.exe

    Genre

    Very safe
    Very safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\system32\winlogon.exe

    Genre

    Very safe
    Very safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\system32\services.exe

    Genre

    Safe
    Safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\system32\lsass.exe

    Genre

    Very safe
    Very safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\system32\Ati2evxx.exe

    Genre

    Very safe
    Very safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\system32\svchost.exe

    Genre

    Safe
    Safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\System32\svchost.exe

    Genre

    Very safe
    Very safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\System32\WLTRYSVC.EXE

    Genre

    Safe
    Safe

    Broadcom Corporation Wireless Network Tray Applet
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\System32\bcmwltry.exe

    Genre

    Safe
    Safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\system32\spoolsv.exe

    Genre

    Safe
    Safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\system32\Ati2evxx.exe

    Genre

    Very safe
    Very safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\Explorer.EXE

    Genre

    Very safe
    Very safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    C:\Program Files\Video ActiveX Access\iesmn.exe

    Genre

    Fuzzy Algorithmcheck (1.34 / 5.00), Nasty
    Visitor's assessment Analyzerdetails Inconnu
    C:\Program Files\Video ActiveX Access\imsmain.exe

    Genre

    Tâche inconnue.
    Visitor's assessment Analyzerdetails
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    Genre

    Safe
    Safe

    Visitor's assessment Analyzerdetails
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

    Genre

    Very safe
    Very safe

    ATI Control Center
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\system32\ICO.EXE

    Genre

    Very safe
    Very safe

    Visitor's assessment Analyzerdetails
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

    Genre

    Safe
    Safe

    Java Runtime
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\stsystra.exe

    Genre

    Safe
    Safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

    Genre

    Install Shield Software Update
    Visitor's assessment Analyzerdetails Inconnu
    C:\Program Files\Video ActiveX Access\imsmn.exe

    Genre

    Tâche inconnue.
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\ehome\ehtray.exe

    Genre

    Safe
    Safe

    Visitor's assessment Analyzerdetails
    C:\Program Files\Creative\Mixer\CTSVolFE.exe

    Genre

    Very safe
    Very safe
    Fuzzy Algorithmcheck (4.4 / 5.00), Safe
    Visitor's assessment Analyzerdetails
    C:\Program Files\Dell\MediaDirect\PCMService.exe

    Genre

    PowerCinema
    Visitor's assessment Analyzerdetails
    C:\Program Files\Dell\QuickSet\quickset.exe

    Genre

    Safe
    Safe

    Visitor's assessment Analyzerdetails
    C:\WINDOWS\system32\WLTRAY.exe

    Genre

    Very safe
    Very safe
    Tâche inconnue.
    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    C:\Outils\Elaborate Bytes\CloneCD\CloneCDTray.exe

    Genre

    Eventuellement méchant! Selon notre base de données, ce processus s’exécute normalement dans c:\programme\elaborate bytes\clonecd\! Vérifiez si vous connaissez ce processus et arrangez un contrôle antivirus si nécessaire. CloneCD Taskicon
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\system32\dla\tfswctrl.exe

    Genre

    Neutral
    Neutral

    HP DLA Packet Writing Software
    Visitor's assessment Analyzerdetails
    C:\Program Files\Video ActiveX Access\iesmin.exe

    Genre

    Fuzzy Algorithmcheck (1.34 / 5.00), Nasty
    Visitor's assessment Analyzerdetails
    C:\Program Files\McAfee\MSK\MskAgent.exe

    Genre

    Neutral
    Neutral

    Eventuellement méchant! Selon notre base de données, ce processus s’exécute normalement dans c:\programme\mcafee\spamki~1\! Vérifiez si vous connaissez ce processus et arrangez un contrôle antivirus si nécessaire. Bestandteil von McAfee
    Visitor's assessment Analyzerdetails
    C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

    Genre

    Very safe
    Very safe

    McAfee SiteAdvisor
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\system32\ctfmon.exe

    Genre

    Very safe
    Very safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    C:\Program Files\Dell Support\DSAgnt.exe

    Genre

    Very safe
    Very safe

    Dell Support Application
    Visitor's assessment Analyzerdetails
    C:\Outils\PowerArchiver\PASTARTER.EXE

    Genre

    Fuzzy Algorithmcheck (4 / 5.00), Safe
    Visitor's assessment Analyzerdetails
    C:\Program Files\Digital Line Detect\DLG.exe

    Genre

    Safe
    Safe

    Digital Line Detect - BVRP Phone Tools software suite
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\eHome\ehRecvr.exe

    Genre

    Safe
    Safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\eHome\ehSched.exe

    Genre

    Neutral
    Neutral

    Visitor's assessment Analyzerdetails
    C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

    Genre

    McAfee HackerWatch Service
    Visitor's assessment Analyzerdetails
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

    Genre

    Very safe
    Very safe

    Part of McAfee
    Visitor's assessment Analyzerdetails
    c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

    Genre

    McAfee Network Agent
    Visitor's assessment Analyzerdetails
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

    Genre

    Very safe
    Very safe

    McAfee Scanner
    Visitor's assessment Analyzerdetails
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

    Genre

    Very safe
    Very safe

    McAfee Protection Manager
    Visitor's assessment Analyzerdetails
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe

    Genre

    McAfee Proxy Service
    Visitor's assessment Analyzerdetails
    c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

    Genre

    McAfee Redirector Service
    Visitor's assessment Analyzerdetails
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

    Genre

    Very safe
    Very safe

    McAfee SystemGuards
    Visitor's assessment Analyzerdetails
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

    Genre

    Very safe
    Very safe

    Machine Debug Manager. Used by developers.
    Visitor's assessment Analyzerdetails
    C:\Program Files\McAfee\MPF\MPFSrv.exe

    Genre

    Safe
    Safe

    McAfee Personal Firewall Service
    Visitor's assessment Analyzerdetails
    C:\PROGRA~1\McAfee\MPS\mps.exe

    Genre

    Very safe
    Very safe

    McAfee Privacy Service
    Visitor's assessment Analyzerdetails
    C:\Program Files\McAfee\MSK\MskSrver.exe

    Genre

    McAfee SpamKiller Service
    Visitor's assessment Analyzerdetails
    C:\Program Files\SiteAdvisor\6066\SAService.exe

    Genre

    McAffee SiteAdvisor
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\system32\svchost.exe

    Genre

    Safe
    Safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    C:\Program Files\McAfee\MPS\mpsevh.exe

    Genre

    Part of McAfee
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\system32\dllhost.exe

    Genre

    Safe
    Safe

    Visitor's assessment Analyzerdetails
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe

    Genre

    Very safe
    Very safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    C:\WINDOWS\eHome\ehmsas.exe

    Genre

    Very safe
    Very safe

    Visitor's assessment Analyzerdetails
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

    Genre

    Very safe
    Very safe

    ATI Control Center
    Visitor's assessment Analyzerdetails
    c:\program files\mcafee\msc\mcshell.exe

    Genre

    Fuzzy Algorithmcheck (4.31 / 5.00), Safe
    Visitor's assessment Analyzerdetails
    C:\Program Files\Mozilla Firefox\firefox.exe

    Genre

    Very safe
    Very safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

    Genre

    Safe
    Safe

    Eventuellement méchant! Selon notre base de données, ce processus s’exécute normalement dans c:\programme\mcafee.com\vso\! Vérifiez si vous connaissez ce processus et arrangez un contrôle antivirus si nécessaire.
    Visitor's assessment Analyzerdetails
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

    Genre

    Safe
    Safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    C:\Program Files\Internet Explorer\iexplore.exe

    Genre

    Safe
    Safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

    Genre

    Safe
    Safe

    Microsoft Windows Live Login Helper
    Visitor's assessment Analyzerdetails Inconnu
    C:\Documents and Settings\Lolo\Bureau\Scanner.exe

    Genre

    Tâche inconnue.
    Visitor's assessment Analyzerdetails
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.be/ig/dell?hl=fr&client=dell-row&channel=be&ibd=6070209

    Genre

    Ce site a été identifié comme étant non dangereux
    Visitor's assessment Analyzerdetails
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR

    Genre

    Ce site a été identifié comme étant non dangereux
    Visitor's assessment Analyzerdetails
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR

    Genre

    Ce site a été identifié comme étant non dangereux
    Visitor's assessment Analyzerdetails
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

    Genre

    Very safe
    Very safe
    Ce site a été identifié comme étant non dangereux
    Visitor's assessment Analyzerdetails
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-be?c=be&l=fr&s=gen&redirect=1

    Genre

    Ce site a été identifié comme étant non dangereux
    Visitor's assessment Analyzerdetails
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-be?c=be&l=fr&s=gen&redirect=1

    Genre

    Ce site a été identifié comme étant non dangereux
    Visitor's assessment Analyzerdetails
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=fr&client=dell-row&channel=be&ibd=6070209

    Genre

    Ce site a été identifié comme étant non dangereux
    Visitor's assessment Analyzerdetails
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR

    Genre

    Ce site a été identifié comme étant non dangereux
    Visitor's assessment Analyzerdetails
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

    Genre

    Very safe
    Very safe
    Ce site a été identifié comme étant non dangereux
    Visitor's assessment Analyzerdetails
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    Genre

    Cette inscription a été identifiée comme étant non dangereuse.
    Visitor's assessment Analyzerdetails
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    Genre

    Neutral
    Neutral
    Ycomp*_*_*_*.dll - Yahoo Companion!, Yahoo Companion!
    Visitor's assessment Analyzerdetails
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    Genre

    Very safe
    Very safe
    AcroIEhelper.ocx, AcroIEhelper.dll - Adobe Acrobat reader, http://www.adobe.com/products/acrobat/re adstep2.html
    Visitor's assessment Analyzerdetails
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

    Genre

    saIE.dll - SiteAdvisor, https://www.mcafee.com/en-us/safe-browser/mcafee-webadvisor.html
    Visitor's assessment Analyzerdetails
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    Genre

    Safe
    Safe
    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

    Genre

    Neutral
    Neutral
    tfswshx.dll - Hewlett-Packard/Veritas DLA software
    Visitor's assessment Analyzerdetails
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    Genre

    Very safe
    Very safe
    SUN Java
    Visitor's assessment Analyzerdetails Inconnu
    O2 - BHO: (no name) - {7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8} - C:\Program Files\Video ActiveX Access\iesplg.dll

    Genre

    Programme inconnu.
    Visitor's assessment Analyzerdetails
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

    Genre

    Safe
    Safe
    scriptproxy.dll, scriptsn.dll - McAfee, https://home.mcafee.com/StaticGenericPage.aspx?page=cookienotsupported&url=%2f%3fctst%3d1 ScriptScan
    Visitor's assessment Analyzerdetails
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    Genre

    Safe
    Safe
    Programme inconnu.
    Inscription superflue (car sans effet) qui peut donc être effacée ! This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    Genre

    Neutral
    Neutral
    WindowsLiveLogin.dll - Microsoft Windows_Live, https://support.microsoft.com/en-us/windows/windows-essentials-2707b879-5004-4349-c4a4-e5900945f2a9
    Visitor's assessment Analyzerdetails
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    Genre

    MSN Toolbar Helper
    Visitor's assessment Analyzerdetails
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

    Genre

    Very safe
    Very safe
    GoogleAE.dll - Google Search related, found on Dell computers. Reportedly responsible for displaying this, http://www.google.com/hws/dell/afe? placeholder web page; also see here, https://www.gamedev.net/forums/ topic.asp?topic_id=368054 a
    Visitor's assessment Analyzerdetails
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

    Genre

    saIE.dll - SiteAdvisor, https://www.mcafee.com/en-us/safe-browser/mcafee-webadvisor.html
    Visitor's assessment Analyzerdetails
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    Genre

    Msntb.dll - MSN Toolbar, https://www.bing.com/?toHttps=1&redig=C5A5F4D5ECA345F689A948C005FF88A7
    Visitor's assessment Analyzerdetails
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    Genre

    Ycomp*_*_*_*.dll - Yahoo Companion!, http://companion.yahoo.com/
    Visitor's assessment Analyzerdetails Inconnu
    O3 - Toolbar: Protection Bar - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - C:\Program Files\Video ActiveX Access\iesbpl.dll

    Genre

    Programme inconnu.
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    Genre

    Very safe
    Very safe

    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

    Genre

    Very safe
    Very safe
    ATI Catalyst ControlCenter
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE

    Genre

    Dell Mouse Software
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

    Genre

    Safe
    Safe
    Java von Sun
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe

    Genre

    Safe
    Safe
    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

    Genre

    Neutral
    Neutral
    Non dangereux, mais tout de même superflu. InstallShield Update Service Scheduler; automatically searches for and performs any updates to the software so you’re always working with the most current version. Not required.
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    Genre

    Non dangereux, mais tout de même superflu. InstallShield Update Service related; Automatically searches for and performs any updates to the software. Not required.
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

    Genre

    Neutral
    Neutral
    eHome Media Center PC related - Needed for Media Center Remote Functions
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r

    Genre

    Creative Audio Control
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

    Genre

    In a Dell\Media Experience sub-directory
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

    Genre

    Very safe
    Very safe
    Non dangereux, mais tout de même superflu. Dell taskbar icon allowing you to quickly change settings
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

    Genre

    Safe
    Safe
    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Outils\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

    Genre

    Non dangereux, mais tout de même superflu. From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Outils\Elaborate Bytes\CloneCD\CloneCDTray.exe"

    Genre

    System tray for CloneCD - the only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

    Genre

    Safe
    Safe
    Part of Sonic Solutions DVD/CD Suite / HP's packet writing software
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe

    Genre

    Bestandteil von McAfee
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

    Genre

    McAfee SiteAdvisor
    Visitor's assessment Analyzerdetails
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    Genre

    Safe
    Safe
    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

    Genre

    Neutral
    Neutral
    Dell Support
    Visitor's assessment Analyzerdetails
    O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Outils\PowerArchiver\PASTARTER.EXE

    Genre

    Fuzzy Algorithmcheck (4 / 5.00), Safe
    Visitor's assessment Analyzerdetails
    O4 - Global Startup: Digital Line Detect.lnk = ?

    Genre

    Neutral
    Neutral

    Cette inscription est superflue est peut être effacée !
    Visitor's assessment Analyzerdetails
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    Genre

    Safe
    Safe
    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

    Genre

    Very safe
    Very safe
    Cette inscription &Windows Live Search a été identifiée comme étant non dangereuse.
    Visitor's assessment Analyzerdetails
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites

    Genre

    Safe
    Safe
    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    Genre

    Cette inscription E&xporter vers Microsoft Excel a été identifiée comme étant non dangereuse.
    Visitor's assessment Analyzerdetails
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?0a82992ae3d741e6b69818de45d55f0a

    Genre

    Cette inscription Ouvrir dans un nouvel onglet d'arrière-plan a été identifiée comme étant non dangereuse.
    Visitor's assessment Analyzerdetails
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?0a82992ae3d741e6b69818de45d55f0a

    Genre

    Cette inscription Ouvrir dans un nouvel onglet de premier plan a été identifiée comme étant non dangereuse.
    Visitor's assessment Analyzerdetails
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    Genre

    Safe
    Safe
    Cette inscription a été identifiée comme étant non dangereuse.
    Visitor's assessment Analyzerdetails
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    Genre

    Cette inscription Console Java a été identifiée comme étant non dangereuse.
    Visitor's assessment Analyzerdetails
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

    Genre

    Cette inscription Recherche a été identifiée comme étant non dangereuse.
    Visitor's assessment Analyzerdetails
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    Genre

    Very safe
    Very safe
    Cette inscription Messenger a été identifiée comme étant non dangereuse.
    Visitor's assessment Analyzerdetails
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    Genre

    Safe
    Safe
    Cette inscription Windows Messenger a été identifiée comme étant non dangereuse.
    Visitor's assessment Analyzerdetails Inconnu
    O17 - HKLM\System\CCS\Services\Tcpip\..\{277DE1BC-4A6D-465E-A529-62C50B36A996}: NameServer = 138.48.4.4,138.48.4.10

    Genre

    Effacer si l’IP ou le domaine '138.48.4.4,138.48.4.10' ne vous est pas connu.
    Visitor's assessment Analyzerdetails
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    Genre

    Cette inscription a été identifiée comme étant non dangereuse.
    Visitor's assessment Analyzerdetails
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll

    Genre

    Cette inscription a été identifiée comme étant non dangereuse.
    Visitor's assessment Analyzerdetails
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    Genre

    Cette inscription a été identifiée comme étant non dangereuse.
    Visitor's assessment Analyzerdetails
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

    Genre

    Cette inscription a été identifiée comme étant non dangereuse.
    Visitor's assessment Analyzerdetails
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    Genre

    Safe
    Safe
    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    Genre

    Safe
    Safe
    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    Genre

    Safe
    Safe
    Ce service (Ati2evxx.exe) a été identifié comme étant légitime. This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe

    Genre

    Ce service (emproxy.exe) a été identifié comme étant légitime.
    Visitor's assessment Analyzerdetails
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

    Genre

    Ce service (IDriverT.exe) a été identifié comme étant légitime.
    Visitor's assessment Analyzerdetails
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Outils\MATLAB7\webserver\bin\win32\matlabserver.exe

    Genre

    Ce service (matlabserver.exe) a été identifié comme étant légitime.
    Visitor's assessment Analyzerdetails
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

    Genre

    Ce service (HWAPI.exe) a été identifié comme étant légitime.
    Visitor's assessment Analyzerdetails
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

    Genre

    Very safe
    Very safe
    Ce service (mcupdmgr.exe) a été identifié comme étant légitime.
    Visitor's assessment Analyzerdetails
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

    Genre

    Safe
    Safe
    Ce service (mcmscsvc.exe) a été identifié comme étant légitime.
    Visitor's assessment Analyzerdetails
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

    Genre

    Ce service (mcnasvc.exe) a été identifié comme étant légitime.
    Visitor's assessment Analyzerdetails
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

    Genre

    Ce service (mcods.exe) a été identifié comme étant légitime.
    Visitor's assessment Analyzerdetails
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

    Genre

    Very safe
    Very safe
    Ce service (mcpromgr.exe) a été identifié comme étant légitime.
    Visitor's assessment Analyzerdetails
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe

    Genre

    Ce service (mcproxy.exe) a été identifié comme étant légitime.
    Visitor's assessment Analyzerdetails
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

    Genre

    Ce service (redirsvc.exe) a été identifié comme étant légitime.
    Visitor's assessment Analyzerdetails
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

    Genre

    Very safe
    Very safe
    Ce service (mcshield.exe) a été identifié comme étant légitime.
    Visitor's assessment Analyzerdetails
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

    Genre

    Safe
    Safe
    Ce service (mcsysmon.exe) a été identifié comme étant légitime.
    Visitor's assessment Analyzerdetails
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

    Genre

    Very safe
    Very safe
    Ce service (MPFSrv.exe) a été identifié comme étant légitime.
    Visitor's assessment Analyzerdetails
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

    Genre

    Ce service (mps.exe) a été identifié comme étant légitime.
    Visitor's assessment Analyzerdetails
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

    Genre

    Ce service (MskSrver.exe) a été identifié comme étant légitime.
    Visitor's assessment Analyzerdetails
    O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

    Genre

    Ce service (SAService.exe) a été identifié comme étant légitime.
    Visitor's assessment Analyzerdetails
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    Genre

    Very safe
    Very safe
    Ce service (WLTRYSVC.EXE) a été identifié comme étant légitime.
    Short analysis
    La mise en oeuvre de ces conseils est à vos propres risques et périls !

    © 2004 - 2007 Mathias Mattner | Contact | Developer API

    bottomleft

    bottomright
    0
  2. jindrak2
     
    Voila l'analyse faite par hijack :

    [?] - C:\Program Files\Video ActiveX Access\imsmain.exe
    [?] - C:\Program Files\Video ActiveX Access\imsmn.exe
    [?] - C:\Documents and Settings\Lolo\Bureau\Scanner.exe
    [?] - O2 - BHO: (no name) - {7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8} - C:\Program Files\Video ActiveX Access\iesplg.dll
    [N] - O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    [?] - O3 - Toolbar: Protection Bar - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - C:\Program Files\Video ActiveX Access\iesbpl.dll
    [?] - O17 - HKLM\System\CCS\Services\Tcpip\..\{277DE1BC-4A6D-465E-A529-62C50B36A996}: NameServer = 138.48.4.4,138.48.4.10
    0
  3. fangta Messages postés 142 Statut Membre 21
     
    tu as fait quoi par la suite ?
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. jindrak2
     
    J'ai rien fait depuis.
    J'ai juste essayer de supprimer ce répertoire Video ActiveX mais bon san s succes lol
    0
  6. fangta Messages postés 142 Statut Membre 21
     
    essaie de le supprimer en mode sans echec
    0
  7. jindrak2
     
    je l'ai supprime en mode sans echec.
    Mais le virus est tjs la bien qu'il n'ouvre plus de pages tout seul, il reste juste l'icone et les system alert.
    J'ai vu qu'il ne chargeait plus les exe dans le processus de windows mais qu'ils sont tjs present dans le registre
    0
  8. jindrak2
     
    Voila ce que donne hijack mnt

    Logfile of HijackThis v1.99.1
    Scan saved at 21:00:28, on 12/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\ICO.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Creative\Mixer\CTSVolFE.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Outils\Elaborate Bytes\CloneCD\CloneCDTray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Outils\PowerArchiver\PASTARTER.EXE
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\SiteAdvisor\6066\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Lolo\Bureau\Scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.be/ig/dell?hl=fr&client=dell-row&channel=be&ibd=6070209
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-be?c=be&l=fr&s=gen&redirect=1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-be?c=be&l=fr&s=gen&redirect=1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=fr&client=dell-row&channel=be&ibd=6070209
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Protection Bar - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Outils\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Outils\Elaborate Bytes\CloneCD\CloneCDTray.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Outils\PowerArchiver\PASTARTER.EXE
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?0a82992ae3d741e6b69818de45d55f0a
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?0a82992ae3d741e6b69818de45d55f0a
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{277DE1BC-4A6D-465E-A529-62C50B36A996}: NameServer = 138.48.4.4,138.48.4.10
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Outils\MATLAB7\webserver\bin\win32\matlabserver.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    ---------------------------------------
    ET l'analyse de hijackthis donne :
    -------------------------------------------

    [?] - C:\Documents and Settings\Lolo\Bureau\Scanner.exe
    [N] - O2 - BHO: (no name) - {7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
    [N] - O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    [N] - O3 - Toolbar: Protection Bar - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
    [?] - O17 - HKLM\System\CCS\Services\Tcpip\..\{277DE1BC-4A6D-465E-A529-62C50B36A996}: NameServer = 138.48.4.4,138.48.4.10
    0
  9. jindrak2 Messages postés 1 Statut Membre
     
    C bon le virus est parti au cimetiere je pense,
    une bonne restauration du systeme ca marche bien :p

    jindrak2 - virus : 1 - 0

    Merci a toi fangta pour ton aide
    0
  10. alphaboy Messages postés 13 Statut Membre
     
    vous avez jugé le déplacement de Spyworm.win32 de cet emplacement : http://www.precisesecurity.com/computer-virus/spww32-jun17.htm
    0