A l'attention de TopTiBal
Résolu
^^Marie^^
Messages postés
41884
Date d'inscription
Statut
Membre
Dernière intervention
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Une analyse ???
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:25, on 29/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
K:\UTILS\PACKSE~1\backweb\361343\Program\SERVIC~1.EXE
K:\UTILS\Pack Securite\Anti-Virus\fsgk32st.exe
K:\UTILS\Pack Securite\Anti-Virus\FSGK32.EXE
K:\UTILS\Pack Securite\backweb\361343\program\fsbwsys.exe
K:\UTILS\Pack Securite\Common\FSMA32.EXE
K:\UTILS\Pack Securite\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\oodag.exe
K:\UTILS\Pack Securite\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
K:\PROG\UPHClean\uphclean.exe
K:\UTILS\Pack Securite\Common\FCH32.EXE
K:\UTILS\Pack Securite\Common\FAMEH32.EXE
K:\UTILS\Pack Securite\Anti-Virus\fsrw.exe
K:\UTILS\Pack Securite\FWES\Program\fsdfwd.exe
K:\UTILS\Pack Securite\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Realtek Semiconductor Corp\Card Reader Software\DriveIcon\DriveIcon.exe
K:\UTILS\Pack Securite\Common\FSM32.EXE
K:\UTILS\PACKSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\LVCOMSX.EXE
K:\UTILS\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
K:\PROG\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
K:\UTILS\Pack Securite\backweb\361343\Program\fspex.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
K:\PROG\KVIrc\kvirc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DriveIcons] C:\Program Files\Realtek Semiconductor Corp\Card Reader Software\DriveIcon\DriveIcon.exe
O4 - HKLM\..\Run: [F-Secure Manager] "K:\UTILS\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "K:\UTILS\Pack Securite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "K:\UTILS\Pack Securite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "K:\PROG\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "K:\UTILS\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "K:\PROG\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = K:\PROG\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pack Securite.lnk = K:\UTILS\Pack Securite\backweb\361343\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - K:\UTILS\Pack Securite\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - K:\UTILS\Pack Securite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - K:\UTILS\Pack Securite\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} (Seagate SeaTools Online French) - http://www.seagate.com/support/disc/asp/tools/fr/bin/npseatools.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://www.zonealarm.com/
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-3a170e5691403d91.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} (ActiveXUpload.UserCtrl) - http://www.photoservice.com/activeX/newUpload.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9C766F1-3337-43B6-AC52-43D882284FF8}: NameServer = 86.64.145.145 84.103.237.145
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pack Securite (BackWeb Plug-in - 361343) - BackWeb Technologies Inc. - K:\UTILS\PACKSE~1\backweb\361343\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - K:\UTILS\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - K:\UTILS\Pack Securite\backweb\361343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - K:\UTILS\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - K:\UTILS\Pack Securite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
;;;))
Une analyse ???
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:25, on 29/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
K:\UTILS\PACKSE~1\backweb\361343\Program\SERVIC~1.EXE
K:\UTILS\Pack Securite\Anti-Virus\fsgk32st.exe
K:\UTILS\Pack Securite\Anti-Virus\FSGK32.EXE
K:\UTILS\Pack Securite\backweb\361343\program\fsbwsys.exe
K:\UTILS\Pack Securite\Common\FSMA32.EXE
K:\UTILS\Pack Securite\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\oodag.exe
K:\UTILS\Pack Securite\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
K:\PROG\UPHClean\uphclean.exe
K:\UTILS\Pack Securite\Common\FCH32.EXE
K:\UTILS\Pack Securite\Common\FAMEH32.EXE
K:\UTILS\Pack Securite\Anti-Virus\fsrw.exe
K:\UTILS\Pack Securite\FWES\Program\fsdfwd.exe
K:\UTILS\Pack Securite\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Realtek Semiconductor Corp\Card Reader Software\DriveIcon\DriveIcon.exe
K:\UTILS\Pack Securite\Common\FSM32.EXE
K:\UTILS\PACKSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\LVCOMSX.EXE
K:\UTILS\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
K:\PROG\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
K:\UTILS\Pack Securite\backweb\361343\Program\fspex.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
K:\PROG\KVIrc\kvirc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DriveIcons] C:\Program Files\Realtek Semiconductor Corp\Card Reader Software\DriveIcon\DriveIcon.exe
O4 - HKLM\..\Run: [F-Secure Manager] "K:\UTILS\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "K:\UTILS\Pack Securite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "K:\UTILS\Pack Securite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "K:\PROG\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "K:\UTILS\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "K:\PROG\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = K:\PROG\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pack Securite.lnk = K:\UTILS\Pack Securite\backweb\361343\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - K:\UTILS\Pack Securite\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - K:\UTILS\Pack Securite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - K:\UTILS\Pack Securite\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} (Seagate SeaTools Online French) - http://www.seagate.com/support/disc/asp/tools/fr/bin/npseatools.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://www.zonealarm.com/
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-3a170e5691403d91.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} (ActiveXUpload.UserCtrl) - http://www.photoservice.com/activeX/newUpload.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9C766F1-3337-43B6-AC52-43D882284FF8}: NameServer = 86.64.145.145 84.103.237.145
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pack Securite (BackWeb Plug-in - 361343) - BackWeb Technologies Inc. - K:\UTILS\PACKSE~1\backweb\361343\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - K:\UTILS\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - K:\UTILS\Pack Securite\backweb\361343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - K:\UTILS\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - K:\UTILS\Pack Securite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
;;;))
A voir également:
- A l'attention de TopTiBal
- Messenger en attente de réseau ✓ - Forum Facebook
- Symbole attention clavier - Forum LibreOffice / OpenOffice
- Messenger en attente de reseau - Forum Facebook Messenger
- Whatsapp : attention - Accueil - Arnaque
- Fnac en attente de livraison fournisseur - Forum Consommation & Internet
6 réponses
attention y a des espions
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
formate !! ca vas exploser !!
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
formate !! ca vas exploser !!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Y a un fichier suspect -;)
Fichier HijackThis.exe reçu le 2008.07.25 22:54:13 (CET)
Situation actuelle: terminé
Résultat: 2/35 (5.71%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.26.0 2008.07.25 -
AntiVir 7.8.1.12 2008.07.25 -
Authentium 5.1.0.4 2008.07.25 -
Avast 4.8.1195.0 2008.07.25 -
AVG 8.0.0.130 2008.07.25 -
BitDefender 7.2 2008.07.25 -
CAT-QuickHeal 9.50 2008.07.25 -
ClamAV 0.93.1 2008.07.25 -
DrWeb 4.44.0.09170 2008.07.25 -
eSafe 7.0.17.0 2008.07.24 Suspicious File
eTrust-Vet 31.6.5981 2008.07.25 -
Ewido 4.0 2008.07.25 -
F-Prot 4.4.4.56 2008.07.25 -
F-Secure 7.60.13501.0 2008.07.25 -
Fortinet 3.14.0.0 2008.07.25 -
GData 2.0.7306.1023 2008.07.25 -
Ikarus T3.1.1.34.0 2008.07.25 -
Kaspersky 7.0.0.125 2008.07.25 -
McAfee 5347 2008.07.25 -
Microsoft 1.3704 2008.07.25 -
NOD32v2 3300 2008.07.25 -
Norman 5.80.02 2008.07.25 -
Panda 9.0.0.4 2008.07.25 Suspicious file
PCTools 4.4.2.0 2008.07.25 -
Prevx1 V2 2008.07.25 -
Rising 20.54.42.00 2008.07.25 -
Sophos 4.31.0 2008.07.25 -
Sunbelt 3.1.1536.1 2008.07.25 -
Symantec 10 2008.07.25 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.25 -
VBA32 3.12.8.1 2008.07.25 -
ViRobot 2008.7.25.1310 2008.07.25 -
VirusBuster 4.5.11.0 2008.07.25 -
Webwasher-Gateway 6.6.2 2008.07.25 -
Information additionnelle
File size: 396288 bytes
MD5...: c4ca7416a6df6d95075f81d9e3b41ad1
SHA1..: 6ebbb54156e21ac20c27ca1fb8b3ddcacc919fa8
SHA256: 825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6
SHA512: 7b3519b6e8b0d15484d41dfcd324c10dab863e640e9f145a43016da0b61b74f3
646bf9f4b9a88f849f3467e7abb2a15578a51b85b2d10fe8abb4217da190886c
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x542830
timedatestamp.....: 0x466838c1 (Thu Jun 07 16:56:33 2007)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0xfc000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xfd000 0x46000 0x45a00 7.93 8764d7eac0301131e6c79e4aa30317bf
.rsrc 0x143000 0x1b000 0x1ae00 4.69 5f1a0873640fcdb4a281dbf91049814f
( 2 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess
> MSVBVM60.DLL: -
( 0 exports )
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
Fichier HijackThis.exe reçu le 2008.07.25 22:54:13 (CET)
Situation actuelle: terminé
Résultat: 2/35 (5.71%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.26.0 2008.07.25 -
AntiVir 7.8.1.12 2008.07.25 -
Authentium 5.1.0.4 2008.07.25 -
Avast 4.8.1195.0 2008.07.25 -
AVG 8.0.0.130 2008.07.25 -
BitDefender 7.2 2008.07.25 -
CAT-QuickHeal 9.50 2008.07.25 -
ClamAV 0.93.1 2008.07.25 -
DrWeb 4.44.0.09170 2008.07.25 -
eSafe 7.0.17.0 2008.07.24 Suspicious File
eTrust-Vet 31.6.5981 2008.07.25 -
Ewido 4.0 2008.07.25 -
F-Prot 4.4.4.56 2008.07.25 -
F-Secure 7.60.13501.0 2008.07.25 -
Fortinet 3.14.0.0 2008.07.25 -
GData 2.0.7306.1023 2008.07.25 -
Ikarus T3.1.1.34.0 2008.07.25 -
Kaspersky 7.0.0.125 2008.07.25 -
McAfee 5347 2008.07.25 -
Microsoft 1.3704 2008.07.25 -
NOD32v2 3300 2008.07.25 -
Norman 5.80.02 2008.07.25 -
Panda 9.0.0.4 2008.07.25 Suspicious file
PCTools 4.4.2.0 2008.07.25 -
Prevx1 V2 2008.07.25 -
Rising 20.54.42.00 2008.07.25 -
Sophos 4.31.0 2008.07.25 -
Sunbelt 3.1.1536.1 2008.07.25 -
Symantec 10 2008.07.25 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.25 -
VBA32 3.12.8.1 2008.07.25 -
ViRobot 2008.7.25.1310 2008.07.25 -
VirusBuster 4.5.11.0 2008.07.25 -
Webwasher-Gateway 6.6.2 2008.07.25 -
Information additionnelle
File size: 396288 bytes
MD5...: c4ca7416a6df6d95075f81d9e3b41ad1
SHA1..: 6ebbb54156e21ac20c27ca1fb8b3ddcacc919fa8
SHA256: 825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6
SHA512: 7b3519b6e8b0d15484d41dfcd324c10dab863e640e9f145a43016da0b61b74f3
646bf9f4b9a88f849f3467e7abb2a15578a51b85b2d10fe8abb4217da190886c
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x542830
timedatestamp.....: 0x466838c1 (Thu Jun 07 16:56:33 2007)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0xfc000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xfd000 0x46000 0x45a00 7.93 8764d7eac0301131e6c79e4aa30317bf
.rsrc 0x143000 0x1b000 0x1ae00 4.69 5f1a0873640fcdb4a281dbf91049814f
( 2 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess
> MSVBVM60.DLL: -
( 0 exports )
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
Navigue n'importe où !! Rien que les 016 !!!
Impressionnant ;;)