clash modem [RESOLU]
Dernière réponse : dans Sécurité
Bonjour ![:)]( ":)")
voilà j'ai un PC dont le modem ne marche plus, alors hop je décide de changer le modem: oh nikel ca marche. Puis oh surprise 2 minutes plus tard ça ne marche plus impossible de se connecter problème matériel et j'ai fait ca avec 2 modems, donc je pencherais pour un virus quelqu'un pourrais jeter un oeil ? ![:)]( ":)")
voilà j'ai un PC dont le modem ne marche plus, alors hop je décide de changer le modem: oh nikel ca marche. Puis oh surprise 2 minutes plus tard ça ne marche plus impossible de se connecter problème matériel et j'ai fait ca avec 2 modems, donc je pencherais pour un virus quelqu'un pourrais jeter un oeil ? Autres pages sur : clash modem resolu
Lassé par la pub ? Créez un compte
je ne sais pas si un virus peut faire ca mais on va regarder:
Poster le log Hijackthis:
Telecharge hijackthis sur ce site:
HijackThis
Creer un dossier a son nom , dezip le dedans.
Puis lance hijackthis , appuie sur do a system scan and save a logfile.
La un fichier bloc note va s ouvrir selectionne tout sont contenu et post le .
Poster le log Hijackthis:
Telecharge hijackthis sur ce site:
HijackThis
Creer un dossier a son nom , dezip le dedans.
Puis lance hijackthis , appuie sur do a system scan and save a logfile.
La un fichier bloc note va s ouvrir selectionne tout sont contenu et post le .
Ok ![:)]( ":)")
Logfile of HijackThis v1.99.1
Scan saved at 11:23:42, on 12/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\System32\ctfmon.exe
C:\program files\mailskinner\mailskinner.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = quercyrouergue.cario.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\Run: [Start Uppings] mssupdate.exe
O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\Run: [msnsched] msnsched.exe
O4 - HKLM\..\Run: [Nero] C:\WINDOWS\qttasks.exe /i
O4 - HKLM\..\Run: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft AOL Instant Messenger] MSAOL32.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vnkuwgmxo] c:\windows\system32\vnkuwgmxo.exe vnkuwgmxo
O4 - HKLM\..\Run: [aurqgoj] c:\windows\system32\aurqgoj.exe aurqgoj
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [urszkwtnx] c:\windows\system32\urszkwtnx.exe urszkwtnx
O4 - HKLM\..\Run: [hidqjbwxle] c:\windows\system32\hidqjbwxle.exe hidqjbwxle
O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\RunServices: [msnsched] msnsched.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\RunServices: [Microsoft AOL Instant Messenger] MSAOL32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Start Uppings] mssupdate.exe
O4 - HKCU\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKCU\..\Run: [Windows media service] crsss.exe
O4 - HKCU\..\Run: [NAV Auto Updates] slserves.exe
O4 - HKCU\..\Run: [Microsoft AOL Instant Messenger] MSAOL32.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1061.dll,InstantAccess
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Logfile of HijackThis v1.99.1
Scan saved at 11:23:42, on 12/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\System32\ctfmon.exe
C:\program files\mailskinner\mailskinner.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = quercyrouergue.cario.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\Run: [Start Uppings] mssupdate.exe
O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\Run: [msnsched] msnsched.exe
O4 - HKLM\..\Run: [Nero] C:\WINDOWS\qttasks.exe /i
O4 - HKLM\..\Run: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft AOL Instant Messenger] MSAOL32.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vnkuwgmxo] c:\windows\system32\vnkuwgmxo.exe vnkuwgmxo
O4 - HKLM\..\Run: [aurqgoj] c:\windows\system32\aurqgoj.exe aurqgoj
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [urszkwtnx] c:\windows\system32\urszkwtnx.exe urszkwtnx
O4 - HKLM\..\Run: [hidqjbwxle] c:\windows\system32\hidqjbwxle.exe hidqjbwxle
O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\RunServices: [msnsched] msnsched.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\RunServices: [Microsoft AOL Instant Messenger] MSAOL32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Start Uppings] mssupdate.exe
O4 - HKCU\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKCU\..\Run: [Windows media service] crsss.exe
O4 - HKCU\..\Run: [NAV Auto Updates] slserves.exe
O4 - HKCU\..\Run: [Microsoft AOL Instant Messenger] MSAOL32.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1061.dll,InstantAccess
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
1/ Télécharge Télécharge Smitfraudfix
Dézippe-le sur le Bureau.
Ouvre le dossier SmitfraudFix et lance SmitfraudFix.cmd
Choisis l'Option 1 (Recherche)
Si tu vois des lignes avec PRESENT! Continue
Redémarre en mode sans échec.
2/ Relance SmitfraudFix et choisis cette fois l’Option 2 et réponds oui à chaque question
Sauvegarde puis poste le rapport.
et fais ca:
1/CCleaner
Telecharge ccleaner sur ce site:
CCleaner
Il nettoie ton ordi de tout les fichiers temporaires inutiles.
Fais une analyse puis lance le nettoyage.
2/Spybot-Search & Destroy
Telecharge le sur ce site:
Spybot S&D
Fais les mise a jour.
Fais un scan et supprime toutes les menaces detecter.
3/Ad-Aware
Telecharge le sur ce site:
Ad-aware-SE-Personal
Fais les mise a jour.
Fais un scan supprimes toutes les menaces detecter.
4/Ewido
Telecharge ewido sur ce site:
Ewido-Anti-Malware
Fais les mise a jour puis fais un scan et post le rapport
Apres repost un log hijackthis , j espere que ca aura fais du menage car beaucoup de menace
Dézippe-le sur le Bureau.
Ouvre le dossier SmitfraudFix et lance SmitfraudFix.cmd
Choisis l'Option 1 (Recherche)
Si tu vois des lignes avec PRESENT! Continue
Redémarre en mode sans échec.
2/ Relance SmitfraudFix et choisis cette fois l’Option 2 et réponds oui à chaque question
Sauvegarde puis poste le rapport.
et fais ca:
1/CCleaner
Telecharge ccleaner sur ce site:
CCleaner
Il nettoie ton ordi de tout les fichiers temporaires inutiles.
Fais une analyse puis lance le nettoyage.
2/Spybot-Search & Destroy
Telecharge le sur ce site:
Spybot S&D
Fais les mise a jour.
Fais un scan et supprime toutes les menaces detecter.
3/Ad-Aware
Telecharge le sur ce site:
Ad-aware-SE-Personal
Fais les mise a jour.
Fais un scan supprimes toutes les menaces detecter.
4/Ewido
Telecharge ewido sur ce site:
Ewido-Anti-Malware
Fais les mise a jour puis fais un scan et post le rapport
Apres repost un log hijackthis , j espere que ca aura fais du menage car beaucoup de menace
Voilà c'est fini alors a noter Adaware et Ewedo j'ai du les passer en mode sans echec ca ne les prenais pas sinon.
Voici le rapport Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 15:45:55, on 12/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwst.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\System32\ctfmon.exe
C:\program files\mailskinner\mailskinner.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe
C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\Run: [Start Uppings] mssupdate.exe
O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\Run: [msnsched] msnsched.exe
O4 - HKLM\..\Run: [Nero] C:\WINDOWS\qttasks.exe /i
O4 - HKLM\..\Run: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft AOL Instant Messenger] MSAOL32.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [aurqgoj] c:\windows\system32\aurqgoj.exe aurqgoj
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [urszkwtnx] c:\windows\system32\urszkwtnx.exe urszkwtnx
O4 - HKLM\..\Run: [hidqjbwxle] c:\windows\system32\hidqjbwxle.exe hidqjbwxle
O4 - HKLM\..\Run: [koyfcx] c:\windows\system32\koyfcx.exe koyfcx
O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\RunServices: [msnsched] msnsched.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\RunServices: [Microsoft AOL Instant Messenger] MSAOL32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Start Uppings] mssupdate.exe
O4 - HKCU\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKCU\..\Run: [Windows media service] crsss.exe
O4 - HKCU\..\Run: [NAV Auto Updates] slserves.exe
O4 - HKCU\..\Run: [Microsoft AOL Instant Messenger] MSAOL32.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1061.dll,InstantAccess
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Voici le rapport Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 15:45:55, on 12/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwst.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\System32\ctfmon.exe
C:\program files\mailskinner\mailskinner.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe
C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\Run: [Start Uppings] mssupdate.exe
O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\Run: [msnsched] msnsched.exe
O4 - HKLM\..\Run: [Nero] C:\WINDOWS\qttasks.exe /i
O4 - HKLM\..\Run: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft AOL Instant Messenger] MSAOL32.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [aurqgoj] c:\windows\system32\aurqgoj.exe aurqgoj
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [urszkwtnx] c:\windows\system32\urszkwtnx.exe urszkwtnx
O4 - HKLM\..\Run: [hidqjbwxle] c:\windows\system32\hidqjbwxle.exe hidqjbwxle
O4 - HKLM\..\Run: [koyfcx] c:\windows\system32\koyfcx.exe koyfcx
O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\RunServices: [msnsched] msnsched.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\RunServices: [Microsoft AOL Instant Messenger] MSAOL32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Start Uppings] mssupdate.exe
O4 - HKCU\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKCU\..\Run: [Windows media service] crsss.exe
O4 - HKCU\..\Run: [NAV Auto Updates] slserves.exe
O4 - HKCU\..\Run: [Microsoft AOL Instant Messenger] MSAOL32.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1061.dll,InstantAccess
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Bonjour,
Effectivement plusieurs infections commence à faire cette manip. et on finira le reste à la main :
- Telecharge Spyware Terminator
http://www.spywareterminator.com/
Installe le dans son répertoire, lance le et poste son rapport
Tutorial d’utilisation :
http://www.malekal.com/tutorial_SpywareTerminator.html
Ensuite poste un nouveau rapport HJT
Effectivement plusieurs infections commence à faire cette manip. et on finira le reste à la main :
- Telecharge Spyware Terminator
http://www.spywareterminator.com/
Installe le dans son répertoire, lance le et poste son rapport
Tutorial d’utilisation :
http://www.malekal.com/tutorial_SpywareTerminator.html
Ensuite poste un nouveau rapport HJT
Omg il a l'air pas mal cet antispy 312 threats trouvés alors que Ewedo et ad aware en trouvaient pas.
Voici les rapports:
Spyware Terminator Version: 1.4.00.640
Start time: 13/06/2006 14:27:40
System: Windows XP SP2
User: Limited
Processes Scan
C:\WINDOWS\SYSTEM32\WINLOGON.EXE [Microsoft Corporation] C:\WINDOWS\SYSTEM32\SYNCOR11.DLL [SoundMAX],
C:\WINDOWS\SYSTEM32\SVCHOST.EXE [Microsoft Corporation] C:\WINDOWS\SYSTEM32\ESENT.DLL [Microsoft Corporation
], SYNCOR11.DLL,
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [Microsoft Corporation] C:\WINDOWS\SYSTEM32\HPZLNT07.DLL [HP],
C:\WINDOWS\SYSTEM32\ALG.EXE [Microsoft Corporation] SYNCOR11.DLL,
C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\ServiceWrapper-1044199.exe [Empty] SERVICEWRAPPER.DLL [Empty],
C:\PROGRAM FILES\EWIDO ANTI-MALWARE\EWIDOCTRL.EXE [ewido networks] C:\PROGRAM FILES\EWIDO ANTI-MALWARE\LANG.DLL [privat],
C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FSGK32ST.EXE [F-Secure Corp.]
C:\PROGRAM FILES\SECURITOO\AV_FW\BACKWEB\1044199\PROGRAM\FSBWSYS.EXE [F-Secure Corp.] C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSEXC.DLL [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSMA32.DLL [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSPMAPI.DLL [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\TNB\FSTNB.DLL [F-Secure Corporation],
C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FSGK32.EXE [F-Secure Corp.] FSPMAPI.DLL, C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSMA32S.DLL [F-Secure Corporation], FSGKIAPI.DLL [F-Secure Corp.],
C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FSSM32.EXE [F-Secure Corp.] C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FM4AV.DLL [Empty], C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\AVPFPI.DLL [Kaspersky Labs], C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\AVP_IONT.DLL [Kaspersky Labs.], C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FPFPI32.DLL [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\DFFPI.DLL [F-Secure Corporation],
C:\WINDOWS\SYSTEM32\NVSVC32.EXE [NVIDIA Corporation]
C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE [Analog Devices, Inc.]
C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSMA32.EXE [F-Secure Corporation] FSPMAPI.DLL, FSMA32.DLL, FSEXC.DLL,
C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSMB32.EXE [F-Secure Corporation] FSEXC.DLL,
C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FCH32.EXE [F-Secure Corporation] FSPMAPI.DLL, FSMA32.DLL, FSEXC.DLL,
C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FAMEH32.EXE [F-Secure Corporation] FSPMAPI.DLL, FSLD32.DLL [F-Secure Corporation], FSMA32.DLL, FSEXC.DLL, AMEHEVN.DLL [F-Secure Corporation], AMEHLOG.DLL [F-Secure Corporation], AMEHSMT.DLL [F-Secure Corporation], AMEHTVL.DLL [F-Secure Corporation],
C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FSAV32.EXE [F-Secure Corporation] FSTSM.DLL [F-Secure Corporation], FSCHED.DLL [F-Secure Corporation], FSMA32.DLL, FSPMAPI.DLL, FSTNB.DLL, FSLD32.DLL [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FSAVHRES.FRA [Empty],
C:\PROGRAM FILES\SECURITOO\AV_FW\DFW\PROGRAM\FSDFWD.EXE [F-Secure Corporation] FSMA32.DLL, FSPMAPI.DLL, FSTNB.DLL, FSLD32.DLL, SYNCOR11.DLL, fsdfwres.fra [F-Secure Corporation],
C:\WINDOWS\EXPLORER.EXE [Microsoft Corporation] C:\PROGRAM FILES\ITUNES\ITUNESMINIPLAYER.DLL [Apple Computer, Inc.], C:\PROGRAM FILES\ITUNES\ITUNESMINIPLAYER.RESOURCES\FR.LPROJ\ITUNESMINIPLAYERLOCALIZED.DLL [Apple Computer, Inc.], C:\PROGRAM FILES\ITUNES\ITUNESMINIPLAYER.RESOURCES\ITUNESMINIPLAYER.DLL [Apple Computer, Inc.], SYNCOR11.DLL, C:\Documents and Settings\Gregoire Yves\Local Settings\Temp\IadHide4.dll [BackWeb], C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL [Adobe Systems Incorporated],
C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSM32.EXE [F-Secure Corporation] FSPMAPI.DLL, FSMA32.DLL, FSLD32.DLL, FSABOUT.DLL [F-Secure Corporation], FSEXC.DLL, FSMRES.FRA [F-Secure Corporation], FSMRES.ENG [F-Secure Corporation], FSMUIAV.DLL [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FSAVURES.ENG [Empty], FSBWUI.DLL [F-Secure Corporation], FSTNB.DLL, FSDFWPI.DLL [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FSAVURES.FRA [Empty], FSMAUI32.DLL [F-Secure Corporation], FSMAURES.FRA [F-Secure Corporation], FSABTRES.ENG [F-Secure Corporation], FSABTRES.FRA [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FSAVDW.DLL [Empty], FSDFWPI.FRA [F-Secure Corporation], FSDFWPI2.ENG [F-Secure Corporation],
C:\WINDOWS\SYSTEM32\LTMSG.EXE [LUCENT TECHNOLOGIES]
C:\PROGRAM FILES\SECURITOO\AV_FW\BACKWEB\1044199\PROGRAM\BACKWEB-1044199.EXE [Empty] C:\PROGRAM FILES\SECURITOO\AV_FW\BACKWEB\1044199\6.1.4.58-1044199L\PROGRAM\BACKWEB.DLL [BackWeb Technologies Inc.], CLNTUTIL.DLL [Empty], C:\PROGRAM FILES\SECURITOO\AV_FW\BACKWEB\1044199\6.1.4.58-1044199L\PROGRAM\BWSEC.DLL [BackWeb], SYNCOR11.DLL, C:\Program Files\Securitoo\av_fw\backweb\1044199\6.1.4.58-1044199L\Program\FR\ClientRc.dll [BackWeb Technologies Inc.], BWFILES-1044199.DLL [Empty], BWFILES.DLL [Empty], IadHide4.dll, C:\PROGRAM FILES\SECURITOO\AV_FW\BACKWEB\1044199\PROGRAM\FSBWCE.DLL [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\BACKWEB\1044199\PROGRAM\FSLD32.DLL [F-Secure Corporation], FSEXC.DLL, C:\PROGRAM FILES\SECURITOO\AV_FW\BACKWEB\1044199\PROGRAM\FSBWRES.FRA [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\BACKWEB\1044199\PROGRAM\FSBWRES.DLL [F-Secure Corporation], FSTNB.DLL, FSMA32.DLL, FSPMAPI.DLL,
C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATOR.EXE [Crawler.com] IadHide4.dll, SYNCOR11.DLL,
C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE [Crawler.com] IadHide4.dll,
Startup Scan
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"msnsched" = "msnsched.exe" [ file not found ]
"F-Secure Manager" = "C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSM32.EXE" [ F-Secure Corporation ]
"F-Secure TNB" = "C:\PROGRAM FILES\SECURITOO\AV_FW\TNB\TNBUTIL.EXE" [ F-Secure Corporation ]
"LTWinModem1" = "C:\WINDOWS\system32\LTMSG.EXE" [ LUCENT TECHNOLOGIES ]
"SpywareTerminator" = "C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE" [ Crawler.com ]
"SpywareTerminator" = "C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE" [ Crawler.com ]
BHO Scan
AcroIEHlprObj Class {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL [Adobe Systems Incorporated]
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Safer Networking Limited]
{549B5CA7-4A86-11D7-A4DF-000874180BB3} [file not found]
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [file not found]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Extension Affichage Panorama du Panneau de configuration (deskpan.dll) [file not found]
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Extensions de l'environnement de compression de fichiers () [file not found]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Menu contextuel de cryptage () [file not found]
{88895560-9AA2-1069-930E-00AA0030EBC8} = Extension icône HyperTerminal (C:\WINDOWS\SYSTEM32\HTICONS.DLL) [Hilgraeve, Inc.]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Barre des tâches et menu Démarrer () [file not found]
{7A9D77BD-5403-11d2-8785-2E0420524153} = Comptes d'utilisateurs () [file not found]
{1CDB2949-8F65-4355-8456-263E7C208A5D} = Explorateur de Bureau (C:\WINDOWS\SYSTEM32\NVSHELL.DLL) [NVIDIA Corporation]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu (C:\WINDOWS\SYSTEM32\NVSHELL.DLL) [NVIDIA Corporation]
{5E44E225-A408-11CF-B581-008029601108} = Adaptec DirectCD Shell Extension (C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Shellex.dll) [Roxio]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler (C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\MSOHEV.DLL) [Microsoft Corporation]
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler (C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\OLKFSTUB.DLL) [Microsoft Corporation]
{A4DF5659-0801-4A60-9607-1C48695EFDA9} = Dossier de téléchargement Share-to-Web (C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNS.DLL) [Hewlett-Packard]
{640167b4-59b0-47a6-b335-a6b3c0695aea} = Portable Media Devices (C:\WINDOWS\SYSTEM32\AUDIODEV.DLL) [Microsoft Corporation]
{cc86590a-b60a-48e6-996b-41d25ed39a1e} = Portable Media Devices Menu (C:\WINDOWS\SYSTEM32\AUDIODEV.DLL) [Microsoft Corporation]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes (C:\PROGRAM FILES\ITUNES\ITUNESMINIPLAYER.DLL) [Apple Computer, Inc.]
Services Scan
"ac97intc" = C:\WINDOWS\SYSTEM32\DRIVERS\AC97INTC.SYS [Intel Corporation]
"adpu320" = C:\WINDOWS\SYSTEM32\DRIVERS\ADPU320.SYS [Adaptec, Inc.]
"aeaudio" = C:\WINDOWS\SYSTEM32\DRIVERS\AEAUDIO.SYS [Andrea Electronics Corporation]
"b57w2k" = C:\WINDOWS\SYSTEM32\DRIVERS\B57XP32.SYS [Broadcom Corporation]
"BackWeb Client - 1044199" = C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\ServiceWrapper-1044199.exe [Empty]
"dmboot" = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS [Microsoft Corp., Veritas Software]
"dmio" = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS [Microsoft Corp., Veritas Software]
"dmload" = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS [Microsoft Corp., Veritas Software.]
"E100B" = C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS [Intel Corporation]
"eaps2kbd" = C:\WINDOWS\SYSTEM32\DRIVERS\EAPS2KBD.SYS [Compaq Computer Corp.]
"EAWDMFD" = C:\SystemRoot\system32\drivers\EAWDMFD.sys [file not found]
"ewido security suite control" = C:\PROGRAM FILES\EWIDO ANTI-MALWARE\EWIDOCTRL.EXE [ewido networks]
"F-Secure Filter" = C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\WIN2K\FSFILTER.SYS [Empty]
"F-Secure Gatekeeper" = C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\WIN2K\FSGK.SYS [Empty]
"F-Secure Gatekeeper Handler Starter" = C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FSGK32ST.EXE [F-Secure Corp.]
"F-Secure Recognizer" = C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\WIN2K\FSREC.SYS [Empty]
"FSAA" = "C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE" [file not found]
"fsbwsys" = C:\PROGRAM FILES\SECURITOO\AV_FW\BACKWEB\1044199\PROGRAM\FSBWSYS.EXE [F-Secure Corp.]
"FSDFW" = C:\WINDOWS\SYSTEM32\DRIVERS\FSDFW.SYS [F-Secure Corporation]
"FSDFWD" = C:\PROGRAM FILES\SECURITOO\AV_FW\DFW\PROGRAM\FSDFWD.EXE [F-Secure Corporation]
"FSMA" = C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSMA32.EXE [F-Secure Corporation]
"FSpm" = C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSPM.SYS [F-Secure Corporation]
"Fswsclds" = C:\PROGRAM FILES\SECURITOO\AV_FW\FSWSCLDS.EXE [F-Secure Corporation]
"GEARAspiWDM" = C:\WINDOWS\SYSTEM32\DRIVERS\GEARASPIWDM.SYS [GEAR Software Inc.]
"HPZid412" = C:\WINDOWS\SYSTEM32\DRIVERS\HPZID412.SYS [HP]
"HPZipr12" = C:\WINDOWS\SYSTEM32\DRIVERS\HPZIPR12.SYS [HP]
"HPZius12" = C:\WINDOWS\SYSTEM32\DRIVERS\HPZIUS12.SYS [HP]
"HSFHWCD2" = System32\DRIVERS\HSFHWCD2.sys [file not found]
"HSF_DP" = System32\DRIVERS\HSF_DP.sys [file not found]
"i81x" = C:\WINDOWS\SYSTEM32\DRIVERS\I81XNT5.SYS [Intel Corporation]
"iAimFP0" = C:\WINDOWS\SYSTEM32\DRIVERS\WADV01NT.SYS [Intel Corporation]
"iAimFP1" = C:\WINDOWS\SYSTEM32\DRIVERS\WADV02NT.SYS [Intel Corporation]
"iAimFP2" = C:\WINDOWS\SYSTEM32\DRIVERS\WADV05NT.SYS [Intel Corporation]
"iAimFP3" = C:\WINDOWS\SYSTEM32\DRIVERS\WSIINTXX.SYS [Intel Corporation]
"iAimFP4" = C:\WINDOWS\SYSTEM32\DRIVERS\WVCHNTXX.SYS [Intel Corporation]
"iAimTV0" = C:\WINDOWS\SYSTEM32\DRIVERS\WATV01NT.SYS [Intel Corporation]
"iAimTV1" = C:\WINDOWS\SYSTEM32\DRIVERS\WATV02NT.SYS [Intel Corporation]
"iAimTV2" = C:\WINDOWS\SYSTEM32\DRIVERS\WATV03NT.SYS [Intel Corporation]
"iAimTV3" = C:\WINDOWS\SYSTEM32\DRIVERS\WATV04NT.SYS [Intel Corporation]
"iAimTV4" = C:\WINDOWS\SYSTEM32\DRIVERS\WCH7XXNT.SYS [Intel Corporation]
"IDriverT" = C:\PROGRAM FILES\FICHIERS COMMUNS\INSTALLSHIELD\DRIVER\11\INTEL 32\IDRIVERT.EXE [Macrovision Corporation]
"iPodService" = C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE [Apple Computer, Inc.]
"ltmodem5" = C:\WINDOWS\SYSTEM32\DRIVERS\LTMDMXP.SYS [LT]
"mousehs" = C:\WINDOWS\System32\mousehs.exe [file not found]
"nv" = C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS [NVIDIA Corporation]
"NVSvc" = C:\WINDOWS\SYSTEM32\NVSVC32.EXE [NVIDIA Corporation]
"Pml Driver HPZ12" = C:\WINDOWS\SYSTEM32\HPZIPM12.EXE [HP]
"Ptilink" = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS [Parallel Technologies, Inc.]
"Secdrv" = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS [Macrovision Europe Ltd]
"sfdrv01" = C:\WINDOWS\SYSTEM32\DRIVERS\SFDRV01.SYS [Protection Technology]
"sfhlp02" = C:\WINDOWS\SYSTEM32\DRIVERS\SFHLP02.SYS [Protection Technology]
"sfsync02" = C:\WINDOWS\SYSTEM32\DRIVERS\SFSYNC02.SYS [Protection Technology]
"smwdm" = C:\WINDOWS\SYSTEM32\DRIVERS\SMWDM.SYS [Analog Devices, Inc.]
"SoundMAX Agent Service (default)" = C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE [Analog Devices, Inc.]
"sp_rsdrv2" = C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYWARE TERMINATOR\SP_RSDRV2.SYS [Empty]
"symc810" = C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS [Symbios Logic Inc.]
"symc8xx" = C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS [LSI Logic]
"Symmpi" = C:\WINDOWS\SYSTEM32\DRIVERS\SYMMPI.SYS [LSI Logic]
"SymWSC" = C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\SECURITY CENTER\SYMWSC.EXE [Symantec Corporation]
"sym_hi" = C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS [LSI Logic]
"sym_u3" = C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS [LSI Logic]
"winachsf" = System32\DRIVERS\HSF_CNXT.sys [file not found]
Protocol Filters Scan
Class Install Handler = {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} (C:\WINDOWS\SYSTEM32\URLMON.DLL) [Microsoft Corporation]
Hosts Scan
LOCALHOST mapping = 1
IE Scan
IERESET.INF missing Signature="$CHICAGO$"
IERESET.INF missing AdvancedINF=2.5,"You need a new version of advpack.dll"
IERESET.INF missing AddReg=RestoreHomePage.reg
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","Start Page",0,%START_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Default_Page_URL",0,%START_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Default_Search_URL",0,%SEARCH_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Search Page",0,%SEARCH_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","1",0,"www.%s.com"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","2",0,"www.%s.org"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","3",0,"www.%s.net"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","4",0,"www.%s.edu"
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","Search Page",0,%SEARCH_PAGE_URL%
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\SearchUrl","Provider",0,""
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Search","SearchAssistant",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
IERESET.INF missing HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"http://ie.search.msn.com/*"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"
IERESET.INF missing SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
IERESET.INF missing AddReg=RestoreBrowserSettings.reg
IERESET.INF missing DelReg=DeleteTemplates.reg or DelReg=DeleteTemplates.reg, DeleteAutosearch.reg
IERESET.INF missing START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..." or START_PAGE_URL="http://www.msn.com"
IERESET.INF missing SAFESITE_VALUE="http://home.microsoft.com/" or SAFESITE_VALUE="ie.search.msn.com"
IERESET.INF missing MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..." or MS_START_PAGE_URL="http://www.msn.com"
URLSearchHook = {08C06D61-F1F3-4799-86F8-BE1A89362C85} (C:\Program Files\Wanadoo\SearchPageURL.dll) [Empty] HIJACK WARNING!
________________________________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 14:34:39, on 13/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\WINDOWS\System32\ltmsg.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\RunServices: [msnsched] msnsched.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\RunServices: [Microsoft AOL Instant Messenger] MSAOL32.exe
O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Voici les rapports:
Spyware Terminator Version: 1.4.00.640
Start time: 13/06/2006 14:27:40
System: Windows XP SP2
User: Limited
Processes Scan
C:\WINDOWS\SYSTEM32\WINLOGON.EXE [Microsoft Corporation] C:\WINDOWS\SYSTEM32\SYNCOR11.DLL [SoundMAX],
C:\WINDOWS\SYSTEM32\SVCHOST.EXE [Microsoft Corporation] C:\WINDOWS\SYSTEM32\ESENT.DLL [Microsoft Corporation
], SYNCOR11.DLL,
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [Microsoft Corporation] C:\WINDOWS\SYSTEM32\HPZLNT07.DLL [HP],
C:\WINDOWS\SYSTEM32\ALG.EXE [Microsoft Corporation] SYNCOR11.DLL,
C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\ServiceWrapper-1044199.exe [Empty] SERVICEWRAPPER.DLL [Empty],
C:\PROGRAM FILES\EWIDO ANTI-MALWARE\EWIDOCTRL.EXE [ewido networks] C:\PROGRAM FILES\EWIDO ANTI-MALWARE\LANG.DLL [privat],
C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FSGK32ST.EXE [F-Secure Corp.]
C:\PROGRAM FILES\SECURITOO\AV_FW\BACKWEB\1044199\PROGRAM\FSBWSYS.EXE [F-Secure Corp.] C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSEXC.DLL [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSMA32.DLL [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSPMAPI.DLL [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\TNB\FSTNB.DLL [F-Secure Corporation],
C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FSGK32.EXE [F-Secure Corp.] FSPMAPI.DLL, C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSMA32S.DLL [F-Secure Corporation], FSGKIAPI.DLL [F-Secure Corp.],
C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FSSM32.EXE [F-Secure Corp.] C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FM4AV.DLL [Empty], C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\AVPFPI.DLL [Kaspersky Labs], C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\AVP_IONT.DLL [Kaspersky Labs.], C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FPFPI32.DLL [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\DFFPI.DLL [F-Secure Corporation],
C:\WINDOWS\SYSTEM32\NVSVC32.EXE [NVIDIA Corporation]
C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE [Analog Devices, Inc.]
C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSMA32.EXE [F-Secure Corporation] FSPMAPI.DLL, FSMA32.DLL, FSEXC.DLL,
C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSMB32.EXE [F-Secure Corporation] FSEXC.DLL,
C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FCH32.EXE [F-Secure Corporation] FSPMAPI.DLL, FSMA32.DLL, FSEXC.DLL,
C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FAMEH32.EXE [F-Secure Corporation] FSPMAPI.DLL, FSLD32.DLL [F-Secure Corporation], FSMA32.DLL, FSEXC.DLL, AMEHEVN.DLL [F-Secure Corporation], AMEHLOG.DLL [F-Secure Corporation], AMEHSMT.DLL [F-Secure Corporation], AMEHTVL.DLL [F-Secure Corporation],
C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FSAV32.EXE [F-Secure Corporation] FSTSM.DLL [F-Secure Corporation], FSCHED.DLL [F-Secure Corporation], FSMA32.DLL, FSPMAPI.DLL, FSTNB.DLL, FSLD32.DLL [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FSAVHRES.FRA [Empty],
C:\PROGRAM FILES\SECURITOO\AV_FW\DFW\PROGRAM\FSDFWD.EXE [F-Secure Corporation] FSMA32.DLL, FSPMAPI.DLL, FSTNB.DLL, FSLD32.DLL, SYNCOR11.DLL, fsdfwres.fra [F-Secure Corporation],
C:\WINDOWS\EXPLORER.EXE [Microsoft Corporation] C:\PROGRAM FILES\ITUNES\ITUNESMINIPLAYER.DLL [Apple Computer, Inc.], C:\PROGRAM FILES\ITUNES\ITUNESMINIPLAYER.RESOURCES\FR.LPROJ\ITUNESMINIPLAYERLOCALIZED.DLL [Apple Computer, Inc.], C:\PROGRAM FILES\ITUNES\ITUNESMINIPLAYER.RESOURCES\ITUNESMINIPLAYER.DLL [Apple Computer, Inc.], SYNCOR11.DLL, C:\Documents and Settings\Gregoire Yves\Local Settings\Temp\IadHide4.dll [BackWeb], C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL [Adobe Systems Incorporated],
C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSM32.EXE [F-Secure Corporation] FSPMAPI.DLL, FSMA32.DLL, FSLD32.DLL, FSABOUT.DLL [F-Secure Corporation], FSEXC.DLL, FSMRES.FRA [F-Secure Corporation], FSMRES.ENG [F-Secure Corporation], FSMUIAV.DLL [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FSAVURES.ENG [Empty], FSBWUI.DLL [F-Secure Corporation], FSTNB.DLL, FSDFWPI.DLL [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FSAVURES.FRA [Empty], FSMAUI32.DLL [F-Secure Corporation], FSMAURES.FRA [F-Secure Corporation], FSABTRES.ENG [F-Secure Corporation], FSABTRES.FRA [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FSAVDW.DLL [Empty], FSDFWPI.FRA [F-Secure Corporation], FSDFWPI2.ENG [F-Secure Corporation],
C:\WINDOWS\SYSTEM32\LTMSG.EXE [LUCENT TECHNOLOGIES]
C:\PROGRAM FILES\SECURITOO\AV_FW\BACKWEB\1044199\PROGRAM\BACKWEB-1044199.EXE [Empty] C:\PROGRAM FILES\SECURITOO\AV_FW\BACKWEB\1044199\6.1.4.58-1044199L\PROGRAM\BACKWEB.DLL [BackWeb Technologies Inc.], CLNTUTIL.DLL [Empty], C:\PROGRAM FILES\SECURITOO\AV_FW\BACKWEB\1044199\6.1.4.58-1044199L\PROGRAM\BWSEC.DLL [BackWeb], SYNCOR11.DLL, C:\Program Files\Securitoo\av_fw\backweb\1044199\6.1.4.58-1044199L\Program\FR\ClientRc.dll [BackWeb Technologies Inc.], BWFILES-1044199.DLL [Empty], BWFILES.DLL [Empty], IadHide4.dll, C:\PROGRAM FILES\SECURITOO\AV_FW\BACKWEB\1044199\PROGRAM\FSBWCE.DLL [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\BACKWEB\1044199\PROGRAM\FSLD32.DLL [F-Secure Corporation], FSEXC.DLL, C:\PROGRAM FILES\SECURITOO\AV_FW\BACKWEB\1044199\PROGRAM\FSBWRES.FRA [F-Secure Corporation], C:\PROGRAM FILES\SECURITOO\AV_FW\BACKWEB\1044199\PROGRAM\FSBWRES.DLL [F-Secure Corporation], FSTNB.DLL, FSMA32.DLL, FSPMAPI.DLL,
C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATOR.EXE [Crawler.com] IadHide4.dll, SYNCOR11.DLL,
C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE [Crawler.com] IadHide4.dll,
Startup Scan
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"msnsched" = "msnsched.exe" [ file not found ]
"F-Secure Manager" = "C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSM32.EXE" [ F-Secure Corporation ]
"F-Secure TNB" = "C:\PROGRAM FILES\SECURITOO\AV_FW\TNB\TNBUTIL.EXE" [ F-Secure Corporation ]
"LTWinModem1" = "C:\WINDOWS\system32\LTMSG.EXE" [ LUCENT TECHNOLOGIES ]
"SpywareTerminator" = "C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE" [ Crawler.com ]
"SpywareTerminator" = "C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE" [ Crawler.com ]
BHO Scan
AcroIEHlprObj Class {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL [Adobe Systems Incorporated]
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Safer Networking Limited]
{549B5CA7-4A86-11D7-A4DF-000874180BB3} [file not found]
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [file not found]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Extension Affichage Panorama du Panneau de configuration (deskpan.dll) [file not found]
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Extensions de l'environnement de compression de fichiers () [file not found]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Menu contextuel de cryptage () [file not found]
{88895560-9AA2-1069-930E-00AA0030EBC8} = Extension icône HyperTerminal (C:\WINDOWS\SYSTEM32\HTICONS.DLL) [Hilgraeve, Inc.]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Barre des tâches et menu Démarrer () [file not found]
{7A9D77BD-5403-11d2-8785-2E0420524153} = Comptes d'utilisateurs () [file not found]
{1CDB2949-8F65-4355-8456-263E7C208A5D} = Explorateur de Bureau (C:\WINDOWS\SYSTEM32\NVSHELL.DLL) [NVIDIA Corporation]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu (C:\WINDOWS\SYSTEM32\NVSHELL.DLL) [NVIDIA Corporation]
{5E44E225-A408-11CF-B581-008029601108} = Adaptec DirectCD Shell Extension (C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Shellex.dll) [Roxio]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler (C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\MSOHEV.DLL) [Microsoft Corporation]
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler (C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\OLKFSTUB.DLL) [Microsoft Corporation]
{A4DF5659-0801-4A60-9607-1C48695EFDA9} = Dossier de téléchargement Share-to-Web (C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNS.DLL) [Hewlett-Packard]
{640167b4-59b0-47a6-b335-a6b3c0695aea} = Portable Media Devices (C:\WINDOWS\SYSTEM32\AUDIODEV.DLL) [Microsoft Corporation]
{cc86590a-b60a-48e6-996b-41d25ed39a1e} = Portable Media Devices Menu (C:\WINDOWS\SYSTEM32\AUDIODEV.DLL) [Microsoft Corporation]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes (C:\PROGRAM FILES\ITUNES\ITUNESMINIPLAYER.DLL) [Apple Computer, Inc.]
Services Scan
"ac97intc" = C:\WINDOWS\SYSTEM32\DRIVERS\AC97INTC.SYS [Intel Corporation]
"adpu320" = C:\WINDOWS\SYSTEM32\DRIVERS\ADPU320.SYS [Adaptec, Inc.]
"aeaudio" = C:\WINDOWS\SYSTEM32\DRIVERS\AEAUDIO.SYS [Andrea Electronics Corporation]
"b57w2k" = C:\WINDOWS\SYSTEM32\DRIVERS\B57XP32.SYS [Broadcom Corporation]
"BackWeb Client - 1044199" = C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\ServiceWrapper-1044199.exe [Empty]
"dmboot" = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS [Microsoft Corp., Veritas Software]
"dmio" = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS [Microsoft Corp., Veritas Software]
"dmload" = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS [Microsoft Corp., Veritas Software.]
"E100B" = C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS [Intel Corporation]
"eaps2kbd" = C:\WINDOWS\SYSTEM32\DRIVERS\EAPS2KBD.SYS [Compaq Computer Corp.]
"EAWDMFD" = C:\SystemRoot\system32\drivers\EAWDMFD.sys [file not found]
"ewido security suite control" = C:\PROGRAM FILES\EWIDO ANTI-MALWARE\EWIDOCTRL.EXE [ewido networks]
"F-Secure Filter" = C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\WIN2K\FSFILTER.SYS [Empty]
"F-Secure Gatekeeper" = C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\WIN2K\FSGK.SYS [Empty]
"F-Secure Gatekeeper Handler Starter" = C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\FSGK32ST.EXE [F-Secure Corp.]
"F-Secure Recognizer" = C:\PROGRAM FILES\SECURITOO\AV_FW\ANTI-VIRUS\WIN2K\FSREC.SYS [Empty]
"FSAA" = "C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE" [file not found]
"fsbwsys" = C:\PROGRAM FILES\SECURITOO\AV_FW\BACKWEB\1044199\PROGRAM\FSBWSYS.EXE [F-Secure Corp.]
"FSDFW" = C:\WINDOWS\SYSTEM32\DRIVERS\FSDFW.SYS [F-Secure Corporation]
"FSDFWD" = C:\PROGRAM FILES\SECURITOO\AV_FW\DFW\PROGRAM\FSDFWD.EXE [F-Secure Corporation]
"FSMA" = C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSMA32.EXE [F-Secure Corporation]
"FSpm" = C:\PROGRAM FILES\SECURITOO\AV_FW\COMMON\FSPM.SYS [F-Secure Corporation]
"Fswsclds" = C:\PROGRAM FILES\SECURITOO\AV_FW\FSWSCLDS.EXE [F-Secure Corporation]
"GEARAspiWDM" = C:\WINDOWS\SYSTEM32\DRIVERS\GEARASPIWDM.SYS [GEAR Software Inc.]
"HPZid412" = C:\WINDOWS\SYSTEM32\DRIVERS\HPZID412.SYS [HP]
"HPZipr12" = C:\WINDOWS\SYSTEM32\DRIVERS\HPZIPR12.SYS [HP]
"HPZius12" = C:\WINDOWS\SYSTEM32\DRIVERS\HPZIUS12.SYS [HP]
"HSFHWCD2" = System32\DRIVERS\HSFHWCD2.sys [file not found]
"HSF_DP" = System32\DRIVERS\HSF_DP.sys [file not found]
"i81x" = C:\WINDOWS\SYSTEM32\DRIVERS\I81XNT5.SYS [Intel Corporation]
"iAimFP0" = C:\WINDOWS\SYSTEM32\DRIVERS\WADV01NT.SYS [Intel Corporation]
"iAimFP1" = C:\WINDOWS\SYSTEM32\DRIVERS\WADV02NT.SYS [Intel Corporation]
"iAimFP2" = C:\WINDOWS\SYSTEM32\DRIVERS\WADV05NT.SYS [Intel Corporation]
"iAimFP3" = C:\WINDOWS\SYSTEM32\DRIVERS\WSIINTXX.SYS [Intel Corporation]
"iAimFP4" = C:\WINDOWS\SYSTEM32\DRIVERS\WVCHNTXX.SYS [Intel Corporation]
"iAimTV0" = C:\WINDOWS\SYSTEM32\DRIVERS\WATV01NT.SYS [Intel Corporation]
"iAimTV1" = C:\WINDOWS\SYSTEM32\DRIVERS\WATV02NT.SYS [Intel Corporation]
"iAimTV2" = C:\WINDOWS\SYSTEM32\DRIVERS\WATV03NT.SYS [Intel Corporation]
"iAimTV3" = C:\WINDOWS\SYSTEM32\DRIVERS\WATV04NT.SYS [Intel Corporation]
"iAimTV4" = C:\WINDOWS\SYSTEM32\DRIVERS\WCH7XXNT.SYS [Intel Corporation]
"IDriverT" = C:\PROGRAM FILES\FICHIERS COMMUNS\INSTALLSHIELD\DRIVER\11\INTEL 32\IDRIVERT.EXE [Macrovision Corporation]
"iPodService" = C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE [Apple Computer, Inc.]
"ltmodem5" = C:\WINDOWS\SYSTEM32\DRIVERS\LTMDMXP.SYS [LT]
"mousehs" = C:\WINDOWS\System32\mousehs.exe [file not found]
"nv" = C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS [NVIDIA Corporation]
"NVSvc" = C:\WINDOWS\SYSTEM32\NVSVC32.EXE [NVIDIA Corporation]
"Pml Driver HPZ12" = C:\WINDOWS\SYSTEM32\HPZIPM12.EXE [HP]
"Ptilink" = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS [Parallel Technologies, Inc.]
"Secdrv" = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS [Macrovision Europe Ltd]
"sfdrv01" = C:\WINDOWS\SYSTEM32\DRIVERS\SFDRV01.SYS [Protection Technology]
"sfhlp02" = C:\WINDOWS\SYSTEM32\DRIVERS\SFHLP02.SYS [Protection Technology]
"sfsync02" = C:\WINDOWS\SYSTEM32\DRIVERS\SFSYNC02.SYS [Protection Technology]
"smwdm" = C:\WINDOWS\SYSTEM32\DRIVERS\SMWDM.SYS [Analog Devices, Inc.]
"SoundMAX Agent Service (default)" = C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE [Analog Devices, Inc.]
"sp_rsdrv2" = C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYWARE TERMINATOR\SP_RSDRV2.SYS [Empty]
"symc810" = C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS [Symbios Logic Inc.]
"symc8xx" = C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS [LSI Logic]
"Symmpi" = C:\WINDOWS\SYSTEM32\DRIVERS\SYMMPI.SYS [LSI Logic]
"SymWSC" = C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\SECURITY CENTER\SYMWSC.EXE [Symantec Corporation]
"sym_hi" = C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS [LSI Logic]
"sym_u3" = C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS [LSI Logic]
"winachsf" = System32\DRIVERS\HSF_CNXT.sys [file not found]
Protocol Filters Scan
Class Install Handler = {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} (C:\WINDOWS\SYSTEM32\URLMON.DLL) [Microsoft Corporation]
Hosts Scan
LOCALHOST mapping = 1
IE Scan
IERESET.INF missing Signature="$CHICAGO$"
IERESET.INF missing AdvancedINF=2.5,"You need a new version of advpack.dll"
IERESET.INF missing AddReg=RestoreHomePage.reg
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","Start Page",0,%START_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Default_Page_URL",0,%START_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Default_Search_URL",0,%SEARCH_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Search Page",0,%SEARCH_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","1",0,"www.%s.com"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","2",0,"www.%s.org"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","3",0,"www.%s.net"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","4",0,"www.%s.edu"
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","Search Page",0,%SEARCH_PAGE_URL%
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\SearchUrl","Provider",0,""
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Search","SearchAssistant",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
IERESET.INF missing HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"http://ie.search.msn.com/*"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"
IERESET.INF missing SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
IERESET.INF missing AddReg=RestoreBrowserSettings.reg
IERESET.INF missing DelReg=DeleteTemplates.reg or DelReg=DeleteTemplates.reg, DeleteAutosearch.reg
IERESET.INF missing START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..." or START_PAGE_URL="http://www.msn.com"
IERESET.INF missing SAFESITE_VALUE="http://home.microsoft.com/" or SAFESITE_VALUE="ie.search.msn.com"
IERESET.INF missing MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..." or MS_START_PAGE_URL="http://www.msn.com"
URLSearchHook = {08C06D61-F1F3-4799-86F8-BE1A89362C85} (C:\Program Files\Wanadoo\SearchPageURL.dll) [Empty] HIJACK WARNING!
________________________________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 14:34:39, on 13/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\WINDOWS\System32\ltmsg.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\RunServices: [msnsched] msnsched.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\RunServices: [Microsoft AOL Instant Messenger] MSAOL32.exe
O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Bonjour,
Effectivement Spyware Terminator a fait du bon boulot.
0/ Tu cliques sur Démarrer puis Exécuter, tu tapes services.msc et tu cliques sur OK.
Dans la liste des services, cherche et sélectionne
"Mouse Hardware Sync" / double clique sur la ligne
/ vérifie dans Chemin d'accès des fichiers exécutables qu'il
s'agit bien de "C:\WINDOWS\System32\mousehs.exe" / dans Type de démarrage,
sélectionne Désactiver / valide la modification.
1/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
2/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\RunServices: [msnsched] msnsched.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\RunServices: [Microsoft AOL Instant Messenger] MSAOL32.exe
O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe (file missing)
3/ Assure-toi que tu as accès aux fichiers cachés.
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
"Afficher les fichiers et dossiers cachés" ->coché
"Masquer les extensions des fichiers dont le type est connu" ->décoché
"Masquer les fichiers protégés du système d'exploitation" ->décoché)
4/ ensuite supprime les fichiers et/ou dossiers suivants si présents :
lssrv.exe
crsss.exe
mssupdate.exe
mcafeshield.exe
msnsched.exe
slserves.exe
MSAOL32.exe
Il sont probablement dans C:\WINDOWS\System32 ou C:\WINDOWS
C:\WINDOWS\System32\mousehs.exe
5/ Fait un scan en ligne chez Kaspersky et poste le rapport :
http://webscanner.kaspersky.fr/
Effectivement Spyware Terminator a fait du bon boulot.
0/ Tu cliques sur Démarrer puis Exécuter, tu tapes services.msc et tu cliques sur OK.
Dans la liste des services, cherche et sélectionne
"Mouse Hardware Sync" / double clique sur la ligne
/ vérifie dans Chemin d'accès des fichiers exécutables qu'il
s'agit bien de "C:\WINDOWS\System32\mousehs.exe" / dans Type de démarrage,
sélectionne Désactiver / valide la modification.
1/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
2/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\RunServices: [msnsched] msnsched.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\RunServices: [Microsoft AOL Instant Messenger] MSAOL32.exe
O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe (file missing)
3/ Assure-toi que tu as accès aux fichiers cachés.
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
"Afficher les fichiers et dossiers cachés" ->coché
"Masquer les extensions des fichiers dont le type est connu" ->décoché
"Masquer les fichiers protégés du système d'exploitation" ->décoché)
4/ ensuite supprime les fichiers et/ou dossiers suivants si présents :
lssrv.exe
crsss.exe
mssupdate.exe
mcafeshield.exe
msnsched.exe
slserves.exe
MSAOL32.exe
Il sont probablement dans C:\WINDOWS\System32 ou C:\WINDOWS
C:\WINDOWS\System32\mousehs.exe
5/ Fait un scan en ligne chez Kaspersky et poste le rapport :
http://webscanner.kaspersky.fr/
Voilà alors tout s'est bien passé jusqu'au moment ou je veux lancer l'analyse kaspersky en ligne, la il me dit "les paramètres de sécuritée actuels ne permettent pas de télécharger ce fichier" en gros je peux plus rien télécharger. Sinon point positif j'ai réinstallé le modem et il se connecte niquel ![:)]( ":)")
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumModem
- ForumNaruto clash of ninja mission 13.5
- ForumTechnique naruto clash of ninja revolution 2
- ForumNaruto clash of ninja revolution 3 probleme
- ForumGuide naruto clash of ninja revolution 3
- ForumNaruto clash of ninja revolution 3
- ForumNaruto clash of ninja revolution wii technique
- ForumMusique clash de la drague cedric
- articlesNaruto clash of ninja revolution 2
- ForumNaruto clash of ninja revolution wii
- Voir plus
