Win32:Agent-VM [résolu]
Forum Sécurité - Virus : Win32:Agent-VM [résolu]
Bonsoir j'ai lu sur ce forum un messsage qui concerne le virus Win32:Agent-VM.
j'ai le même problème et voilà le rapport de Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 18:33:30, on 29/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0007)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\FreeBrowser\FreeBrowser\FreeBrowser.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Claude\Bureau\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: {A20CC53E-61FE-4788-85FF-A0F9C9B4C2A9} - {93989C8B-BD5F-4783-A470-EB07F08E83C7} - C:\WINDOWS\system32\winapic32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - C:\WINDOWS\system32\winvbie.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Windows Updates - {A20CC53E-61FE-4788-85FF-A0F9C9B4C2A9} - C:\WINDOWS\system32\msiedp32.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [freeBrowser] "C:\Program Files\FreeBrowser\FreeBrowser\FreeBrowser.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\eoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [Microsoft Update] mixer.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\RunServices: [Microsoft Update] mixer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Microsoft Update] mixer.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Watch.lnk = C:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2internet.fr
O16 - DPF: {0000ED9A-DFFC-11D4-8D7A-B396C6A4A836} (ToolBar NetCourrier) - http://img.medianet-technologies.c [...] oolbar.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b27571.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/file [...] hidden.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/ac [...] 0-3-12.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/28ee8650610d0 [...] 601_fr.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b27571.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://services.moviesystem.com/cabs/msway.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activ [...] _v1-32.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://3dgamers.tukati.com/tukati/1.7.20.20/tukati.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3036CC7B-6CE7-4119-A25C-48E8C4FD116B}: NameServer = 212.27.54.252,212.27.39.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
Maintenat, que dois-je faire.
Merci pour votre aide.
Message édité par gpm1 le 01-10-2006 à 21:07:24
Bonsoir,
1/ Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
2/ Télécharge et installe CCleaner
3/ Télécharge et installe ewido
Mets-le à jour (Bouton Update en haut puis bouton Start Update)
4/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
5/ Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laisse la ouverte.
6/ Assure-toi que tu as accès aux fichiers cachés.
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
"Afficher les fichiers et dossiers cachés" ->coché
"Masquer les extensions des fichiers dont le type est connu" ->décoché
"Masquer les fichiers protégés du système d'exploitation" ->décoché)
ensuite vide ces dossiers :
C:\Documents and Settings\tous les utilisateurs, y compris administrateur\Local Settings\Temp\
7/ Lance CCleaner puis bouton Analyse ensuite Bouton Lancer le Nettoyage
8/ Lance ewido :
Bouton Scanner
Puis onglet Settings
Dans la section How to Act, clique sur Recommanded Actions. Sélectionne Quarantine.
Reviens à l'onglet Scan. Clique sur "Complete System Scan"
A la fin du scan, choisis l'option "Apply All Actions" en bas.
Clique sur "Save Report", puis "Save Report As" afin de sauvegarder le rapport sur le bureau.
9/ Redémarre normalement et poste :
- le rapport clean situé ici : C:\rapport_clean.txt
- le rapport ewido
- un nouveau rapport HJT.
Message édité par esteban54 le 29-09-2006 à 21:56:01
Répondre à esteban54
Merci, je vais essayer.
Voilà les rapports :
Script clean par Malekal_morte - http://www.malekal.com
Microsoft Windows XP [version 5.1.2600]
Script execute en mode sans echec
*** Suppression de fichiers sur C:
*** Suppression des fichiers dans C:\WINDOWS\
C:\WINDOWS\unvise32qt.exe FOUND
*** Suppression des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system\smss.exe FOUND
"C:\Program Files\BoontyGames\" FOUND
"C:\Program Files\oneclick\" FOUND
*** Suppression des clefs du registre effectuee..
-----------------------------------------------
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 04:41:26 30/09/2006
+ Scan result:
C:\Program Files\ZUM\acrbat.dll -> Adware.Buscabar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{93989C8B-BD5F-4783-A470-EB07F08E83C7} -> Adware.CommanderNET : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A20CC53E-61FE-4788-85FF-A0F9C9B4C2A9} -> Adware.CommanderNET : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A20CC53E-61FE-4788-85FF-A0F9C9B4C2A9} -> Adware.CommanderNET : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93989C8B-BD5F-4783-A470-EB07F08E83C7} -> Adware.CommanderNET : Cleaned with backup (quarantined).
HKU\S-1-5-21-1426590395-1260927497-516276246-1011\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93989C8B-BD5F-4783-A470-EB07F08E83C7} -> Adware.CommanderNET : Cleaned with backup (quarantined).
HKU\S-1-5-21-1426590395-1260927497-516276246-1011\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A20CC53E-61FE-4788-85FF-A0F9C9B4C2A9} -> Adware.CommanderNET : Cleaned with backup (quarantined).
HKU\S-1-5-21-1426590395-1260927497-516276246-1011\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79A002FB-C126-462D-B4A7-81D6B42D1666} -> Adware.DirectIP : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C4F147D7-BF25-488E-A12B-EFD43E7029BF} -> Adware.VisuaExplorer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4F147D7-BF25-488E-A12B-EFD43E7029BF} -> Adware.VisuaExplorer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1426590395-1260927497-516276246-1011\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92E1B3F7-0546-421E-9835-904D25B7BA66} -> Adware.VisuaExplorer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1426590395-1260927497-516276246-1011\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4F147D7-BF25-488E-A12B-EFD43E7029BF} -> Adware.VisuaExplorer : Cleaned with backup (quarantined).
D:\Claude\Mes ficihiers reçus\WarezP2P.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00054849.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00054851.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00054856.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00054858.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00054860.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00054861.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00054863.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00054864.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00054866.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00054907.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00054935.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00054936.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00054937.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00054939.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055654.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055655.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055656.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055657.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055658.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055665.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055673.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055675.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056193.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056206.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056213.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056215.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056252.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056276.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056277.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056577.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056579.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056582.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056589.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056591.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056917.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056919.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056089.TXT -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056092.TXT -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056107.TXT -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056084.TXT -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Administrateur.PACKARDBELL.000\Application Data\Mozilla\Firefox\Profiles\n0avpx89.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00054679.TXT -> TrackingCookie.Gator : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055370.TXT -> TrackingCookie.Gator : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055908.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055913.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055915.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055916.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055942.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055943.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055944.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055945.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055946.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055947.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055948.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055949.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055950.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055953.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055954.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055955.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055957.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055958.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055959.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055960.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055961.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055962.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055963.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055964.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055965.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055966.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055967.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055968.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055969.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055970.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055971.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055972.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055973.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055974.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055975.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055977.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055978.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055979.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055986.TXT -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055987.TXT -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055988.TXT -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055989.TXT -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00055990.TXT -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056028.TXT -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056029.TXT -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056088.TXT -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00056243.TXT -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
::Report end
-----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 04:47:41, on 30/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0007)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\FreeBrowser\FreeBrowser\FreeBrowser.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Claude\Bureau\Hijackthis\scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [freeBrowser] "C:\Program Files\FreeBrowser\FreeBrowser\FreeBrowser.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\eoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Microsoft Update] mixer.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Watch.lnk = C:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2internet.fr
O16 - DPF: {0000ED9A-DFFC-11D4-8D7A-B396C6A4A836} (ToolBar NetCourrier) - http://img.medianet-technologies.c [...] oolbar.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b27571.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/file [...] hidden.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/ac [...] 0-3-12.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/28ee8650610d0 [...] 601_fr.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b27571.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://services.moviesystem.com/cabs/msway.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activ [...] _v1-32.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://3dgamers.tukati.com/tukati/1.7.20.20/tukati.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3036CC7B-6CE7-4119-A25C-48E8C4FD116B}: NameServer = 212.27.54.252,212.27.39.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
------------------------------------------------
C'est bon ou bien il faut faire autre chose ?
1/ Désinstalle si possible eoRezo via Ajout/suppression de Prog.
2/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O4 - HKLM\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\eoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Microsoft Update] mixer.exe
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll
3/ Assure-toi que tu as accès aux fichiers cachés.
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
"Afficher les fichiers et dossiers cachés" ->coché
"Masquer les extensions des fichiers dont le type est connu" ->décoché
"Masquer les fichiers protégés du système d'exploitation" ->décoché)
4/ ensuite supprime les fichiers et/ou dossiers suivants si présents :
C:\WINDOWS\system32\mixer.exe
C:\Program Files\eoRezo\ --> le dossier
5/ Redémarre normalement.
as-tu encore des dysfonctionnements ?
Répondre à esteban54
Bonjour,
C'est vraiment génial !!
Avast ne se manifeste plus.
Tout a l'air d'être rentré dans l'ordre.
Vraiment, BRAVO !
Et encore merci.
Je n'ai pas pu désinstaller eoRezo via Ajout/suppression de Prog.
Ce programme n'apparait pas dans la liste.
Je n'ai pas trouvé les fichiers et/ou dossiers suivants :
C:\WINDOWS\system32\mixer.exe
C:\Program Files\eoRezo\ --> le dossier
Ils n'étaient pas présents.
Dois-je supprimer/désinstaller Clean, CCleaner et ewido ?
ewido se lance automatiqueùent au démarrage, ce n'est pas génant ?
Encore mille mercis
tu peux garder CCleaner pour faire un nettoyage de tps en tps.
tu peux supprimer clean
pour ewido fais comme tu veux
(la protection en temps réel de ewido se désactive à la fin de la période d'essai)
Répondre à esteban54
Encore merci !
Il y a 2751 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
