probleme msasvc.exe impossible a effacer
Dernière réponse : dans Sécurité
Apres avoir fais un log hijackthis, je repere un fichier dangereux.
donc je le choisi et le supprime avec Hijackthis mais aprs le 2eme log il est toujours la.
Comment le supprimer definitivement
je poste le log hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 19:18:40, on 24/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Inventel\Gateway\WLANCFG.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Jérémy\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WLANCfg545] C:\Program Files\Inventel\Gateway\WLANCFG.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MMAgent] C:\Program Files\Mobile Master\MMAgent.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED4AFBA4-F4A0-46C8-92E8-93C5F40AD44A}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
merci de votre aide.
donc je le choisi et le supprime avec Hijackthis mais aprs le 2eme log il est toujours la.
Comment le supprimer definitivement
je poste le log hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 19:18:40, on 24/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Inventel\Gateway\WLANCFG.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Jérémy\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WLANCfg545] C:\Program Files\Inventel\Gateway\WLANCFG.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MMAgent] C:\Program Files\Mobile Master\MMAgent.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED4AFBA4-F4A0-46C8-92E8-93C5F40AD44A}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
merci de votre aide.
Autres pages sur : probleme msasvc exe impossible effacer
Lassé par la pub ? Créez un compte
Bonjour !!!
Un service infectieux.
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
Redémarre en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.
Un service infectieux.
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
Redémarre en mode sans échec
dsl du retard pour la reponse
voici le report
SDFix: Version 1.62
24/01/2007 - 20:57:34,76
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
MsaSvc
Path:
C:\WINDOWS\system32\msasvc.exe
MsaSvc Deleted
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Files will be copied to Backups folder and removed:
C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_SHCT_
Sprint.exe.exe - Deleted
Alternate Streams Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Rootkit PE386 Found!
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\
List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe
:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program
Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger
8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program
Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger
8.0 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program
Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program
Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program
Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program
Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"="C:\\Program
Files\\Teamspeak2_RC2\\TeamSpeak.exe:*:Enabled:Teamspeak RC2"
"C:\\Program Files\\WinRAR\\WinRAR.exe"="C:\\Program
Files\\WinRAR\\WinRAR.exe:*:Enabled:WinRAR"
"C:\\Program
Files\\Steam\\steamapps\\phamtom92\\counter-strike\\hl.exe"="C:\\P
rogram
Files\\Steam\\steamapps\\phamtom92\\counter-strike\\hl.exe:*:Enabl
ed:Half-Life Launcher"
"C:\\Program Files\\Inventel\\Gateway\\WLANCFG.EXE"="C:\\Program
Files\\Inventel\\Gateway\\WLANCFG.EXE:*:Enabled:Gestionnaire de
liaison sans fil"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program
Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program
Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\scvhost.exe"="C:\\WINDOWS\\scvhost.exe:*:Enabled:Mic
rosoft Windows"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program
Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program
Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\Li
st]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe
:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program
Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger
8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program
Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger
8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :
C:\NTDETECT.COM
C:\WINDOWS\system32\avisynth.dll
C:\WINDOWS\system32\AVSredirect.dll
C:\WINDOWS\system32\cygwin1.dll
C:\WINDOWS\system32\cygz.dll
C:\WINDOWS\system32\i420vfw.dll
C:\WINDOWS\system32\Smab.dll
C:\i386\cdplayer.exe.manifest
C:\i386\logonui.exe.manifest
C:\WINDOWS\meta4.exe
C:\WINDOWS\MOTA113.exe
C:\WINDOWS\x2.64.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\WINDOWS\system32\x.264.exe
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\WINDOWS\LastGood.Tmp\INF\oem114.inf
C:\WINDOWS\LastGood.Tmp\INF\oem114.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem115.inf
C:\WINDOWS\LastGood.Tmp\INF\oem115.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem116.inf
C:\WINDOWS\LastGood.Tmp\INF\oem116.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem117.inf
C:\WINDOWS\LastGood.Tmp\INF\oem117.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem118.inf
C:\WINDOWS\LastGood.Tmp\INF\oem118.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem119.inf
C:\WINDOWS\LastGood.Tmp\INF\oem119.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem120.inf
C:\WINDOWS\LastGood.Tmp\INF\oem120.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem121.inf
C:\WINDOWS\LastGood.Tmp\INF\oem121.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem122.inf
C:\WINDOWS\LastGood.Tmp\INF\oem122.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem123.inf
C:\WINDOWS\LastGood.Tmp\INF\oem123.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem124.inf
C:\WINDOWS\LastGood.Tmp\INF\oem124.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem125.inf
C:\WINDOWS\LastGood.Tmp\INF\oem125.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem126.inf
C:\WINDOWS\LastGood.Tmp\INF\oem126.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem127.inf
C:\WINDOWS\LastGood.Tmp\INF\oem127.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem128.inf
C:\WINDOWS\LastGood.Tmp\INF\oem128.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem129.inf
C:\WINDOWS\LastGood.Tmp\INF\oem129.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem130.inf
C:\WINDOWS\LastGood.Tmp\INF\oem130.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem131.inf
C:\WINDOWS\LastGood.Tmp\INF\oem131.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem132.inf
C:\WINDOWS\LastGood.Tmp\INF\oem132.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem133.inf
C:\WINDOWS\LastGood.Tmp\INF\oem133.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem134.inf
C:\WINDOWS\LastGood.Tmp\INF\oem134.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem135.inf
C:\WINDOWS\LastGood.Tmp\INF\oem135.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem136.inf
C:\WINDOWS\LastGood.Tmp\INF\oem136.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem137.inf
C:\WINDOWS\LastGood.Tmp\INF\oem137.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem138.inf
C:\WINDOWS\LastGood.Tmp\INF\oem138.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem139.inf
C:\WINDOWS\LastGood.Tmp\INF\oem139.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem140.inf
C:\WINDOWS\LastGood.Tmp\INF\oem140.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem141.inf
C:\WINDOWS\LastGood.Tmp\INF\oem141.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem142.inf
C:\WINDOWS\LastGood.Tmp\INF\oem142.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem143.inf
C:\WINDOWS\LastGood.Tmp\INF\oem143.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem144.inf
C:\WINDOWS\LastGood.Tmp\INF\oem144.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem145.inf
C:\WINDOWS\LastGood.Tmp\INF\oem145.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem146.inf
C:\WINDOWS\LastGood.Tmp\INF\oem146.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem147.inf
C:\WINDOWS\LastGood.Tmp\INF\oem147.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem148.inf
C:\WINDOWS\LastGood.Tmp\INF\oem148.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem149.inf
C:\WINDOWS\LastGood.Tmp\INF\oem149.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem150.inf
C:\WINDOWS\LastGood.Tmp\INF\oem150.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem151.inf
C:\WINDOWS\LastGood.Tmp\INF\oem151.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem152.inf
C:\WINDOWS\LastGood.Tmp\INF\oem152.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem153.inf
C:\WINDOWS\LastGood.Tmp\INF\oem153.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem154.inf
C:\WINDOWS\LastGood.Tmp\INF\oem154.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem155.inf
C:\WINDOWS\LastGood.Tmp\INF\oem155.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem156.inf
C:\WINDOWS\LastGood.Tmp\INF\oem156.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem157.inf
C:\WINDOWS\LastGood.Tmp\INF\oem157.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem158.inf
C:\WINDOWS\LastGood.Tmp\INF\oem158.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem159.inf
C:\WINDOWS\LastGood.Tmp\INF\oem159.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem160.inf
C:\WINDOWS\LastGood.Tmp\INF\oem160.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem161.inf
C:\WINDOWS\LastGood.Tmp\INF\oem161.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem162.inf
C:\WINDOWS\LastGood.Tmp\INF\oem162.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem163.inf
C:\WINDOWS\LastGood.Tmp\INF\oem163.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem164.inf
C:\WINDOWS\LastGood.Tmp\INF\oem164.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem165.inf
C:\WINDOWS\LastGood.Tmp\INF\oem165.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem166.inf
C:\WINDOWS\LastGood.Tmp\INF\oem166.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem167.inf
C:\WINDOWS\LastGood.Tmp\INF\oem167.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem168.inf
C:\WINDOWS\LastGood.Tmp\INF\oem168.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem169.inf
C:\WINDOWS\LastGood.Tmp\INF\oem169.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem170.inf
C:\WINDOWS\LastGood.Tmp\INF\oem170.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem171.inf
C:\WINDOWS\LastGood.Tmp\INF\oem171.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem172.inf
C:\WINDOWS\LastGood.Tmp\INF\oem172.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem173.inf
C:\WINDOWS\LastGood.Tmp\INF\oem173.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem174.inf
C:\WINDOWS\LastGood.Tmp\INF\oem174.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem175.inf
C:\WINDOWS\LastGood.Tmp\INF\oem175.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem176.inf
C:\WINDOWS\LastGood.Tmp\INF\oem176.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem177.inf
C:\WINDOWS\LastGood.Tmp\INF\oem177.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem178.inf
C:\WINDOWS\LastGood.Tmp\INF\oem178.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem179.inf
C:\WINDOWS\LastGood.Tmp\INF\oem179.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem180.inf
C:\WINDOWS\LastGood.Tmp\INF\oem180.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem181.inf
C:\WINDOWS\LastGood.Tmp\INF\oem181.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem182.inf
C:\WINDOWS\LastGood.Tmp\INF\oem182.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem183.inf
C:\WINDOWS\LastGood.Tmp\INF\oem183.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem184.inf
C:\WINDOWS\LastGood.Tmp\INF\oem184.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem185.inf
C:\WINDOWS\LastGood.Tmp\INF\oem185.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem186.inf
C:\WINDOWS\LastGood.Tmp\INF\oem186.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem187.inf
C:\WINDOWS\LastGood.Tmp\INF\oem187.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem188.inf
C:\WINDOWS\LastGood.Tmp\INF\oem188.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem189.inf
C:\WINDOWS\LastGood.Tmp\INF\oem189.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem190.inf
C:\WINDOWS\LastGood.Tmp\INF\oem190.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem191.inf
C:\WINDOWS\LastGood.Tmp\INF\oem191.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem192.inf
C:\WINDOWS\LastGood.Tmp\INF\oem192.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem193.inf
C:\WINDOWS\LastGood.Tmp\INF\oem193.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem194.inf
C:\WINDOWS\LastGood.Tmp\INF\oem194.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem195.inf
C:\WINDOWS\LastGood.Tmp\INF\oem195.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem196.inf
C:\WINDOWS\LastGood.Tmp\INF\oem196.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem197.inf
C:\WINDOWS\LastGood.Tmp\INF\oem197.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem198.inf
C:\WINDOWS\LastGood.Tmp\INF\oem198.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem199.inf
C:\WINDOWS\LastGood.Tmp\INF\oem199.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem200.inf
C:\WINDOWS\LastGood.Tmp\INF\oem200.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem201.inf
C:\WINDOWS\LastGood.Tmp\INF\oem201.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem202.inf
C:\WINDOWS\LastGood.Tmp\INF\oem202.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem203.inf
C:\WINDOWS\LastGood.Tmp\INF\oem203.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem204.inf
C:\WINDOWS\LastGood.Tmp\INF\oem204.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem205.inf
C:\WINDOWS\LastGood.Tmp\INF\oem205.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem206.inf
C:\WINDOWS\LastGood.Tmp\INF\oem206.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem207.inf
C:\WINDOWS\LastGood.Tmp\INF\oem207.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem208.inf
C:\WINDOWS\LastGood.Tmp\INF\oem208.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem209.inf
C:\WINDOWS\LastGood.Tmp\INF\oem209.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem210.inf
C:\WINDOWS\LastGood.Tmp\INF\oem210.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem211.inf
C:\WINDOWS\LastGood.Tmp\INF\oem211.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem212.inf
C:\WINDOWS\LastGood.Tmp\INF\oem212.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem213.inf
C:\WINDOWS\LastGood.Tmp\INF\oem213.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem214.inf
C:\WINDOWS\LastGood.Tmp\INF\oem214.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem215.inf
C:\WINDOWS\LastGood.Tmp\INF\oem215.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem216.inf
C:\WINDOWS\LastGood.Tmp\INF\oem216.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem217.inf
C:\WINDOWS\LastGood.Tmp\INF\oem217.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem218.inf
C:\WINDOWS\LastGood.Tmp\INF\oem218.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem219.inf
C:\WINDOWS\LastGood.Tmp\INF\oem219.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem220.inf
C:\WINDOWS\LastGood.Tmp\INF\oem220.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem221.inf
C:\WINDOWS\LastGood.Tmp\INF\oem221.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem222.inf
C:\WINDOWS\LastGood.Tmp\INF\oem222.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem223.inf
C:\WINDOWS\LastGood.Tmp\INF\oem223.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem224.inf
C:\WINDOWS\LastGood.Tmp\INF\oem224.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem225.inf
C:\WINDOWS\LastGood.Tmp\INF\oem225.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem226.inf
C:\WINDOWS\LastGood.Tmp\INF\oem226.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem227.inf
C:\WINDOWS\LastGood.Tmp\INF\oem227.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem228.inf
C:\WINDOWS\LastGood.Tmp\INF\oem228.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem229.inf
C:\WINDOWS\LastGood.Tmp\INF\oem229.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem230.inf
C:\WINDOWS\LastGood.Tmp\INF\oem230.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem231.inf
C:\WINDOWS\LastGood.Tmp\INF\oem231.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem232.inf
C:\WINDOWS\LastGood.Tmp\INF\oem232.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem233.inf
C:\WINDOWS\LastGood.Tmp\INF\oem233.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem234.inf
C:\WINDOWS\LastGood.Tmp\INF\oem234.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem235.inf
C:\WINDOWS\LastGood.Tmp\INF\oem235.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem236.inf
C:\WINDOWS\LastGood.Tmp\INF\oem236.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem237.inf
C:\WINDOWS\LastGood.Tmp\INF\oem237.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem238.inf
C:\WINDOWS\LastGood.Tmp\INF\oem238.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem239.inf
C:\WINDOWS\LastGood.Tmp\INF\oem239.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem240.inf
C:\WINDOWS\LastGood.Tmp\INF\oem240.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem241.inf
C:\WINDOWS\LastGood.Tmp\INF\oem241.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem242.inf
C:\WINDOWS\LastGood.Tmp\INF\oem242.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem243.inf
C:\WINDOWS\LastGood.Tmp\INF\oem243.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem244.inf
C:\WINDOWS\LastGood.Tmp\INF\oem244.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem245.inf
C:\WINDOWS\LastGood.Tmp\INF\oem245.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem246.inf
C:\WINDOWS\LastGood.Tmp\INF\oem246.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem247.inf
C:\WINDOWS\LastGood.Tmp\INF\oem247.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem248.inf
C:\WINDOWS\LastGood.Tmp\INF\oem248.PNF
Finished
et le log hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 21:03:22, on 24/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Inventel\Gateway\WLANCFG.EXE
C:\program files\steam\steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Documents and Settings\Jérémy\Bureau\HiJackThis.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WLANCfg545] C:\Program Files\Inventel\Gateway\WLANCFG.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MMAgent] C:\Program Files\Mobile Master\MMAgent.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED4AFBA4-F4A0-46C8-92E8-93C5F40AD44A}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
voici le report
SDFix: Version 1.62
24/01/2007 - 20:57:34,76
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
MsaSvc
Path:
C:\WINDOWS\system32\msasvc.exe
MsaSvc Deleted
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Files will be copied to Backups folder and removed:
C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_SHCT_
Sprint.exe.exe - Deleted
Alternate Streams Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Rootkit PE386 Found!
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\
List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe
:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program
Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger
8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program
Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger
8.0 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program
Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program
Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program
Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program
Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"="C:\\Program
Files\\Teamspeak2_RC2\\TeamSpeak.exe:*:Enabled:Teamspeak RC2"
"C:\\Program Files\\WinRAR\\WinRAR.exe"="C:\\Program
Files\\WinRAR\\WinRAR.exe:*:Enabled:WinRAR"
"C:\\Program
Files\\Steam\\steamapps\\phamtom92\\counter-strike\\hl.exe"="C:\\P
rogram
Files\\Steam\\steamapps\\phamtom92\\counter-strike\\hl.exe:*:Enabl
ed:Half-Life Launcher"
"C:\\Program Files\\Inventel\\Gateway\\WLANCFG.EXE"="C:\\Program
Files\\Inventel\\Gateway\\WLANCFG.EXE:*:Enabled:Gestionnaire de
liaison sans fil"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program
Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program
Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\scvhost.exe"="C:\\WINDOWS\\scvhost.exe:*:Enabled:Mic
rosoft Windows"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program
Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program
Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\Li
st]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe
:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program
Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger
8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program
Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger
8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :
C:\NTDETECT.COM
C:\WINDOWS\system32\avisynth.dll
C:\WINDOWS\system32\AVSredirect.dll
C:\WINDOWS\system32\cygwin1.dll
C:\WINDOWS\system32\cygz.dll
C:\WINDOWS\system32\i420vfw.dll
C:\WINDOWS\system32\Smab.dll
C:\i386\cdplayer.exe.manifest
C:\i386\logonui.exe.manifest
C:\WINDOWS\meta4.exe
C:\WINDOWS\MOTA113.exe
C:\WINDOWS\x2.64.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\WINDOWS\system32\x.264.exe
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\WINDOWS\LastGood.Tmp\INF\oem114.inf
C:\WINDOWS\LastGood.Tmp\INF\oem114.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem115.inf
C:\WINDOWS\LastGood.Tmp\INF\oem115.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem116.inf
C:\WINDOWS\LastGood.Tmp\INF\oem116.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem117.inf
C:\WINDOWS\LastGood.Tmp\INF\oem117.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem118.inf
C:\WINDOWS\LastGood.Tmp\INF\oem118.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem119.inf
C:\WINDOWS\LastGood.Tmp\INF\oem119.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem120.inf
C:\WINDOWS\LastGood.Tmp\INF\oem120.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem121.inf
C:\WINDOWS\LastGood.Tmp\INF\oem121.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem122.inf
C:\WINDOWS\LastGood.Tmp\INF\oem122.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem123.inf
C:\WINDOWS\LastGood.Tmp\INF\oem123.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem124.inf
C:\WINDOWS\LastGood.Tmp\INF\oem124.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem125.inf
C:\WINDOWS\LastGood.Tmp\INF\oem125.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem126.inf
C:\WINDOWS\LastGood.Tmp\INF\oem126.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem127.inf
C:\WINDOWS\LastGood.Tmp\INF\oem127.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem128.inf
C:\WINDOWS\LastGood.Tmp\INF\oem128.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem129.inf
C:\WINDOWS\LastGood.Tmp\INF\oem129.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem130.inf
C:\WINDOWS\LastGood.Tmp\INF\oem130.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem131.inf
C:\WINDOWS\LastGood.Tmp\INF\oem131.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem132.inf
C:\WINDOWS\LastGood.Tmp\INF\oem132.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem133.inf
C:\WINDOWS\LastGood.Tmp\INF\oem133.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem134.inf
C:\WINDOWS\LastGood.Tmp\INF\oem134.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem135.inf
C:\WINDOWS\LastGood.Tmp\INF\oem135.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem136.inf
C:\WINDOWS\LastGood.Tmp\INF\oem136.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem137.inf
C:\WINDOWS\LastGood.Tmp\INF\oem137.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem138.inf
C:\WINDOWS\LastGood.Tmp\INF\oem138.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem139.inf
C:\WINDOWS\LastGood.Tmp\INF\oem139.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem140.inf
C:\WINDOWS\LastGood.Tmp\INF\oem140.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem141.inf
C:\WINDOWS\LastGood.Tmp\INF\oem141.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem142.inf
C:\WINDOWS\LastGood.Tmp\INF\oem142.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem143.inf
C:\WINDOWS\LastGood.Tmp\INF\oem143.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem144.inf
C:\WINDOWS\LastGood.Tmp\INF\oem144.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem145.inf
C:\WINDOWS\LastGood.Tmp\INF\oem145.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem146.inf
C:\WINDOWS\LastGood.Tmp\INF\oem146.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem147.inf
C:\WINDOWS\LastGood.Tmp\INF\oem147.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem148.inf
C:\WINDOWS\LastGood.Tmp\INF\oem148.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem149.inf
C:\WINDOWS\LastGood.Tmp\INF\oem149.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem150.inf
C:\WINDOWS\LastGood.Tmp\INF\oem150.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem151.inf
C:\WINDOWS\LastGood.Tmp\INF\oem151.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem152.inf
C:\WINDOWS\LastGood.Tmp\INF\oem152.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem153.inf
C:\WINDOWS\LastGood.Tmp\INF\oem153.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem154.inf
C:\WINDOWS\LastGood.Tmp\INF\oem154.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem155.inf
C:\WINDOWS\LastGood.Tmp\INF\oem155.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem156.inf
C:\WINDOWS\LastGood.Tmp\INF\oem156.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem157.inf
C:\WINDOWS\LastGood.Tmp\INF\oem157.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem158.inf
C:\WINDOWS\LastGood.Tmp\INF\oem158.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem159.inf
C:\WINDOWS\LastGood.Tmp\INF\oem159.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem160.inf
C:\WINDOWS\LastGood.Tmp\INF\oem160.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem161.inf
C:\WINDOWS\LastGood.Tmp\INF\oem161.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem162.inf
C:\WINDOWS\LastGood.Tmp\INF\oem162.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem163.inf
C:\WINDOWS\LastGood.Tmp\INF\oem163.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem164.inf
C:\WINDOWS\LastGood.Tmp\INF\oem164.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem165.inf
C:\WINDOWS\LastGood.Tmp\INF\oem165.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem166.inf
C:\WINDOWS\LastGood.Tmp\INF\oem166.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem167.inf
C:\WINDOWS\LastGood.Tmp\INF\oem167.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem168.inf
C:\WINDOWS\LastGood.Tmp\INF\oem168.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem169.inf
C:\WINDOWS\LastGood.Tmp\INF\oem169.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem170.inf
C:\WINDOWS\LastGood.Tmp\INF\oem170.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem171.inf
C:\WINDOWS\LastGood.Tmp\INF\oem171.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem172.inf
C:\WINDOWS\LastGood.Tmp\INF\oem172.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem173.inf
C:\WINDOWS\LastGood.Tmp\INF\oem173.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem174.inf
C:\WINDOWS\LastGood.Tmp\INF\oem174.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem175.inf
C:\WINDOWS\LastGood.Tmp\INF\oem175.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem176.inf
C:\WINDOWS\LastGood.Tmp\INF\oem176.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem177.inf
C:\WINDOWS\LastGood.Tmp\INF\oem177.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem178.inf
C:\WINDOWS\LastGood.Tmp\INF\oem178.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem179.inf
C:\WINDOWS\LastGood.Tmp\INF\oem179.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem180.inf
C:\WINDOWS\LastGood.Tmp\INF\oem180.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem181.inf
C:\WINDOWS\LastGood.Tmp\INF\oem181.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem182.inf
C:\WINDOWS\LastGood.Tmp\INF\oem182.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem183.inf
C:\WINDOWS\LastGood.Tmp\INF\oem183.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem184.inf
C:\WINDOWS\LastGood.Tmp\INF\oem184.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem185.inf
C:\WINDOWS\LastGood.Tmp\INF\oem185.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem186.inf
C:\WINDOWS\LastGood.Tmp\INF\oem186.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem187.inf
C:\WINDOWS\LastGood.Tmp\INF\oem187.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem188.inf
C:\WINDOWS\LastGood.Tmp\INF\oem188.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem189.inf
C:\WINDOWS\LastGood.Tmp\INF\oem189.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem190.inf
C:\WINDOWS\LastGood.Tmp\INF\oem190.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem191.inf
C:\WINDOWS\LastGood.Tmp\INF\oem191.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem192.inf
C:\WINDOWS\LastGood.Tmp\INF\oem192.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem193.inf
C:\WINDOWS\LastGood.Tmp\INF\oem193.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem194.inf
C:\WINDOWS\LastGood.Tmp\INF\oem194.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem195.inf
C:\WINDOWS\LastGood.Tmp\INF\oem195.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem196.inf
C:\WINDOWS\LastGood.Tmp\INF\oem196.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem197.inf
C:\WINDOWS\LastGood.Tmp\INF\oem197.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem198.inf
C:\WINDOWS\LastGood.Tmp\INF\oem198.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem199.inf
C:\WINDOWS\LastGood.Tmp\INF\oem199.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem200.inf
C:\WINDOWS\LastGood.Tmp\INF\oem200.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem201.inf
C:\WINDOWS\LastGood.Tmp\INF\oem201.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem202.inf
C:\WINDOWS\LastGood.Tmp\INF\oem202.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem203.inf
C:\WINDOWS\LastGood.Tmp\INF\oem203.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem204.inf
C:\WINDOWS\LastGood.Tmp\INF\oem204.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem205.inf
C:\WINDOWS\LastGood.Tmp\INF\oem205.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem206.inf
C:\WINDOWS\LastGood.Tmp\INF\oem206.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem207.inf
C:\WINDOWS\LastGood.Tmp\INF\oem207.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem208.inf
C:\WINDOWS\LastGood.Tmp\INF\oem208.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem209.inf
C:\WINDOWS\LastGood.Tmp\INF\oem209.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem210.inf
C:\WINDOWS\LastGood.Tmp\INF\oem210.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem211.inf
C:\WINDOWS\LastGood.Tmp\INF\oem211.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem212.inf
C:\WINDOWS\LastGood.Tmp\INF\oem212.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem213.inf
C:\WINDOWS\LastGood.Tmp\INF\oem213.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem214.inf
C:\WINDOWS\LastGood.Tmp\INF\oem214.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem215.inf
C:\WINDOWS\LastGood.Tmp\INF\oem215.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem216.inf
C:\WINDOWS\LastGood.Tmp\INF\oem216.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem217.inf
C:\WINDOWS\LastGood.Tmp\INF\oem217.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem218.inf
C:\WINDOWS\LastGood.Tmp\INF\oem218.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem219.inf
C:\WINDOWS\LastGood.Tmp\INF\oem219.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem220.inf
C:\WINDOWS\LastGood.Tmp\INF\oem220.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem221.inf
C:\WINDOWS\LastGood.Tmp\INF\oem221.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem222.inf
C:\WINDOWS\LastGood.Tmp\INF\oem222.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem223.inf
C:\WINDOWS\LastGood.Tmp\INF\oem223.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem224.inf
C:\WINDOWS\LastGood.Tmp\INF\oem224.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem225.inf
C:\WINDOWS\LastGood.Tmp\INF\oem225.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem226.inf
C:\WINDOWS\LastGood.Tmp\INF\oem226.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem227.inf
C:\WINDOWS\LastGood.Tmp\INF\oem227.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem228.inf
C:\WINDOWS\LastGood.Tmp\INF\oem228.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem229.inf
C:\WINDOWS\LastGood.Tmp\INF\oem229.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem230.inf
C:\WINDOWS\LastGood.Tmp\INF\oem230.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem231.inf
C:\WINDOWS\LastGood.Tmp\INF\oem231.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem232.inf
C:\WINDOWS\LastGood.Tmp\INF\oem232.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem233.inf
C:\WINDOWS\LastGood.Tmp\INF\oem233.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem234.inf
C:\WINDOWS\LastGood.Tmp\INF\oem234.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem235.inf
C:\WINDOWS\LastGood.Tmp\INF\oem235.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem236.inf
C:\WINDOWS\LastGood.Tmp\INF\oem236.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem237.inf
C:\WINDOWS\LastGood.Tmp\INF\oem237.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem238.inf
C:\WINDOWS\LastGood.Tmp\INF\oem238.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem239.inf
C:\WINDOWS\LastGood.Tmp\INF\oem239.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem240.inf
C:\WINDOWS\LastGood.Tmp\INF\oem240.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem241.inf
C:\WINDOWS\LastGood.Tmp\INF\oem241.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem242.inf
C:\WINDOWS\LastGood.Tmp\INF\oem242.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem243.inf
C:\WINDOWS\LastGood.Tmp\INF\oem243.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem244.inf
C:\WINDOWS\LastGood.Tmp\INF\oem244.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem245.inf
C:\WINDOWS\LastGood.Tmp\INF\oem245.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem246.inf
C:\WINDOWS\LastGood.Tmp\INF\oem246.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem247.inf
C:\WINDOWS\LastGood.Tmp\INF\oem247.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem248.inf
C:\WINDOWS\LastGood.Tmp\INF\oem248.PNF
Finished
et le log hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 21:03:22, on 24/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Inventel\Gateway\WLANCFG.EXE
C:\program files\steam\steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Documents and Settings\Jérémy\Bureau\HiJackThis.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WLANCfg545] C:\Program Files\Inventel\Gateway\WLANCFG.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MMAgent] C:\Program Files\Mobile Master\MMAgent.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED4AFBA4-F4A0-46C8-92E8-93C5F40AD44A}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
Re,
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.
AIDE : Tuto sur AVG Antispyware (Malekal)
Redémarre en mode sans échec
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement
Copie/Colle le rapport AVG AS ainsi qu'un rapport Hijackthis.
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.
AIDE : Tuto sur AVG Antispyware (Malekal)
Redémarre en mode sans échec
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement
Copie/Colle le rapport AVG AS ainsi qu'un rapport Hijackthis.
qu'est ce que c'etat long !!
log avg as
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:37:26 24/01/2007
+ Résultat de l'analyse:
C:\Program Files\SlySoft\CloneDVDmobile\CloneDVDmobile1.1.x.xPatch.exe -> Downloader.Delf.aup : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Jérémy\Local Settings\Application Data\Mozilla\Firefox\Profiles\9nuv0z9q.default\Cache(4)\32062957d01 -> Not-A-Virus.Hacktool.EvID : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
et le log hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 22:41:11, on 24/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Inventel\Gateway\WLANCFG.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\program files\steam\steam.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jérémy\Bureau\HiJackThis.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WLANCfg545] C:\Program Files\Inventel\Gateway\WLANCFG.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MMAgent] C:\Program Files\Mobile Master\MMAgent.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED4AFBA4-F4A0-46C8-92E8-93C5F40AD44A}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
log avg as
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:37:26 24/01/2007
+ Résultat de l'analyse:
C:\Program Files\SlySoft\CloneDVDmobile\CloneDVDmobile1.1.x.xPatch.exe -> Downloader.Delf.aup : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Jérémy\Local Settings\Application Data\Mozilla\Firefox\Profiles\9nuv0z9q.default\Cache(4)\32062957d01 -> Not-A-Virus.Hacktool.EvID : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
et le log hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 22:41:11, on 24/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Inventel\Gateway\WLANCFG.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\program files\steam\steam.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jérémy\Bureau\HiJackThis.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WLANCfg545] C:\Program Files\Inventel\Gateway\WLANCFG.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MMAgent] C:\Program Files\Mobile Master\MMAgent.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED4AFBA4-F4A0-46C8-92E8-93C5F40AD44A}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
Re,
Fais un scan en ligne Kaspersky avec Internet Explorer :
Clique sur ![]()
Clique maintenant sur J'accepte.
Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
Patiente pendant l'installation des Mises à jour.
Choisis par la suite l'analyse du Poste de travail
Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE : Configurer le contrôle des ActiveX
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
AIDE : Configurer le contrôle des ActiveX
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- solutionsProbleme .exe de minecraft
- ForumProbleme de suppression de fichier exe
- ForumProbleme fichiers lnk et exe
- ForumProbleme .exe
- ForumWoobrowser .exe a rencontré un probleme
- ForumProbleme au demarage avec l'explorer.exe
- ForumProbleme lancement fichier exe
- ForumProbleme exe windows 7
- ForumProbleme explorer exe vista
- ForumProbleme fichier exe
- Voir plus
