Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Virus Worm.Win32.Mabezat.b

Dernière réponse le 25 sep 2009 à 01:41:32 imanou_16, le 23 mar 2008 à 23:13:29

Signaler ce message aux modérateurs

Bonjour,
svp juste après avoir installé lantivirus Kasper mon p a ralenti et lantivirus a repéré le virus Worm.Win32.Mabezat.b sur un fichier et il est écrit réparation impossible .
Comment me débarasser de ce virus ? svp aidez moi cest une urgence

Configuration: Windows XP
Internet Explorer 6.0

Meilleures réponses pour « virus Worm.Win32.Mabezat.b » dans :

Virus Worm.Win32.Mabezat.b Voir

Besoin d'aide virus Worm.Win32.RJump.a Voir

Enlever un virus Worm.Win32.AutoRun.cyz Voir

Supprimer le virus worm.win32.VB.dz Voir

Worm.win32.mabezat.b (Résolu) Voir

Au sujet du virus Worm-Win32-Mabezat.b Voir

Posez votre question Répondre

dorgane, le 23 mar 2008 à 23:14:36

Salut,

1./
Télécharger CCleaner (installe pas la barre de Yahoo ) :
http://www.01net.com/...

lance le, dans nettoyeur clique sur lancer le nettoyage puis dans Registre fait chercher et répare les erreurs autant de fois qu'il y en n'a.

2/
On enlève le plus gros :

fait un scan en ligne avec internet explore, si tu as firefox fait:
démarrer -> executer -> tape : iexplore (puis valide)

(coche toutes les cases à chaque fois) :
http://www.eset-nod32.fr/scanner.html

à la fin colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt

si ta besoin d'aide tu as un tutoriel ici : http://bibou0007.com/tutos-et-lexique-f45/tutorial-nod32-online-scanner-t128.htm

3/
Ensuite une fois fini fait un rapport hijackthis :
http://www.01net.com/...

tu le télécharges, tu le lances et tu cliquera sur le premier bouton en haut "Do a system scan and save a logfile"
tu colleras le fichier texte ici ;).

PS : Ne fermes pas le programme

Répondre à dorgane

imanou_16, le 23 mar 2008 à 23:26:39

Dsl je suis habituée de parler dans des forums
je nai po bien compris cke tu ma di

Répondre à imanou_16

imanou_16, le 23 mar 2008 à 23:47:41

Je suis po une experte du domaine donc stp rxplike moi la 2eme étape je ne lai po comprise
svp

Répondre à imanou_16

imanou_16, le 23 mar 2008 à 23:52:03

Re
c enore moi mais jai ouvert le lien http://www.eset-nod32.fr/scanner.html et je c po koi faire
ps: je nai po firefox et je suis dsl si je vs dérange mais curgent

Répondre à imanou_16

imanou_16, le 23 mar 2008 à 23:22:45

Dsl je suis habituée de parler dans des forums
je nai po bin compris cke tu ma di

Répondre à imanou_16

imanou_16, le 23 mar 2008 à 23:46:39

Je vous en supplie aidez moi
help me
pour me débarasser de ce virus Worm.Win32.Mabezat.b

Répondre à imanou_16

dorgane, le 23 mar 2008 à 23:48:53

Il suffit de cliquer sur le lien et suivre ce que je t'es dit....

Répondre à dorgane

dorgane, le 24 mar 2008 à 00:08:37

Ben tu clique sur suivant lol

Répondre à dorgane

imanou_16, le 24 mar 2008 à 00:20:31

Mais ya po de suivant dans ce lien la
reexplike moi tt
stp

Répondre à imanou_16

RACHSAD, le 15 jun 2008 à 22:45:40

Bonjour

SVP je n'arrive pas à neutraliser ce virus, merci d'avance de m'aider pour le vaincre.

Répondre à RACHSAD

dorgane, le 15 jun 2008 à 22:47:23

Tu as tout en image ici :
si ta besoin d'aide tu as un tutoriel ici : http://bibou0007.com/tutos-et-lexique-f45/tutorial-nod32-online-scanner-t128.htm

si tu sais pas lire je ne peux pas t'aider.

Répondre à dorgane

amino, le 30 nov 2008 à 14:54:26

S v p si vous avez recu une solution sur votre probleme de mabezat aide moi merci mon e mail : amineig@yahoo.fr

Répondre à amino

alabeni, le 2 jan 2009 à 17:55:25

Mon pc est infecté par le virus "worm.win32.mabezat.b",
je trouve pas de remede pour ce virus malgré que mon
symantic anti virus le detecté mais il parvien pas
a le supprimé totalemen du pc,il l'ignore toujours.aussi kaspersky il le detecte et il affiche dans le journal qu'il a suprimer
mais quand je refiar l'anylise il le detecte encore ....et je reste comme ca dans une boucle .
j ai fait la nalyse avec anti malaware (malaware bytes ) mais pas de resulta
N.B ca dans touts les ordinateurs de l'entreprise
SVP aider moi

Répondre à alabeni

florill, le 18 fév 2009 à 23:39:27

Salut,je viens de trouver
http://www.softpedia.com/progDownload/Win32-Mabezat-Remover-Download-105652.html

Répondre à florill

piwo, le 5 mar 2009 à 12:46:15

Voici info

info.txt logfile of random's system information tool 1.05 2009-03-05 12:41:58

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Assistant Publication de sites Web Microsoft 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Bibliothèques GTK+ 2.12.12 rev a (supprimer uniquement)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
FreeCall-->"C:\Program Files\FreeCall.com\FreeCall\unins000.exe"
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
McAfee Anti-Spyware Enterprise Module-->C:\Program Files\Network Associates\VirusScan\csscan.exe /UninstallMAS
McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 6.0 Édition Entreprise (Français)-->"C:\Program Files\Microsoft Visual Studio\VB98\Setup\1036\Setup.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Miranda IM 0.7.14-->C:\Program Files\Miranda IM\Uninstall.exe
Mozilla Firefox (3.0)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSDN Library pour Visual Studio 6.0a (Français)-->"C:\Program Files\Microsoft Visual Studio\MSDN98\98VSa\1036\Setup\Setup.exe"
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Demo-->MsiExec.exe /I{C985153C-3801-EB63-1432-088E71801033}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
PlayTV Pro-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Prolink\PlayTV Pro\DeIsL1.isu" -c"C:\Program Files\Prolink\PlayTV Pro\_ISREG32.DLL"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\SETUP.EXE" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
Total Video Converter 3.01-->"C:\Program Files\Total Video Converter\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 081127-0] (outdated)

System event log

Computer Name: AUGUSTIN
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.

Record Number: 9537
Source Name: Service Control Manager
Time Written: 20090202063121.000000+060
Event Type: information
User:

Computer Name: AUGUSTIN
Event Code: 7036
Message: The Application Layer Gateway Service service entered the running state.

Record Number: 9536
Source Name: Service Control Manager
Time Written: 20090202063108.000000+060
Event Type: information
User:

Computer Name: AUGUSTIN
Event Code: 7035
Message: The EntDrv51 service was successfully sent a start control.

Record Number: 9535
Source Name: Service Control Manager
Time Written: 20090202063108.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: AUGUSTIN
Event Code: 7035
Message: The Application Layer Gateway Service service was successfully sent a start control.

Record Number: 9534
Source Name: Service Control Manager
Time Written: 20090202063105.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: AUGUSTIN
Event Code: 7036
Message: The SSDP Discovery Service service entered the running state.

Record Number: 9533
Source Name: Service Control Manager
Time Written: 20090202063103.000000+060
Event Type: information
User:

Application event log

Computer Name: AUGUSTIN
Event Code: 1002
Message: Hanging application pidgin.exe, version 2.5.3.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 453
Source Name: Application Hang
Time Written: 20090302174726.000000+060
Event Type: error
User:

Computer Name: AUGUSTIN
Event Code: 1002
Message: Hanging application pidgin.exe, version 2.5.3.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 452
Source Name: Application Hang
Time Written: 20090302174719.000000+060
Event Type: error
User:

Computer Name: AUGUSTIN
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 451
Source Name: SecurityCenter
Time Written: 20090302173353.000000+060
Event Type: information
User:

Computer Name: AUGUSTIN
Event Code: 1001
Message: Checking file system on F:
The type of the file system is NTFS.
Volume label is Nouveau nom.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Cleaning up 1 unused index entries from index $SII of file 0x9.
Cleaning up 1 unused index entries from index $SDH of file 0x9.
Cleaning up 1 unused security descriptors.

19430585 KB total disk space.
14483424 KB in 15370 files.
4816 KB in 1389 indexes.
0 KB in bad sectors.
84265 KB in use by the system.
65536 KB occupied by the log file.
4858080 KB available on disk.

4096 bytes in each allocation unit.
4857646 total allocation units on disk.
1214520 allocation units available on disk.

Internal Info:
10 45 00 00 82 41 00 00 50 56 00 00 00 00 00 00 .E...A..PV......
af 00 00 00 00 00 00 00 41 00 00 00 00 00 00 00 ........A.......
80 83 62 01 00 00 00 00 00 02 45 0b 00 00 00 00 ..b.......E.....
f0 94 14 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 90 35 69 15 00 00 00 00 .........5i.....
99 9e 36 00 00 00 00 00 b0 3b 07 00 0a 3c 00 00 ..6......;...<..
00 00 00 00 00 80 ff 73 03 00 00 00 6d 05 00 00 .......s....m...

Record Number: 450
Source Name: Winlogon
Time Written: 20090302173238.000000+060
Event Type: information
User:

Computer Name: AUGUSTIN
Event Code: 1001
Message: Checking file system on D:
The type of the file system is NTFS.
Volume label is Nouveau nom.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Cleaning up 1 unused index entries from index $SII of file 0x9.
Cleaning up 1 unused index entries from index $SDH of file 0x9.
Cleaning up 1 unused security descriptors.

8859815 KB total disk space.
8391804 KB in 16554 files.
4788 KB in 1058 indexes.
0 KB in bad sectors.
64799 KB in use by the system.
46352 KB occupied by the log file.
398424 KB available on disk.

4096 bytes in each allocation unit.
2214953 total allocation units on disk.
99606 allocation units available on disk.

Internal Info:
20 45 00 00 d7 44 00 00 0c 58 00 00 00 00 00 00 E...D...X......
59 00 00 00 00 00 00 00 37 00 00 00 00 00 00 00 Y.......7.......
c0 d9 74 01 00 00 00 00 30 89 46 0b 00 00 00 00 ..t.....0.F.....
70 5b 08 01 00 00 00 00 00 00 00 00 00 00 00 00 p[..............
00 00 00 00 00 00 00 00 d0 d9 e8 14 00 00 00 00 ................
99 9e 36 00 00 00 00 00 b0 3b 07 00 aa 40 00 00 ..6......;...@..
00 00 00 00 00 f0 31 00 02 00 00 00 22 04 00 00 ......1....."...

Record Number: 449
Source Name: Winlogon
Time Written: 20090302173238.000000+060
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 7 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0703
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

voici log

Logfile of random's system information tool 1.05 (written by random/random)
Run by augustin at 2009-03-05 12:40:39
Microsoft Windows XP Professional Service Pack 2
System drive C: has 760 MB (8%) free of 9 GB
Total RAM: 192 MB (13% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-26 304736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Network Associates Error Reporting Service"=C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-26 185872]
"MsgCenterExe"=C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe [2008-11-26 69632]
"PowerS"=C:\WINDOWS\PowerS.exe [2001-08-03 159800]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-11-02 167936]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe []
"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2005-03-14 1057280]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208]
"aecgw"=c:\documents and settings\augustin\local settings\application data\aecgw.exe [2009-01-11 229376]
"FreeCall"=C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe [2007-04-17 7247408]
"cdoosoft"=C:\WINDOWS\system32\olhrwef.exe [2009-02-07 108562]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Remote Control.lnk - C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
Schedule Manager.lnk - C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-10 52224]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogOff"=0
"NoSetFolders"=0
"NofolderOptions"=0
"NoFind"=0
"NoRun"=0
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoFolderOptions"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe"="C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe:*:Enabled:InternetCalls"
"C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Microsoft Visual Studio\VB98\VB6.EXE"="C:\Program Files\Microsoft Visual Studio\VB98\VB6.EXE:*:Enabled:Visual Basic"
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27a865a0-f947-11dd-947c-0050bf20f7c0}]
shell\AutoRun\command - J:\m0vnonh.bat
shell\open\command - J:\m0vnonh.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ac277d0-db62-11dd-a8c5-0050bf20f7c0}]
shell\AutoRun\command - J:\m0vnonh.bat
shell\open\command - J:\m0vnonh.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88347021-b63f-11dd-abce-0000b4834314}]
shell\AutoRun\command - J:\uxkktr.cmd
shell\explore\command - J:\uxkktr.cmd
shell\open\command - J:\uxkktr.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1356565-e24f-11dd-a8e1-0050bf20f7c0}]
shell\autOpLAy\command - eaup.exe
shell\AutoRun\command - eaup.exe
shell\eXplorE\command - eaup.exe
shell\Open\command - eaup.exe

======List of files/folders created in the last 1 months======

2009-03-05 12:40:48 ----D---- C:\Program Files\trend micro
2009-03-05 12:40:39 ----D---- C:\rsit
2009-03-05 12:33:14 ----A---- C:\WINDOWS\TSCTNDBG.INI
2009-03-05 11:23:43 ----RSH---- C:\m0vnonh.bat
2009-03-04 19:45:51 ----D---- C:\Documents and Settings\All Users\Application Data\Network Associates
2009-03-04 19:45:15 ----D---- C:\Program Files\Network Associates
2009-03-04 19:45:15 ----D---- C:\Program Files\Common Files\Network Associates
2009-02-15 18:10:59 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-02-15 18:10:59 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-02-13 21:44:40 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-11 19:34:38 ----RSH---- C:\WINDOWS\system32\nmdfgds0.dll
2009-02-11 19:34:37 ----RSH---- C:\WINDOWS\system32\olhrwef.exe

======List of files/folders modified in the last 1 months======

2009-03-05 12:41:40 ----A---- C:\WINDOWS\TSNV_I2C.INI
2009-03-05 12:40:48 ----RD---- C:\Program Files
2009-03-05 12:40:36 ----D---- C:\WINDOWS\Prefetch
2009-03-05 12:33:14 ----D---- C:\WINDOWS
2009-03-05 12:33:13 ----A---- C:\WINDOWS\Tsctvfm.ini
2009-03-05 12:32:51 ----A---- C:\WINDOWS\TSCTV.INI
2009-03-05 12:32:45 ----D---- C:\WINDOWS\Temp
2009-03-05 12:29:32 ----A---- C:\WINDOWS\IFOLDER.INI
2009-03-05 12:29:31 ----D---- C:\WINDOWS\system32\drivers
2009-03-05 12:29:31 ----D---- C:\WINDOWS\system32
2009-03-05 12:26:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-05 11:53:33 ----D---- C:\quarantine
2009-03-04 19:47:39 ----SHD---- C:\WINDOWS\Installer
2009-03-04 19:45:15 ----D---- C:\Program Files\Common Files
2009-03-04 19:12:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-04 19:07:06 ----D---- C:\Documents and Settings\augustin\Application Data\.purple
2009-03-04 18:34:47 ----D---- C:\WINDOWS\Minidump
2009-03-04 07:18:19 ----HD---- C:\WINDOWS\inf
2009-03-04 07:17:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-03 19:57:13 ----SD---- C:\Documents and Settings\augustin\Application Data\Microsoft
2009-03-03 19:43:40 ----SHD---- C:\RECYCLER
2009-03-03 17:58:09 ----D---- C:\Program Files\Mozilla Firefox
2009-03-02 17:51:14 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-02 17:50:53 ----A---- C:\WINDOWS\PIXELTV.INI
2009-02-15 22:02:09 ----D---- C:\WINDOWS\system32\config
2009-02-13 21:45:35 ----D---- C:\Documents and Settings
2009-02-13 09:53:15 ----D---- C:\Documents and Settings\augustin\Application Data\vlc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2005-01-14 58464]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 BT878;BtCap, WDM Video Capture; C:\WINDOWS\system32\drivers\BT878.SYS [2004-04-07 100092]
R2 BTTUNER;BtTuner, WDM TV Tuner; C:\WINDOWS\system32\drivers\BTTUNER.SYS [2004-04-07 28127]
R2 BTXBAR;BtXBar, WDM Crossbar; C:\WINDOWS\system32\drivers\BTXBAR.SYS [2004-04-07 8301]
R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-01-14 108480]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 ne2000;Novell/Eagle NE2000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\ne2000.sys [2001-08-17 15872]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-05-10 40704]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\augustin\LOCALS~1\Temp\mc21.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2004-09-22 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-09-22 28672]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe []
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe /service []
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe /service []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-10 827392]

-----------------EOF-----------------

Répondre à piwo

smalto, le 25 sep 2009 à 01:39:25

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=37125
OnlineCmdLineScanner.exe@High:Finished with error106 Update status=12 3.0.2
lost connection with client# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=3d611f9b19d0d846a2208b213989de0b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-09-24 08:21:14
# local_time=2009-09-24 09:21:14 (+0000, GMT (heure d'été))
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 41 100 100 1176369531250
# compatibility_mode=3588 61 100 100 1670302968750
# scanned=25215
# found=2
# cleaned=2
# scan_time=10463
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHCA8.tmp a variant of Win32/AdInstaller application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Propriétaire\Local Settings\Temp\NOD2134.tmp Win32/Toolbar.AskSBar application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

Répondre à smalto

smalto, le 25 sep 2009 à 01:41:32

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36:54, on 24/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~3\VideoAcceleratorService.exe
C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\s3graphics\chrome3\S3Funkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~3\VideoAcceleratorEngine.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=14090&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Exploiter
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
F3 - REG:win.ini: load=C:\WINDOWS\system32\KHATRA.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: SPEEDBIT1 - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\Program Files\SpeedBit Toolbar\Toolbar\SpeedBit.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: SpeedBit - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\Program Files\SpeedBit Toolbar\Toolbar\SpeedBit.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Funkey] C:\Program Files\s3graphics\chrome3\S3Funkey.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Policies\Explorer\Run: [G_Host] "C:\WINDOWS\System\gHost.exe" /Reproduce
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a5b82c935bf347559c1ea13c831647c3
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a5b82c935bf347559c1ea13c831647c3
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~3\VideoAcceleratorService.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
End of file - 9694 bytes

Répondre à smalto

Posez votre question Répondre