Aller au contenu

emmaube

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    8

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par emmaube

  1. emmaube
    Merci, Angélique.
  2. emmaube
    Oui Je ne sais pas ce que c'est. Sur un de mes 2 clés, j'ai trouvé un fichier UFO.exe que j'ai supprimé. Rien d'autre Je vais faire la procédure que tu m'indiques.
  3. emmaube
    Toujours pareil, je crois... ComboFix 08-03-18.1 - Emma & Céd 2008-03-19 14:43:51.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.216 [GMT 1:00] Endroit: C:\Documents and Settings\Emma & Céd\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Emma & CÚd\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))))))) . 2008-03-19 14:37 . 2004-08-05 13:00 400,896 --a------ C:\WINDOWS\system32\CF14356.exe 2008-03-19 10:15 . 2008-03-19 10:15 <REP> d-------- C:\Program Files\CCleaner 2008-03-14 23:22 . 2005-07-26 12:46 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-03-14 23:22 . 2005-07-26 12:46 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-03-14 23:22 . 2005-07-26 10:50 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-03-14 23:22 . 2005-07-26 10:56 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-03-14 23:22 . 2005-07-26 11:24 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-03-14 23:22 . 2005-07-26 10:56 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris 2008-03-14 23:22 . 2005-07-26 11:24 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-03-02 10:08 . 2003-12-15 19:44 73,728 --a------ C:\WINDOWS\system32\VNUSB.dll 2008-03-02 10:08 . 2003-06-13 17:49 73,728 --a------ C:\WINDOWS\system32\DW90USB.DLL 2008-03-02 10:08 . 2001-04-09 19:17 39,096 --a------ C:\WINDOWS\system32\drivers\DW90USB.SYS 2008-03-02 10:08 . 2003-12-15 18:22 38,448 --a------ C:\WINDOWS\system32\drivers\VNUSB.sys 2008-03-01 11:49 . 2008-03-02 10:31 <REP> d-------- C:\Program Files\Olympus 2008-02-27 13:33 . 2008-03-15 16:23 <REP> d-------- C:\Program Files\Accent OFFICE Password Recovery 2008-02-27 12:30 . 2008-02-27 15:19 <REP> d-------- C:\Program Files\PasswordTools 2008-02-27 12:23 . 2008-03-15 16:23 <REP> d-------- C:\Program Files\Accent WORD Password Recovery 2008-02-27 12:16 . 2008-02-27 12:16 <REP> d-------- C:\Program Files\VuPassword 2008-02-27 12:16 . 2006-03-01 02:00 44,032 --a------ C:\WINDOWS\system32\VuPassword.dll 2008-02-27 10:24 . 2008-02-27 10:28 <REP> d-------- C:\Program Files\ElcomSoft 2008-02-27 10:24 . 2008-02-27 10:25 1,282 --a------ C:\WINDOWS\ARCHPR4.INI 2008-02-23 10:37 . 2008-02-23 10:37 <REP> d-------- C:\Program Files\TomTom HOME 2 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-19 13:46 33,671,712 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-03-19 13:46 1,136,928 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-03-19 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-19 09:54 451,256 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-03-19 09:54 107,624 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-03-17 09:05 --------- d-----w C:\Program Files\Logitech 2008-03-12 18:39 --------- d-----w C:\Program Files\IKEA HomePlanner 2008-03-12 18:24 --------- d-----w C:\Documents and Settings\Emma & Céd\Application Data\Skype 2008-03-12 17:20 --------- d-----w C:\Documents and Settings\Emma & Céd\Application Data\skypePM 2008-03-12 17:10 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-03-02 09:31 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-13 08:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom 2008-02-01 09:16 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-01-28 09:36 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-01-28 09:32 --------- d-----w C:\Program Files\Skype 2008-01-28 09:32 --------- d-----w C:\Program Files\Fichiers communs\Skype 2008-01-28 09:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-01-27 13:25 --------- d-----w C:\Documents and Settings\Emma & Céd\Application Data\Cool Record Edit Pro 2008-01-22 15:23 --------- d-----w C:\Documents and Settings\Emma & Céd\Application Data\ArcSoft 2006-10-17 13:50 406 -c--a-w C:\Documents and Settings\Emma & Céd\Application Data\wklnhst.dat 2006-08-14 22:08 2,359,350 -c--a-w C:\Program Files\ZMBWLP.BMP 2006-08-14 21:54 82,107 -c--a-w C:\Program Files\Desinstal.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ] "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 11:58 206184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 17:48 77824 C:\WINDOWS\SOUNDMAN.EXE] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 20:05 344064] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 10:38 892928] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600] "EoEngine"="" [] "EoWeather"="" [] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 01:36 81920] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 15:24 278528] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-20 14:32 282624] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] C:\Documents and Settings\Emma & C‚d\Menu D‚marrer\Programmes\D‚marrage\ wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 01:54:26 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\FTP Explorer\\ftpx.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Puzzle bubble\\PB.EXE"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] S3 keychain;M Three KeyChain Driver 03/09/2005, 1.0.0.2;C:\WINDOWS\system32\DRIVERS\keychain.sys [2005-10-04 10:16] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30506396-bec1-11dc-b019-00148541db82}] \Shell\AutoRun\command - E:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f94664a-7bfb-11dc-af03-00148541db82}] \Shell\Auto\command - E:\UFO.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a166e503-88bd-11dc-af3b-00148541db82}] \Shell\Auto\command - E:\UFO.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-19 14:46:31 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-19 14:47:16 ComboFix2.txt 2008-03-19 13:22:47 ComboFix3.txt 2008-03-19 11:10:03 . 2008-03-12 15:00:54 --- E O F ---
  4. emmaube
    Voilà : ComboFix 08-03-18.1 - Emma & Céd 2008-03-19 14:18:58.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.223 [GMT 1:00] Endroit: C:\Documents and Settings\Emma & Céd\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Emma & CÚd\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))))))) . 2008-03-19 10:15 . 2008-03-19 10:15 <REP> d-------- C:\Program Files\CCleaner 2008-03-14 23:22 . 2005-07-26 12:46 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-03-14 23:22 . 2005-07-26 12:46 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-03-14 23:22 . 2005-07-26 10:50 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-03-14 23:22 . 2005-07-26 10:56 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-03-14 23:22 . 2005-07-26 11:24 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-03-14 23:22 . 2005-07-26 10:56 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris 2008-03-14 23:22 . 2005-07-26 11:24 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-03-02 10:08 . 2003-12-15 19:44 73,728 --a------ C:\WINDOWS\system32\VNUSB.dll 2008-03-02 10:08 . 2003-06-13 17:49 73,728 --a------ C:\WINDOWS\system32\DW90USB.DLL 2008-03-02 10:08 . 2001-04-09 19:17 39,096 --a------ C:\WINDOWS\system32\drivers\DW90USB.SYS 2008-03-02 10:08 . 2003-12-15 18:22 38,448 --a------ C:\WINDOWS\system32\drivers\VNUSB.sys 2008-03-01 11:49 . 2008-03-02 10:31 <REP> d-------- C:\Program Files\Olympus 2008-02-27 13:33 . 2008-03-15 16:23 <REP> d-------- C:\Program Files\Accent OFFICE Password Recovery 2008-02-27 12:30 . 2008-02-27 15:19 <REP> d-------- C:\Program Files\PasswordTools 2008-02-27 12:23 . 2008-03-15 16:23 <REP> d-------- C:\Program Files\Accent WORD Password Recovery 2008-02-27 12:16 . 2008-02-27 12:16 <REP> d-------- C:\Program Files\VuPassword 2008-02-27 12:16 . 2006-03-01 02:00 44,032 --a------ C:\WINDOWS\system32\VuPassword.dll 2008-02-27 10:24 . 2008-02-27 10:28 <REP> d-------- C:\Program Files\ElcomSoft 2008-02-27 10:24 . 2008-02-27 10:25 1,282 --a------ C:\WINDOWS\ARCHPR4.INI 2008-02-23 10:37 . 2008-02-23 10:37 <REP> d-------- C:\Program Files\TomTom HOME 2 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-19 13:21 33,630,496 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-03-19 13:21 1,135,136 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-03-19 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-19 09:54 451,256 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-03-19 09:54 107,624 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-03-17 09:05 --------- d-----w C:\Program Files\Logitech 2008-03-12 18:39 --------- d-----w C:\Program Files\IKEA HomePlanner 2008-03-12 18:24 --------- d-----w C:\Documents and Settings\Emma & Céd\Application Data\Skype 2008-03-12 17:20 --------- d-----w C:\Documents and Settings\Emma & Céd\Application Data\skypePM 2008-03-12 17:10 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-03-02 09:31 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-13 08:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom 2008-02-01 09:16 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-01-28 09:36 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-01-28 09:32 --------- d-----w C:\Program Files\Skype 2008-01-28 09:32 --------- d-----w C:\Program Files\Fichiers communs\Skype 2008-01-28 09:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-01-27 13:25 --------- d-----w C:\Documents and Settings\Emma & Céd\Application Data\Cool Record Edit Pro 2008-01-22 15:23 --------- d-----w C:\Documents and Settings\Emma & Céd\Application Data\ArcSoft 2006-10-17 13:50 406 -c--a-w C:\Documents and Settings\Emma & Céd\Application Data\wklnhst.dat 2006-08-14 22:08 2,359,350 -c--a-w C:\Program Files\ZMBWLP.BMP 2006-08-14 21:54 82,107 -c--a-w C:\Program Files\Desinstal.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ] "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 11:58 206184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 17:48 77824 C:\WINDOWS\SOUNDMAN.EXE] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 20:05 344064] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 10:38 892928] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600] "EoEngine"="" [] "EoWeather"="" [] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 01:36 81920] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 15:24 278528] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-20 14:32 282624] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] C:\Documents and Settings\Emma & C‚d\Menu D‚marrer\Programmes\D‚marrage\ wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 01:54:26 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\FTP Explorer\\ftpx.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Puzzle bubble\\PB.EXE"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] S3 keychain;M Three KeyChain Driver 03/09/2005, 1.0.0.2;C:\WINDOWS\system32\DRIVERS\keychain.sys [2005-10-04 10:16] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30506396-bec1-11dc-b019-00148541db82}] \Shell\AutoRun\command - E:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f94664a-7bfb-11dc-af03-00148541db82}] \Shell\Auto\command - E:\UFO.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a166e503-88bd-11dc-af3b-00148541db82}] \Shell\Auto\command - E:\UFO.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-19 14:21:48 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-19 14:22:46 ComboFix2.txt 2008-03-19 11:10:03 . 2008-03-12 15:00:54 --- E O F ---
  5. emmaube
    Le rapport : ComboFix 08-03-14.4 - Emma & Céd 2008-03-19 12:04:51.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.198 [GMT 1:00] Endroit: C:\Documents and Settings\Emma & Céd\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Emma & CÚd\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))))))) . 2008-03-19 11:01 . 2008-03-19 11:01 <REP> d-------- C:\_OTMoveIt 2008-03-19 10:15 . 2008-03-19 10:15 <REP> d-------- C:\Program Files\CCleaner 2008-03-14 23:22 . 2005-07-26 12:46 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-03-14 23:22 . 2005-07-26 12:46 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-03-14 23:22 . 2005-07-26 10:50 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-03-14 23:22 . 2005-07-26 10:56 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-03-14 23:22 . 2005-07-26 11:24 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-03-14 23:22 . 2005-07-26 10:56 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris 2008-03-14 23:22 . 2005-07-26 11:24 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-03-02 10:08 . 2003-12-15 19:44 73,728 --a------ C:\WINDOWS\system32\VNUSB.dll 2008-03-02 10:08 . 2003-06-13 17:49 73,728 --a------ C:\WINDOWS\system32\DW90USB.DLL 2008-03-02 10:08 . 2001-04-09 19:17 39,096 --a------ C:\WINDOWS\system32\drivers\DW90USB.SYS 2008-03-02 10:08 . 2003-12-15 18:22 38,448 --a------ C:\WINDOWS\system32\drivers\VNUSB.sys 2008-03-01 11:49 . 2008-03-02 10:31 <REP> d-------- C:\Program Files\Olympus 2008-02-27 13:33 . 2008-03-15 16:23 <REP> d-------- C:\Program Files\Accent OFFICE Password Recovery 2008-02-27 12:30 . 2008-02-27 15:19 <REP> d-------- C:\Program Files\PasswordTools 2008-02-27 12:23 . 2008-03-15 16:23 <REP> d-------- C:\Program Files\Accent WORD Password Recovery 2008-02-27 12:16 . 2008-02-27 12:16 <REP> d-------- C:\Program Files\VuPassword 2008-02-27 12:16 . 2006-03-01 02:00 44,032 --a------ C:\WINDOWS\system32\VuPassword.dll 2008-02-27 10:24 . 2008-02-27 10:28 <REP> d-------- C:\Program Files\ElcomSoft 2008-02-27 10:24 . 2008-02-27 10:25 1,282 --a------ C:\WINDOWS\ARCHPR4.INI 2008-02-23 10:37 . 2008-02-23 10:37 <REP> d-------- C:\Program Files\TomTom HOME 2 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-19 11:08 33,535,520 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-03-19 11:08 1,131,040 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-03-19 10:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-19 09:54 451,256 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-03-19 09:54 107,624 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-03-17 09:05 --------- d-----w C:\Program Files\Logitech 2008-03-12 18:39 --------- d-----w C:\Program Files\IKEA HomePlanner 2008-03-12 18:24 --------- d-----w C:\Documents and Settings\Emma & Céd\Application Data\Skype 2008-03-12 17:20 --------- d-----w C:\Documents and Settings\Emma & Céd\Application Data\skypePM 2008-03-12 17:10 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-03-02 09:31 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-13 08:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom 2008-02-01 09:16 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-01-28 09:36 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-01-28 09:32 --------- d-----w C:\Program Files\Skype 2008-01-28 09:32 --------- d-----w C:\Program Files\Fichiers communs\Skype 2008-01-28 09:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-01-27 13:25 --------- d-----w C:\Documents and Settings\Emma & Céd\Application Data\Cool Record Edit Pro 2008-01-22 15:23 --------- d-----w C:\Documents and Settings\Emma & Céd\Application Data\ArcSoft 2006-10-17 13:50 406 -c--a-w C:\Documents and Settings\Emma & Céd\Application Data\wklnhst.dat 2006-08-14 22:08 2,359,350 -c--a-w C:\Program Files\ZMBWLP.BMP 2006-08-14 21:54 82,107 -c--a-w C:\Program Files\Desinstal.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ] "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 11:58 206184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 17:48 77824 C:\WINDOWS\SOUNDMAN.EXE] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 20:05 344064] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 10:38 892928] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600] "EoEngine"="" [] "EoWeather"="" [] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 01:36 81920] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 15:24 278528] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-20 14:32 282624] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] C:\Documents and Settings\Emma & C‚d\Menu D‚marrer\Programmes\D‚marrage\ wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 01:54:26 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\FTP Explorer\\ftpx.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Puzzle bubble\\PB.EXE"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] S3 keychain;M Three KeyChain Driver 03/09/2005, 1.0.0.2;C:\WINDOWS\system32\DRIVERS\keychain.sys [2005-10-04 10:16] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30506396-bec1-11dc-b019-00148541db82}] \Shell\AutoRun\command - E:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f94664a-7bfb-11dc-af03-00148541db82}] \Shell\Auto\command - E:\UFO.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a166e503-88bd-11dc-af3b-00148541db82}] \Shell\Auto\command - E:\UFO.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-19 12:08:54 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-19 12:10:02 ComboFix2.txt 2008-03-19 10:38:48 . 2008-03-12 15:00:54 --- E O F --- Pour le reste, Kaspersky n'a rien détecté. Je n'ai pas réussi à avoir un rapport à poster.
  6. emmaube
    ComboFix 08-03-14.4 - Emma & Céd 2008-03-19 11:33:19.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.218 [GMT 1:00] Endroit: C:\Documents and Settings\Emma & Céd\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Emma & Céd\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\autorun.inf C:\WINDOWS\system32\fsmgmt.dll c:\WINDOWS\system32\secpol.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))))))) . 2008-03-19 11:01 . 2008-03-19 11:01 <REP> d-------- C:\_OTMoveIt 2008-03-19 10:15 . 2008-03-19 10:15 <REP> d-------- C:\Program Files\CCleaner 2008-03-14 23:22 . 2005-07-26 12:46 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-03-14 23:22 . 2005-07-26 12:46 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-03-14 23:22 . 2005-07-26 10:50 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-03-14 23:22 . 2005-07-26 10:56 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-03-14 23:22 . 2005-07-26 11:24 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-03-14 23:22 . 2005-07-26 10:56 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris 2008-03-14 23:22 . 2005-07-26 11:24 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-03-02 10:08 . 2003-12-15 19:44 73,728 --a------ C:\WINDOWS\system32\VNUSB.dll 2008-03-02 10:08 . 2003-06-13 17:49 73,728 --a------ C:\WINDOWS\system32\DW90USB.DLL 2008-03-02 10:08 . 2001-04-09 19:17 39,096 --a------ C:\WINDOWS\system32\drivers\DW90USB.SYS 2008-03-02 10:08 . 2003-12-15 18:22 38,448 --a------ C:\WINDOWS\system32\drivers\VNUSB.sys 2008-03-01 11:49 . 2008-03-02 10:31 <REP> d-------- C:\Program Files\Olympus 2008-02-27 13:33 . 2008-03-15 16:23 <REP> d-------- C:\Program Files\Accent OFFICE Password Recovery 2008-02-27 12:30 . 2008-02-27 15:19 <REP> d-------- C:\Program Files\PasswordTools 2008-02-27 12:23 . 2008-03-15 16:23 <REP> d-------- C:\Program Files\Accent WORD Password Recovery 2008-02-27 12:16 . 2008-02-27 12:16 <REP> d-------- C:\Program Files\VuPassword 2008-02-27 12:16 . 2006-03-01 02:00 44,032 --a------ C:\WINDOWS\system32\VuPassword.dll 2008-02-27 10:24 . 2008-02-27 10:28 <REP> d-------- C:\Program Files\ElcomSoft 2008-02-27 10:24 . 2008-02-27 10:25 1,282 --a------ C:\WINDOWS\ARCHPR4.INI 2008-02-23 10:37 . 2008-02-23 10:37 <REP> d-------- C:\Program Files\TomTom HOME 2 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-19 10:37 1,128,992 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-03-19 10:36 33,465,632 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-03-19 10:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-19 09:54 451,256 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-03-19 09:54 107,624 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-03-17 09:05 --------- d-----w C:\Program Files\Logitech 2008-03-12 18:39 --------- d-----w C:\Program Files\IKEA HomePlanner 2008-03-12 18:24 --------- d-----w C:\Documents and Settings\Emma & Céd\Application Data\Skype 2008-03-12 17:20 --------- d-----w C:\Documents and Settings\Emma & Céd\Application Data\skypePM 2008-03-12 17:10 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-03-02 09:31 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-13 08:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom 2008-02-01 09:16 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-01-28 09:36 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-01-28 09:32 --------- d-----w C:\Program Files\Skype 2008-01-28 09:32 --------- d-----w C:\Program Files\Fichiers communs\Skype 2008-01-28 09:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-01-27 13:25 --------- d-----w C:\Documents and Settings\Emma & Céd\Application Data\Cool Record Edit Pro 2008-01-22 15:23 --------- d-----w C:\Documents and Settings\Emma & Céd\Application Data\ArcSoft 2006-10-17 13:50 406 -c--a-w C:\Documents and Settings\Emma & Céd\Application Data\wklnhst.dat 2006-08-14 22:08 2,359,350 -c--a-w C:\Program Files\ZMBWLP.BMP 2006-08-14 21:54 82,107 -c--a-w C:\Program Files\Desinstal.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ] "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 11:58 206184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 17:48 77824 C:\WINDOWS\SOUNDMAN.EXE] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 20:05 344064] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 10:38 892928] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600] "EoEngine"="" [] "EoWeather"="" [] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 01:36 81920] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 15:24 278528] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-20 14:32 282624] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] C:\Documents and Settings\Emma & C‚d\Menu D‚marrer\Programmes\D‚marrage\ wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 01:54:26 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\FTP Explorer\\ftpx.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Puzzle bubble\\PB.EXE"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] S3 keychain;M Three KeyChain Driver 03/09/2005, 1.0.0.2;C:\WINDOWS\system32\DRIVERS\keychain.sys [2005-10-04 10:16] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30506396-bec1-11dc-b019-00148541db82}] \Shell\AutoRun\command - E:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f94664a-7bfb-11dc-af03-00148541db82}] \Shell\Auto\command - E:\UFO.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a166e503-88bd-11dc-af3b-00148541db82}] \Shell\Auto\command - E:\UFO.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-19 11:37:46 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-19 11:38:47 . 2008-03-12 15:00:54 --- E O F ---
  7. emmaube
    Bonjour, Le problème inaugural, il y a quelques jours, a été un changement lorsque j'ai ouvert mon ordinateur : pour ouvrir Windows, il me demandait maintenant de renseigner une fenêtre avec identifiant et mot de passe. Depuis, il ne se ferme qu'en passant par cette fenêtre. J'ai essayé de changer les paramêtres, sans succès. Mon AV (Kapersky) s'est affolé depuis : défense proactive, signalement de "song911.exe", etc... Bref, il y a quelque chose qui nuit au fonctionnement de l'ordi. Pouvez-vous m'aider ? Voici mon rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:12:11, on 18/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE c:\windows\system32\svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\Emma & Céd\Mes documents\Mes logiciels\SECURITE ET MAINTENANCE\Hijackthis 2\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell= F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{57D69081-C3E0-40EB-8196-E5E460B0E285}: NameServer = 80.10.246.1 81.253.149.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
  8. emmaube
    Bonjour, J'ai à peu près le même problème, et avant de faire la procédure que tu indiques, je préfère m'assurer que c'est bien adapté. Voici mon log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:12:11, on 18/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE c:\windows\system32\svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\Emma & Céd\Mes documents\Mes logiciels\SECURITE ET MAINTENANCE\Hijackthis 2\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell= F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{57D69081-C3E0-40EB-8196-E5E460B0E285}: NameServer = 80.10.246.1 81.253.149.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe Qu'en dis-tu, Angélique ? Merci beaucoup. Emma
×
×
  • Créer...