Pétair

Membres

Afficher le profil Afficher son activité

Compteur de contenus
1
Inscription
le 15 mai 2008
Dernière visite
le 15 mai 2008

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par Pétair

ComboFIX SDFix HijackThis

Pétair a posté un sujet dans Analyses et éradication malwares

Bonjour à tous, Brièvement, mon ordi rame, tres long temps de démarrage (10 min) et surtout impossible de faire une recherche sur quelque moteur de recherche que ce soit sur IE et Firefox bienque je puisse acceder aux sites en entrant les adresses directement. Etrange : Les moteurs de recherche fonctionnent sur Safari. Déconnexions intempestives. J'ai lancé - SDFix - ComboFIX - Hijackthis - et finallement ZHP Je vous livre dans l'ordre les 4 rapports. Tout semble être rentré dans l'ordre. Si quelqu'un peut jeter un oeil pour voir si il ne reste pas d'anomalies. Et peut-être que ces sources serviront à d'autres... Merci, J'ai appris beaucoup de choses sur votre forum. SDFix: Version 1.182 Run by Julia on 15/05/2008 at 15:28 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-15 15:56:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:3bd7ecdc "s2"=dword:9f2d8267 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000001 "ujdew"=hex:c8,56,2a,bf,8d,e5,e3,6a,22,af,11,c1,3f,da,fe,cd,73,66,1e,93,51,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:63,28,f2,ea,cd,88,45,5e,ba,ec,80,06,0d,e9,b7,9b,59,c1,42,b5,1e,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:89,bf,aa,fd,8e,fb,82,84,d1,d0,d6,2d,fe,3f,24,48,18,47,3f,1c,ed,.. "a0"=hex:20,01,00,00,f4,ba,71,87,75,71,7f,4a,14,01,5c,ca,08,6e,9a,fd,9a,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:02,08,5a,17,86,7d,34,50,0b,52,51,23,f1,f5,90,89,9f,2f,b6,54,a9,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:cb,c1,ea,30,96,3b,f6,a6,dc,7c,f8,cb,d5,2b,5a,2f,d2,83,60,57,1b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000001 "ujdew"=hex:c8,56,2a,bf,8d,e5,e3,6a,22,af,11,c1,3f,da,fe,cd,73,66,1e,93,51,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:63,28,f2,ea,cd,88,45,5e,ba,ec,80,06,0d,e9,b7,9b,59,c1,42,b5,1e,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:89,bf,aa,fd,8e,fb,82,84,d1,d0,d6,2d,fe,3f,24,48,18,47,3f,1c,ed,.. "a0"=hex:20,01,00,00,f4,ba,71,87,75,71,7f,4a,14,01,5c,ca,08,6e,9a,fd,9a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:02,08,5a,17,86,7d,34,50,0b,52,51,23,f1,f5,90,89,9f,2f,b6,54,a9,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:cb,c1,ea,30,96,3b,f6,a6,dc,7c,f8,cb,d5,2b,5a,2f,d2,83,60,57,1b,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System] "OODEFRAG08.00.00.01WORKSTATION"="77F6704B8D8573BA3CC40A3B8FF681FC627D965A37DFBD8EE0EA9E46146E93C4E00DA0820D1 53089DE4196F8647F25E3957B43899116E30B3812CFA4608C860E7F174480E686E50E87C63D4E4C4C 05FD7F7A0A93598748FE9C3BFE7FDF1C7CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74 CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C 5D575E7D6A3B9808FEBC9E127BECC74C733A7F30007A5C56111885FCAA30E9570B3F9A3C3BCF68B6E 71D7D7A1ED99907E77BB97776354A46DF752C88FD1C28639EC5A1446F4B2297E4E501890A8BDA8FEB F704471D7F2E62790581A7A64FBFDA86864A7583189E117A4712E62CB27751EB0CE8260348DBD5791 2C935B5B50CCD31D92F9F29BE60B70647C2F8F518BA86568994AC7DB38521815A682180EE4AA1900A 0E26D57D50F4EB5DCA379F33D4BF9FB45888231A47983610E9EB20D09C8F1A564B0043C4B90811730 8ACA435DADD3F4628F951051C63BF587A2D71638BA447716C3772BB4C81E16C78FAC27F4418326B9D 5828B5677D4ACE6C0E96E200BF16021D6CA13B99C74B1B41D5FEA86EF97546758A0B9FEC368880B5C CF2C0C7978723AC535AD09A944148A9069E7B1A628EEA900F22E8D7B12CEEEEBC309F963422650D32 E4BDA974BAAE9CE6ADF5E90305E2F476DB6E34E7F0905944BCDA8272EFC956654FF788CBB0FEAC6A7 B4CE6E2E3A9C9E764BE74A41150D3DB49FB8503FC49425A6CA757CDA35C8B139AE17FDCBB33DB9AB3 1FEC87CD0BE413C946FDE9DA4CAF96D2AC1F8594E012F9E2D301209EE19E5D0005D783EC14B68C78A BAE82223423AF5B17CBD08B173B4BEEF0222F2610A390C49CD162362F97FD5257BD7668D341D1A52C AC61917FA7461F3979616D0AA628C3C5DCBDF598F8319824B5484F7057BB926673BB370D1CC115658 560921102B00114DD86FCFD7105D02284CC7447D2C049F1393C8EA97EA3B8DFA52C3BD93945C3CE1F 002100B9ECC2967E2C8185C5C7B2B2790E2DB0DC69B4459D960E8EEF1797F04EC23A36316DFBFA57E 21DCFE84E7EBB13342E70E423786A16C6B54CEE6C4FAB7AB9242BD7A0CE7AAA43F53C17611ED7C784 312F6CF438541CB76422239DFC611C2540D95536CFF5F7703F55CDA3C78442285825E996E8BE20374 C969D1878290A19F237736F57829FE32B1CB0CE75730D1ECA7B7AD4C696F5E8A4A2915E5F4F83FCA6 291F2404E7E9E9768007ACE48995B6B055DD115101D6C4A9335C041053288CC487693CB6A2FEA45DE CBA9D19DFB0983CC4F6BD4C51DD939B287633B068FED640228AB61364EF07A2B95B13D7C4153D9D53 CE633D940CF3BC598229A876F0C18DBA5B270390ADDB0AB71C162BBADEF10CFB10207008465AD50D4 5372319CB03A487D9B3B4BF8EBD5F" scanning hidden files ... C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log 131072 bytes C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 65536 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 2 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client" "C:\\Program Files\\Java\\jre1.6.0\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0\\bin\\javaw.exe:*:Enabled:Java Platform SE binary" "C:\\Program Files\\wamp\\Apache2\\bin\\httpd.exe"="C:\\Program Files\\wamp\\Apache2\\bin\\httpd.exe:*:Enabled:Apache HTTP Server" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk" "C:\\temp\\HP_WebRelease\\setup\\HPZnet01.exe"="C:\\temp\\HP_WebRelease\\setup\\HPZnet01.exe:*:Enabled:hpznet01.exe" "C:\\temp\\HP_WebRelease\\setup\\hponicifs01.exe"="C:\\temp\\HP_WebRelease\\setup\\hponicifs01.exe:*:Enabled:hponicifs01.exe" "C:\\Documents and Settings\\Julia\\Bureau\\Tank.exe"="C:\\Documents and Settings\\Julia\\Bureau\\Tank.exe:*:Enabled:Tank" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\Tank.exe"="C:\\Program Files\\Tank.exe:*:Enabled:Tank" "C:\\Documents and Settings\\Julia\\Local Settings\\Application Data\\Simplify Media\\SimplifyPeer.exe"="C:\\Documents and Settings\\Julia\\Local Settings\\Application Data\\Simplify Media\\SimplifyPeer.exe:*:Enabled:Simplify Media Peer" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent" "I:\\Games\\Sins\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"="I:\\Games\\Sins\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire" "I:\\Games\\FM8\\fm.exe"="I:\\Games\\FM8\\fm.exe:*:Enabled:Football Manager 2008" "I:\\Games\\CALL4\\iw3mp.exe"="I:\\Games\\CALL4\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 21 Apr 2008 0 ...H. --- "C:\Program Files\Steem\CRA85.tmp" Mon 21 Apr 2008 737,280 ...H. --- "C:\Program Files\Steem\MSA8A.tmp" Mon 5 May 2008 1,482,527 ..SH. --- "C:\WINDOWS\system32\udkorpuq.tmp" Mon 28 Nov 2005 26,624 A..H. --- "C:\Documents and Settings\Julia\Mes documents\~WRL0001.tmp" Sun 5 Aug 2001 800 ..SH. --- "C:\Program Files\Pixologic\ZBrush3\zmem02svr.dll" Tue 5 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT1D.tmp" Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT21.tmp" Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT26.tmp" Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT433.tmp" Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT19.tmp" Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT22.tmp" Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2ddfe46b45214573a0c1029d3fb2d13c\BITF8FE.tmp" Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT1F.tmp" Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\32491eff6ad2701ca09162e85f3af81a\BIT1C.tmp" Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4ad15fafe6eea422b922ca567c9dee6e\BIT1B.tmp" Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6e997085302ceb108f7932d89e50db5c\BIT25.tmp" Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT24.tmp" Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT1E.tmp" Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c4f88f947d390c49edce5fbcc347ee34\BIT27.tmp" Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT20.tmp" Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT23.tmp" Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT1A.tmp" Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Julia\Application Data\U3\temp\Launchpad Removal.exe" Finished! ComboFix 08-05-12.1 - Julia 2008-05-15 16:28:59.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1367 [GMT 2:00] Endroit: C:\Documents and Settings\Julia\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Julia\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe * Création d'un nouveau point de restauration * Resident AV is active . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\bkkuekhw.dll C:\WINDOWS\system32\daelsyyr.ini C:\WINDOWS\system32\dlgtvuga.dll C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\dyoxuquu.ini C:\WINDOWS\system32\essontdr.ini C:\WINDOWS\system32\gujxlero.dll C:\WINDOWS\system32\icwiiebe.dll C:\WINDOWS\system32\jkkLDTnk.dll C:\WINDOWS\system32\kcohdgwt.ini C:\WINDOWS\system32\knqscivy.ini C:\WINDOWS\system32\kuhjpxnc.ini C:\WINDOWS\system32\laedmfiq.dll C:\WINDOWS\system32\lhnjnist.dll C:\WINDOWS\system32\mlJArrqo.dll C:\WINDOWS\system32\nhkonbos.dll C:\WINDOWS\system32\nrffdpok.dll C:\WINDOWS\system32\nvapythb.dll C:\WINDOWS\system32\oqrrAJlm.ini C:\WINDOWS\system32\oqrrAJlm.ini2 C:\WINDOWS\system32\ovxygvvl.dll C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pqsnalii.dll C:\WINDOWS\system32\qfipxrda.dll C:\WINDOWS\system32\qoqqjfht.dll C:\WINDOWS\system32\rdtnosse.dll C:\WINDOWS\system32\rouqvsye.dll C:\WINDOWS\system32\ryhhkwrf.dll C:\WINDOWS\system32\srybasts.dll C:\WINDOWS\system32\suxgbcui.ini C:\WINDOWS\system32\svjgirtf.dll C:\WINDOWS\system32\thfjqqoq.ini C:\WINDOWS\system32\tigffqfu.dll C:\WINDOWS\system32\udkorpuq.ini C:\WINDOWS\system32\uhshnpkl.dll C:\WINDOWS\system32\vorugkec.ini C:\WINDOWS\system32\weujroil.dll C:\WINDOWS\system32\wjthropx.dll C:\WINDOWS\system32\wnpipxtl.dll C:\WINDOWS\system32\wpcap.dll C:\WINDOWS\system32\xpkdjarg.ini C:\WINDOWS\system32\yriyncsx.dll G:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))))))) . 2008-05-15 15:13 . 2008-05-15 15:13 <REP> d-------- C:\WINDOWS\ERUNT 2008-05-15 15:06 . 2008-05-15 16:06 <REP> d-------- C:\SDFix 2008-05-15 14:45 . 2008-05-15 16:26 13,030 --a------ C:\PDOXUSRS.NET 2008-05-15 14:44 . 2008-05-15 14:44 <REP> d-------- C:\Program Files\ZebHelpProcess 2 2008-05-15 14:44 . 2008-05-15 14:44 <REP> d-------- C:\Program Files\Fichiers communs\Borland Shared 2008-05-15 14:44 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL 2008-05-15 14:44 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL 2008-05-15 11:31 . 2008-05-15 11:31 2,112 --a------ C:\WINDOWS\system32\mnbelqal.exe 2008-05-13 12:57 . 2008-05-13 12:57 2,112 --a------ C:\WINDOWS\system32\pminpokh.exe 2008-05-09 10:52 . 2008-05-09 10:52 2,112 --a------ C:\WINDOWS\system32\drewisjr.exe 2008-05-07 11:28 . 2008-05-07 11:28 2,112 --a------ C:\WINDOWS\system32\qfgfwhfk.exe 2008-05-05 15:44 . 2008-05-05 15:44 <REP> d-------- C:\zapman_softwares 2008-05-05 15:44 . 2008-05-05 15:44 <REP> d-------- C:\Program Files\RankSpirit 2008-05-05 15:44 . 2008-05-05 15:44 <REP> d-------- C:\Documents and Settings\Julia\Application Data\Microsoft Shared 2008-05-05 15:44 . 2008-05-05 15:44 6,853 --a------ C:\WINDOWS\pcserver.gif 2008-05-05 15:43 . 2008-05-05 15:43 1,185,897 --a------ C:\Documents and Settings\Julia\Archive.zip 2008-05-05 14:07 . 2008-05-05 14:07 1,040,669 --a------ C:\upload_moi_STATION2PETAIR.tar.gz 2008-05-05 13:58 . 2008-05-05 13:58 <REP> d-------- C:\Program Files\Trend Micro 2008-05-05 12:26 . 2008-05-05 12:26 1,482,527 ---hs---- C:\WINDOWS\system32\udkorpuq.tmp 2008-05-04 12:03 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2008-05-04 12:03 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2008-05-04 12:01 . 2008-05-04 12:01 274 --a------ C:\WINDOWS\game.ini 2008-05-04 11:46 . 2008-05-04 11:46 <REP> d--hs---- C:\WINDOWS\ftpcache 2008-05-04 06:23 . 2008-05-04 06:23 <REP> d-------- C:\Documents and Settings\Julia\Application Data\Sports Interactive 2008-05-04 06:21 . 2008-05-04 06:21 <REP> dr-h----- C:\Documents and Settings\Julia\Application Data\SecuROM 2008-05-04 06:19 . 2008-05-04 06:20 <REP> d--h----- C:\Program Files\Zero G Registry 2008-05-04 06:17 . 2008-05-04 06:17 <REP> d--h----- C:\Documents and Settings\Julia\InstallAnywhere 2008-05-03 12:15 . 2008-05-03 12:15 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26} 2008-05-02 10:28 . 2008-05-15 15:05 109,727 --a------ C:\WINDOWS\BM2b60845b.xml 2008-05-02 00:51 . 2008-05-05 12:47 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-01 21:41 . 2008-05-01 23:41 <REP> d-------- C:\movie 2008-05-01 21:07 . 2008-05-05 16:07 <REP> d-------- C:\Program Files\No1 DVD Ripper 2008-05-01 21:07 . 2008-05-01 23:12 67 --a------ C:\WINDOWS\#1 DVD Ripper.INI 2008-04-29 10:24 . 2008-04-29 10:25 <REP> d-------- C:\Program Files\Microsoft Expression 2008-04-25 15:28 . 2008-04-25 15:28 26 --a------ C:\CaptImag.ini 2008-04-25 15:00 . 2008-04-25 15:00 <REP> d-------- C:\Program Files\IMG-TXT 5 2008-04-24 16:09 . 2008-04-24 16:09 <REP> d-------- C:\Documents and Settings\Julia\Application Data\Allume Systems 2008-04-24 16:08 . 2008-04-24 16:08 <REP> d-------- C:\Program Files\Allume Systems 2008-04-24 16:00 . 2008-04-24 16:00 <REP> d-------- C:\Program Files\7-Zip 2008-04-24 11:28 . 2008-04-24 11:28 <REP> dr------- C:\Documents and Settings\Julia\Application Data\Brother 2008-04-23 16:22 . 2008-04-23 16:22 55 --a------ C:\WINDOWS\brmx2001.ini 2008-04-23 16:22 . 2008-04-23 16:22 40 --a------ C:\WINDOWS\opt_2460.ini 2008-04-23 12:15 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys 2008-04-23 12:15 . 2001-08-23 17:20 6,912 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys 2008-04-23 12:15 . 2008-04-23 16:21 282 --a------ C:\WINDOWS\Brpfx04a.ini 2008-04-23 12:15 . 2008-04-23 16:21 150 --a------ C:\WINDOWS\brpcfx.ini 2008-04-23 12:15 . 2008-04-23 12:16 65 --a------ C:\WINDOWS\system32\BD7820N.dat 2008-04-23 12:14 . 2008-04-23 12:14 <REP> d-------- C:\Program Files\Common Files 2008-04-23 12:14 . 2008-04-23 12:14 <REP> d-------- C:\Program Files\Brother 2008-04-23 12:12 . 2008-04-23 12:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Brother 2008-04-23 12:09 . 2008-04-23 12:09 <REP> d-------- C:\Documents and Settings\Julia\Setup7820N 2008-04-23 12:09 . 2008-04-23 12:10 <REP> d-------- C:\Documents and Settings\Julia\Data 2008-04-20 23:12 . 2008-05-04 16:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-15 14:41 --------- d-----w C:\Documents and Settings\Julia\Application Data\.purple 2008-05-09 15:41 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-09 09:46 --------- d-----w C:\Documents and Settings\Julia\Application Data\FileZilla 2008-05-05 10:10 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia 2008-05-05 10:10 --------- d-----w C:\Program Files\AVS4YOU 2008-05-05 10:09 --------- d-----w C:\Program Files\Google 2008-05-05 09:31 --------- d-----w C:\Program Files\Azureus 2008-05-05 07:32 --------- d-----w C:\Documents and Settings\Julia\Application Data\Azureus 2008-05-02 15:29 --------- d-----w C:\Program Files\FreeGo 2008-05-01 19:39 --------- d-----w C:\Documents and Settings\Julia\Application Data\dvdcss 2008-04-30 10:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-23 10:14 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-04-21 19:24 --------- d-----w C:\Program Files\Steem 2008-04-20 16:18 --------- d-----w C:\Program Files\Safari 2008-04-20 16:18 --------- d-----w C:\Documents and Settings\Julia\Application Data\gtk-2.0 2008-04-20 16:17 --------- d-----w C:\Program Files\Apple Software Update 2008-04-19 12:02 --------- d-----w C:\Program Files\Notepad++ 2008-04-15 08:29 --------- d-----w C:\Documents and Settings\Julia\Application Data\Notepad++ 2008-04-12 14:35 --------- d-----w C:\Program Files\uTorrent 2008-04-12 13:34 --------- d-----w C:\Program Files\2B System 2008-04-11 16:39 --------- d-----w C:\Program Files\iTunes 2008-04-11 16:39 --------- d-----w C:\Program Files\iPod 2008-04-11 16:37 --------- d-----w C:\Program Files\QuickTime 2008-04-10 12:26 --------- d-----w C:\Program Files\Java 2008-04-10 11:25 --------- d-----w C:\Program Files\Smart Projects 2008-04-03 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-03-25 17:53 1,931,264 ----a-w C:\Program Files\Tank.exe 2008-03-24 17:41 --------- d-----w C:\Program Files\Pidgin 2008-03-24 17:41 --------- d-----w C:\Program Files\Fichiers communs\GTK 2008-03-23 18:58 --------- d-----w C:\Documents and Settings\Julia\Application Data\NewsLeecher 2008-03-19 09:41 --------- d-----w C:\Program Files\Bonjour 2007-12-05 18:17 454,656 ----a-w C:\Program Files\putty.exe 2003-07-30 17:06 458 ----a-w C:\Program Files\Fichiers communs\sqrt.help 2003-07-30 13:34 783 ----a-w C:\Program Files\Fichiers communs\env_script.txt 1999-08-20 09:46 285,965 ----a-w C:\Program Files\MCBINARY.EXE . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{A08FB30D-51C4-4E54-AA5E-FF18739802EA}] @=Mediafour Mac Volume Icons [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 17:08 65536] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208] "E06FXLRD_96441781"="C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.exe" [2005-06-04 18:03 301776] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464] "Pidgin"="C:\Program Files\Pidgin\pidgin.exe" [2008-02-29 17:19 44658] "AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 01:32 761945] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 15:29 88203 C:\WINDOWS\agrsmmsg.exe] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 15:02 352256] "TPSMain"="TPSMain.exe" [2005-08-03 17:09 266240 C:\WINDOWS\system32\TPSMain.exe] "NDSTray.exe"="NDSTray.exe" [] "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 13:25 73728] "TFncKy"="TFncKy.exe" [] "TDispVol"="TDispVol.exe" [2005-09-15 15:19 73728 C:\WINDOWS\system32\TDispVol.exe] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 06:20 122940] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41 602182] "NWEReboot"="" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "pdfSaver3"="" [] "RTHDCPL"="RTHDCPL.EXE" [2005-12-10 00:49 15691264 C:\WINDOWS\RTHDCPL.exe] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-28 11:47 569413] "BigDogPath"="C:\WINDOWS\VM_STI.exe" [ ] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 16:05 1410304] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 17:30 864256] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"= BCR2000.DLL [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O] --a------ 2005-05-11 02:46 200069 C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour Mac Volume Notifications] -ra------ 2002-12-17 22:43 61440 C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediafourGettingStartedWithMacDrive6] --a------ 2004-08-26 20:12 86016 C:\Program Files\Mediafour\MacDrive\MacDrive.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] --a------ 2005-05-17 10:24 118784 C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Pervasive.SQL Workgroup"=2 (0x2) "gusvc"=2 (0x2) "FMSAdmin"=2 (0x2) "FMS"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\SmartFTP\\SmartFTP.exe"= "C:\\Program Files\\Java\\jre1.6.0\\bin\\javaw.exe"= "C:\\Program Files\\wamp\\Apache2\\bin\\httpd.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\temp\\HP_WebRelease\\setup\\HPZnet01.exe"= "C:\\temp\\HP_WebRelease\\setup\\hponicifs01.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Tank.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-14 16:06] R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08] S3 BCR2000;B-Control Rotary/Fader 2000 (12/23/2004,1.1.1.1);C:\WINDOWS\system32\drivers\bcr2000.sys [2006-01-19 19:20] S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 15:47] S3 wampapache;wampapache;"C:\Program Files\wamp\apache2\bin\httpd.exe" -k runservice [] S3 wampmysqld;wampmysqld;"C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld [] S4 FMS;Flash Media Server (FMS);"C:\Program Files\Macromedia\Flash Media Server 2\FMSMaster.exe" [2007-01-12 15:24] S4 FMSAdmin;Flash Media Administration Server;"C:\Program Files\Macromedia\Flash Media Server 2\FMSAdmin.exe" [2007-01-12 15:04] S4 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2006-09-13 20:53] S4 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2006-04-30 16:57] S4 Pervasive.SQL Workgroup;EBP - Pervasive.SQL Workgroup;C:\PVSW\Bin\WGE_SRV.EXE [2006-12-07 16:08] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-04-20 16:17:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-15 16:44:53 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\TDispVol.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\searchindexer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\searchprotocolhost.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe C:\WINDOWS\system32\TPSBattM.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\searchfilterhost.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-15 16:56:26 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-15 14:55:45 Pre-Run: 2,330,173,440 octets libres Post-Run: 2,236,063,744 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP ?dition familiale" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 328 --- E O F --- 2008-04-30 10:32:28 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:08:19, on 15/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe C:\WINDOWS\system32\TDispVol.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Pidgin\pidgin.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCSVR.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Thrustmaster USB PC Camera O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [E06FXLRD_96441781] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Abmdnhpfttr - Lavasoft - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\apache2\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Julia/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg -- End of file - 14557 bytes Zeb Help Process 2.2 by Nicolas Coolman - Rapport de synthèse du 15/05/2008 17:11:49 Processus superflu non nécessaire au système C:\Program Files\HP\HP Software Update\HPWuSchd2.exe => HP®Update Scheduler R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) => Yahoo Companion! O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe => HP®Update Scheduler Processus inutile au démarrage du système C:\Program Files\Bonjour\mDNSResponder.exe => Apple Computer®Bonjour for Windows O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe => Apple Computer®Bonjour for Windows Sécurité du système (Antivirus, FireWall, Anti-Malwares) Eset®NOD32 Antivirus Lavasoft AB®Ad-Aware 2007 Rapport simplifié Processus lancés C:\Program Files\Bonjour\mDNSResponder.exe => Apple Computer®Bonjour for Windows C:\Program Files\HP\HP Software Update\HPWuSchd2.exe => HP®Update Scheduler C:\WINDOWS\system32\notepad.exe C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE Analyse des lignes R0, R1, R2, R3 - Internet Explorer Start/Search pages URLs Valeur de clé de registre modifiée (R0) Valeur de clé de registre créée (R1) Création d'une valeur supplémentaire là ou seule une valeur est attendue (R3) R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) => Yahoo Companion! Analyse des autres lignes (Others) Browser Helper Objects (O2) Internet Explorer Toolbars (O3) Applications démarrées automatiquement par le registre (O4) O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe => HP®Update Scheduler O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [E06FXLRD_96441781] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) Protocole additionnel et piratage de protocole (O18) Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Abmdnhpfttr - Lavasoft - (no file) O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe => Apple Computer®Bonjour for Windows Enumération des composants ActiveX (O24) O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Julia/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
- le 15 mai 2008
- 1 réponse

Connexion

Pétair

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par Pétair

ComboFIX SDFix HijackThis

Zebulon

Outils en ligne

Naviguer