Aller au contenu

Misko

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    3

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    français

Misko's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Misko
    J'avais commencé sur le site comment ca marche, mais sit u peux m'aider cela serait si tu pouvais m'aider STP, je peux te poster toutes les discussions.
  2. Misko
    Je l'avais déja fait mais je te le reposte. Merci Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:52:24, on 23/06/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Hp\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/... R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O23 - Service: McAfee Application Installer Cleanup (0185511214213492) (0185511214213492mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\018551~1.EXE O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
  3. Misko
    Bonjour à tous, j'ai depuis quelques jours des blèmes avec mo ordi, et on m'a demandé (EP44) de télécharger et d'exécuter combofix et ouis de poster le rapport - aprés quelques processus - . Sur le tutoral de combofix on m'a aussi orienté vers votre site, je vous remercie beaucoup d'avance de votre aide. ComboFix 08-06-20.4 - Jessie 2008-07-01 9:27:38.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1291 [GMT 1:00] Endroit: C:\Users\Jessie\Desktop\ComboFix.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat C:\Windows\system32\KBL.LOG ----- BITS: Possible sites infectés ----- hxxp://ftp.hp.com . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))))))) . 2008-06-24 15:49 . 2008-04-23 05:42 428,544 --a------ C:\Windows\System32\EncDec.dll 2008-06-24 15:49 . 2008-04-23 05:42 293,376 --a------ C:\Windows\System32\psisdecd.dll 2008-06-24 15:49 . 2008-04-23 05:41 218,624 --a------ C:\Windows\System32\psisrndr.ax 2008-06-24 15:49 . 2008-04-23 05:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax 2008-06-24 15:08 . 2008-05-10 02:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys 2008-06-24 15:07 . 2008-04-25 03:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-06-24 15:07 . 2008-04-26 09:08 1,314,816 --a------ C:\Windows\System32\quartz.dll 2008-06-24 15:07 . 2008-04-25 05:35 826,880 --a------ C:\Windows\System32\wininet.dll 2008-06-23 14:51 . 2008-06-23 14:51 <REP> d-------- C:\Program Files\Trend Micro 2008-06-23 10:29 . 2008-06-23 10:29 <REP> d-------- C:\Users\Jessie\AppData\Roaming\Malwarebytes 2008-06-23 10:29 . 2008-06-23 10:29 <REP> d-------- C:\Users\All Users\Malwarebytes 2008-06-23 10:29 . 2008-06-23 10:29 <REP> d-------- C:\ProgramData\Malwarebytes 2008-06-23 10:29 . 2008-06-23 12:07 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-22 02:00 . 2008-06-22 02:00 <REP> d-------- C:\Program Files\Astonsoft 2008-06-21 17:29 . 2008-06-21 18:03 <REP> d-a------ C:\Users\All Users\TEMP 2008-06-21 17:29 . 2008-06-21 18:03 <REP> d-a------ C:\ProgramData\TEMP 2008-06-09 20:31 . 2008-06-09 22:21 <REP> d-------- C:\Program Files\Mystery PI The Vegas Heist 2008-06-09 20:28 . 2008-06-09 20:32 <REP> d-------- C:\Windows\Mystery PI The Vegas Heist 2008-06-07 20:38 . 2008-06-07 20:38 <REP> d-------- C:\Program Files\ReflexiveArcade 2008-06-07 20:38 . 2008-06-07 20:40 <REP> d-------- C:\Program Files\Jewel Quest 2 2008-06-06 13:10 . 2008-06-06 13:10 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-06-06 12:42 . 2008-06-06 12:42 <REP> d-------- C:\PerfLogs 2008-06-06 10:41 . 2008-03-08 03:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-06-06 10:41 . 2008-03-08 05:21 1,695,744 --a------ C:\Windows\System32\gameux.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-01 07:52 --------- d-----w C:\Program Files\McAfee 2008-06-29 14:58 27,430 ----a-w C:\Users\Jessie\AppData\Roaming\nvModes.dat 2008-06-24 14:51 --------- d-----w C:\Program Files\Windows Mail 2008-06-24 14:34 --------- d-----w C:\Users\Jessie\AppData\Roaming\SiteAdvisor 2008-06-23 19:03 --------- d-----w C:\ProgramData\CyberLink 2008-06-22 18:43 --------- d-----w C:\ProgramData\NVIDIA 2008-06-21 16:38 --------- d-----w C:\ProgramData\Gogii 2008-06-08 14:51 --------- d-----w C:\Users\Jessie\AppData\Roaming\CyberLink 2008-06-06 18:41 --------- d-----w C:\ProgramData\SpinTop Games 2008-06-06 12:00 174 --sha-w C:\Program Files\desktop.ini 2008-06-06 11:46 --------- d-----w C:\Program Files\Windows Sidebar 2008-06-06 11:46 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-06-06 11:46 --------- d-----w C:\Program Files\Windows Journal 2008-06-06 11:46 --------- d-----w C:\Program Files\Windows Defender 2008-06-06 11:46 --------- d-----w C:\Program Files\Windows Collaboration 2008-06-06 11:46 --------- d-----w C:\Program Files\Windows Calendar 2008-06-06 11:16 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-06-06 11:16 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-06-04 19:24 --------- d-----w C:\ProgramData\WildTangent 2008-06-04 19:23 --------- d-----w C:\Program Files\BoontyGames 2008-05-31 19:09 --------- d-----w C:\ProgramData\InterAction studios 2008-05-30 19:18 --------- d-----w C:\Users\Jessie\AppData\Roaming\Gaijin Ent 2008-05-30 19:11 --------- d-----w C:\Program Files\Super Granny 3 DeLEGiON 2008-05-27 15:56 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-27 15:48 --------- d-----w C:\Users\Jessie\AppData\Roaming\funkitron 2008-05-24 18:14 --------- d-----w C:\Users\Jessie\AppData\Roaming\PlayFirst 2008-05-24 18:14 --------- d-----w C:\ProgramData\PlayFirst 2008-05-22 19:41 --------- d-----w C:\Program Files\Super Granny 4 2008-05-22 19:03 --------- d-----w C:\Program Files\Dream Chronicles 2 2008-05-17 22:53 --------- d-----w C:\ProgramData\Sandlot Games 2008-05-17 22:49 --------- d-----w C:\ProgramData\MumboJumbo 2008-05-16 21:16 --------- d-----w C:\Users\Jessie\AppData\Roaming\Magic Academy 2008-05-16 20:16 --------- d-----w C:\ProgramData\HiddenSecretsNightmare 2008-05-15 21:38 --------- d-----w C:\Program Files\HP Games 2008-05-15 10:53 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-04 22:21 --------- d-----w C:\Users\Jessie\AppData\Roaming\iWin 2008-05-04 20:46 --------- d-----w C:\Program Files\SiteAdvisor 2008-05-04 19:21 --------- d-----w C:\Users\Jessie\AppData\Roaming\7Wonders 2008-05-04 18:46 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-04 18:46 --------- d-----w C:\Program Files\Windows Live 2008-05-04 18:30 --------- d-----w C:\ProgramData\WLInstaller 2008-05-04 17:57 --------- d-----w C:\Users\Jessie\AppData\Roaming\Media Player Classic 2008-05-04 17:56 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-05-02 18:48 --------- d-----w C:\Program Files\Common Files\McAfee 2008-05-02 18:08 --------- d-----w C:\ProgramData\SiteAdvisor 2008-05-02 18:08 --------- d-----w C:\ProgramData\McAfee 2008-05-02 18:04 --------- d-----w C:\Program Files\McAfee.com 2008-05-02 17:34 988,216 ----a-w C:\Windows\System32\winload.exe 2008-05-02 17:34 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-05-02 17:34 615,992 ----a-w C:\Windows\System32\ci.dll 2008-05-02 17:34 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-05-02 17:34 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-05-02 17:34 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-05-02 17:34 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-05-02 17:34 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-05-02 17:34 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-05-02 17:34 14,848 ----a-w C:\Windows\System32\srdelayed.exe 2008-05-02 17:33 2,032,128 ----a-w C:\Windows\System32\win32k.sys 2008-05-02 17:32 295,936 ----a-w C:\Windows\System32\gdi32.dll 2008-05-02 17:22 --------- d-----w C:\Program Files\MSXML 4.0 2008-05-02 15:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-05-02 15:19 --------- d-----w C:\ProgramData\Symantec . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 08:33 1233920] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 09:29 102400] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 14:34 634880] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 14:27 4702208 C:\Windows\RtHDVCpl.exe] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 07:02 174616] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 19:34 181544] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 14:31 202032] "OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 13:54 554320] "UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 23:13 218408] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048] "HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 08:47 480560] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 15:53 311296] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-06-22 00:12 36640] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 19:31 1033512] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 21:05 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 21:05 8497696] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 21:05 81920] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{193DAF2B-E008-4B37-9039-EA1C687DD5E5}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{BD046E90-F042-4ADF-98F0-49D0BF91FFDA}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{630FD9F8-80AA-45A3-9DC1-D7C4CF0854CE}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0AC7094B-6AB3-4C94-984B-7A278921DE78}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{060D820E-6A05-4455-867C-C0B5E0013342}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{E0EF5EFA-5562-4787-81A3-A29261FD19D3}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play "{31E34FDE-62E3-4BED-8512-F9B78B302C3C}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{34C1B908-CD9C-4BC2-8B77-5B8D31380D89}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent "{D6D97FBE-CA94-4542-A5E2-12CC7835FE4F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 10:30] *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-05-02 18:47:52 C:\Windows\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe' "2008-05-02 18:47:52 C:\Windows\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe "2008-07-01 07:50:30 C:\Windows\Tasks\User_Feed_Synchronization-{8ED3B971-CFC4-487A-8846-DDB715202692}.job"­; - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-01 09:31:17 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-07-01 9:32:34 ComboFix-quarantined-files.txt 2008-07-01 08:32:25 Pre-Run: 178,604,236,800 octets libres Post-Run: 178,605,867,008 octets libres 195 --- E O F --- 2008-06-27 14:28:59
×
×
  • Créer...