Aller au contenu

Nytia

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    55

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Nytia

  1. Nytia
    Bonjour, Pour masquer les ports fermés, si j'ai bien compris c'est le pare feu de la box qu'il faut que je modifie? et non celui de mon ordinateur? alors il faut que j'aille sur l'ordinateur relié à la box pour les masquer? je suis un peu perdue..merci.
  2. Nytia
    merci douds..sinon je vais me résoudre à en prendre un en anglais!
  3. Nytia
    Bonsoir, J'aimerais savoir quel pare-feu efficace et en Français est compatible avec Windows Vista? je me suis renseignée sur comodo mais il n'existe pas en Français..merci.
  4. Nytia
    ok merci j'ouvre un autre sujet..
  5. Nytia
    est-ce que je pourrais avoir un autre pare feu efficace mais en Français? comme zone alarm par exemple? oui mais je suis sous vista donc ça ne peut pas aller..
  6. Nytia
    enfin je viens de regarder j'ai l'impression que ce n'est pas compatible pour la 2.4..
  7. Nytia
    merci..mais c'est pareil pour la version 2.4? parce que j'aurais aimé l'avoir en Français..
  8. Nytia
    d'accord je vais voir..sinon j'ai une autre question à propos du pare feu, j'ai windows vista et est-ce que je pourrais mettre comodo comme pare feu? (actuellement j'ai celui de windows)
  9. Nytia
    c'est la neuf box
  10. Nytia
    Je suis connectée par wi-fi..
  11. Nytia
    Bonjour, J'ai réalisé le test de sécurité de votre site, et j'ai un niveau d'alerte 1 c'est-à-dire que 3 ports sont fermés. J'ai vu dans un autre sujet qu'il fallait télécharger zebprotect mais qu'il était prévu uniquement pour les versions suivantes de Windows : - 2000 - XP Home - XP Pro - 2000 server - 2003 server. Ayant windows vista, comment faire pour masquer ces ports fermés? merci.
  12. Nytia
    merci beaucoup Falkra! merci pour tout le temps et la patience que tu m'as accordé! Si j'ai une question , je n'hésiterai pas à la poster..vraiment bravo pour la super aide des équipes anti-malwares! peut-être à bientôt..
  13. Nytia
    non je n'en ai pas..même avant c'était la lenteur de l'ordi qui était embêtant..
  14. Nytia
    difficile à dire de suite, mais j'ai redémarré mon ordi et je trouve qu'il est plus rapide au démarrage..le problème est donc réglé?
  15. Nytia
    le voici, merci Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:29:37, on 19/07/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\SiS VGA Utilities\SiSTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Windows\Pixart\Pac7302\Monitor.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Secunia\PSI (RC2)\psi.exe C:\Windows\system32\taskeng.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wermgr.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Windows\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\c\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [siSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Secunia PSI (RC2).lnk = C:\Program Files\Secunia\PSI (RC2)\psi.exe O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 8321 bytes
  16. Nytia
    voici le rapport: -----------\\ ToolBar S&D 1.0.6 XP/Vista [ Windows 'Longhorn' (NT 6.0) Workstation Build 6001, Service Pack 1 ] [ USER : c ] [ "C:\Toolbar SD" ] [ Selection : 2 ] [ 19/07/2008 | 16:07:57,16 ] [ PC : PC-DE-C ] [ MAJ : 18-07-2008 | 20:45 ] [ UAC => 0 ] -----------\\ SUPPRESSION Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Barre d'outils Crawler Supprime! - C:\Program Files\Crawler\Download Supprime! - C:\Program Files\Crawler\Toolbar Supprime! - C:\Program Files\Crawler -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\Windows\\system32\\blank.htm" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.google.fr/" "Url"="http://go.microsoft.com/fwlink/?LinkId=75720" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [ UAC => 1 ] -----------\\ Fin du rapport a 16:09:06,74
  17. Nytia
    voici le rapport TB: -----------\\ ToolBar S&D 1.0.6 XP/Vista [ Windows 'Longhorn' (NT 6.0) Workstation Build 6001, Service Pack 1 ] [ USER : c ] [ "C:\Toolbar SD" ] [ Selection : 1 ] [ 19/07/2008 | 15:50:23,21 ] [ PC : PC-DE-C ] [ MAJ : 18-07-2008 | 20:45 ] [ UAC => 0 ] -----------\\ Recherche de Fichiers / Dossiers ... C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Barre d'outils Crawler C:\Program Files\Crawler C:\Program Files\Crawler\Download C:\Program Files\Crawler\Toolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\Windows\\system32\\blank.htm" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.google.fr/" "Url"="http://go.microsoft.com/fwlink/?LinkId=75720" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [ UAC => 1 ] -----------\\ Fin du rapport a 15:50:36,79
  18. Nytia
    zut je me suis trompée , j'ai mis 2 fois le même rapport, le voici: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:10:35, on 19/07/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\SiS VGA Utilities\SiSTray.exe C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Windows\Pixart\Pac7302\Monitor.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\Explorer.exe C:\Users\c\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O4 - HKLM\..\Run: [siSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Secunia PSI (RC2).lnk = C:\Program Files\Secunia\PSI (RC2)\psi.exe O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 8221 bytes
  19. Nytia
    et celui d'hijackthis: merci. ComboFix 08-07-18.3 - c 2008-07-19 14:58:28.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.236 [GMT 2:00] Endroit: C:\Users\c\Desktop\ComboFix.exe Command switches used :: C:\Users\c\Desktop\CFScript.txt * Création d'un nouveau point de restauration * Resident AV is active . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-19 to 2008-07-19 )))))))))))))))))))))))))))))))))))) . 2008-07-17 22:53 . 2008-07-18 15:04 <REP> d-------- C:\Program Files\Navilog1 2008-07-15 20:05 . 2008-07-15 20:05 <REP> d-------- C:\Users\All Users\WindowsSearch 2008-07-15 20:05 . 2008-07-15 20:05 <REP> d-------- C:\ProgramData\WindowsSearch 2008-07-14 01:30 . 2008-07-14 01:30 <REP> d-------- C:\Users\c\table_fichiers 2008-07-13 20:37 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll 2008-07-13 20:37 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll 2008-07-13 20:37 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll 2008-07-09 16:04 . 2008-07-09 16:04 <REP> d-------- C:\Program Files\Lavasoft 2008-07-09 16:03 . 2008-07-09 16:03 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-09 14:10 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-07-09 14:10 . 2008-04-26 10:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe 2008-07-09 14:10 . 2008-04-26 10:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-07-09 14:10 . 2008-04-12 05:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll 2008-07-09 14:10 . 2008-05-10 05:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll 2008-07-09 14:10 . 2008-04-05 03:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys 2008-07-09 14:10 . 2008-04-05 05:34 15,360 --a------ C:\Windows\System32\pacerprf.dll 2008-07-09 14:09 . 2008-05-08 23:59 430,080 --a------ C:\Windows\System32\vbscript.dll 2008-07-09 14:09 . 2008-05-08 23:59 180,224 --a------ C:\Windows\System32\scrobj.dll 2008-07-09 14:09 . 2008-05-08 23:59 172,032 --a------ C:\Windows\System32\scrrun.dll 2008-07-09 14:09 . 2008-05-08 23:59 155,648 --a------ C:\Windows\System32\wscript.exe 2008-07-09 14:09 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\wshom.ocx 2008-07-09 14:09 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\cscript.exe 2008-07-09 14:09 . 2008-05-08 23:59 90,112 --a------ C:\Windows\System32\wshext.dll 2008-07-07 20:11 . 2008-07-07 20:15 <REP> d-------- C:\Users\c\AppData\Roaming\F-Secure 2008-07-07 20:02 . 2007-05-25 15:15 572,784 --a------ C:\Windows\System32\msvcp50.dll 2008-07-07 20:02 . 2007-05-25 15:10 67,120 --a------ C:\Windows\System32\drivers\fsdfw.sys 2008-07-07 20:02 . 2007-05-25 15:09 35,024 --a------ C:\Windows\System32\drivers\fses.sys 2008-07-07 20:01 . 2008-07-07 20:01 <REP> d-------- C:\Users\All Users\F-Secure 2008-07-07 20:01 . 2008-07-07 20:01 <REP> d-------- C:\ProgramData\F-Secure 2008-07-07 20:00 . 2008-07-07 21:51 <REP> d-------- C:\Program Files\F-Secure Internet Security 2008-07-07 19:59 . 2008-07-07 19:59 <REP> d-------- C:\Users\All Users\fssg 2008-07-07 19:59 . 2008-07-07 19:59 <REP> d-------- C:\ProgramData\fssg 2008-07-07 14:45 . 2008-07-08 12:15 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-07 14:45 . 2008-07-07 17:35 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys 2008-07-07 14:45 . 2008-07-07 17:35 17,144 --a------ C:\Windows\System32\drivers\mbam.sys 2008-07-06 23:05 . 2008-07-06 23:05 <REP> d-------- C:\Program Files\Secunia 2008-07-06 16:55 . 2008-07-06 16:55 <REP> d-------- C:\Program Files\Real 2008-07-06 16:55 . 2008-07-06 22:58 <REP> d-------- C:\Program Files\Common Files\Real 2008-07-06 15:37 . 2008-07-10 19:38 <REP> d-------- C:\Program Files\PeerTV 2008-06-22 20:14 . 2008-06-22 22:09 <REP> d-------- C:\Users\c\AppData\Roaming\Skype . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-10 10:59 --------- d-----w C:\Program Files\Windows Mail 2008-07-09 12:12 --------- d-----w C:\ProgramData\Lavasoft 2008-07-07 17:50 --------- d-----w C:\ProgramData\Kaspersky Lab 2008-07-07 12:48 --------- d-----w C:\Program Files\Google 2008-07-07 12:07 --------- d-----w C:\Program Files\adslTV 2008-07-06 13:44 --------- d-----w C:\Users\c\AppData\Roaming\LimeWire 2008-07-05 17:49 921,632 ----a-w C:\PA7302.DAT 2008-06-22 18:13 --------- d-----w C:\ProgramData\CyberLink 2008-06-14 12:23 174 --sha-w C:\Program Files\desktop.ini 2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Sidebar 2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Journal 2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Defender 2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Collaboration 2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Calendar 2008-06-13 18:12 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-06-13 16:50 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2008-06-13 16:49 --------- d-----w C:\Users\c\AppData\Roaming\OpenOffice.org2 2008-06-12 22:09 --------- d-----w C:\ProgramData\Microsoft Help 2008-06-12 18:54 --------- d-----w C:\Program Files\Gadwin Systems 2008-06-11 18:16 --------- d-----w C:\Users\c\AppData\Roaming\ArcSoft 2008-06-11 18:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-11 18:05 --------- d-----w C:\Program Files\ArcSoft 2008-06-11 18:04 --------- d-----w C:\Program Files\Common Files\ArcSoft 2008-06-11 17:59 --------- d-----w C:\Program Files\VGA USB Camera 2008-06-11 17:58 --------- d-----w C:\Users\c\AppData\Roaming\InstallShield 2008-06-10 21:10 --------- d-----w C:\Program Files\LimeWire 2008-06-09 19:52 --------- d-----w C:\Program Files\Kaspersky Lab 2008-05-31 20:58 7,586 ----a-w C:\Users\c\AppData\Roaming\wklnhst.dat 2008-05-09 20:43 720,896 ----a-w C:\Windows\iun6002ev.exe 2007-11-01 20:57 319,488 ----a-w C:\Users\c\setup.exe 2002-03-11 09:06 1,822,520 ----a-w C:\Users\c\instmsiw.exe 2002-03-11 08:45 1,708,856 ----a-w C:\Users\c\instmsia.exe 2008-03-26 17:19 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-03-26 17:19 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-03-26 17:19 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920] "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 12:40 232184] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-16 00:42 243200] "MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-13 00:36 102400] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 03:18 366400] "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672] "PAC7302_Monitor"="C:\Windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 11:01 319488] "F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" [2007-05-25 15:12 183208] "F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 15:11 740208] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 12:39 4702208 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-08-03 07:22 1826816 C:\Windows\SkyTel.exe] C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784] Secunia PSI (RC2).lnk - C:\Program Files\Secunia\PSI (RC2)\psi.exe [2008-05-26 10:49:10 667648] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "LogonHoursAction"= 2 (0x2) "DontDisplayLogonHoursWarnings"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~1\CYBERL~1\MAGICS~1\Kernel\Burner\MKDMP3Enc.ACM [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A5199727-6466-4AEC-8052-7D3C9FDC72BA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{BDDEB3A0-109D-4E3F-BA37-CB557AA61449}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{73B454D4-270E-49A1-9189-E12EDE93C486}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{BE34A8E4-C347-4C64-85AE-4D53F4A3C0F1}C:\\program files\\peertv\\peercast.exe"= UDP:C:\program files\peertv\peercast.exe:PeerCast.exe "UDP Query User{9BE2F5AD-427C-49EE-8315-E592867C9229}C:\\program files\\peertv\\peercast.exe"= TCP:C:\program files\peertv\peercast.exe:PeerCast.exe "{B8568C56-CB86-4B39-9EBA-5F9D13FC6C5E}"= UDP:C:\Program Files\PeerTV\PeerTV.exe:PeerTV "{E8A4C6BD-09C9-402A-A911-3366AE6D945F}"= TCP:C:\Program Files\PeerTV\PeerTV.exe:PeerTV "TCP Query User{3718C70A-6339-47E5-839C-22028C6DBBE7}C:\\program files\\peertv\\vlc\\vlc.exe"= UDP:C:\program files\peertv\vlc\vlc.exe:VLC media player "UDP Query User{8B64C850-B81F-4D8A-9CEA-8D169797CF54}C:\\program files\\peertv\\vlc\\vlc.exe"= TCP:C:\program files\peertv\vlc\vlc.exe:VLC media player "{B99FC945-68EA-4139-A4C4-54CB687B55C9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2008-07-07 21:32] R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-05-25 15:09] R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2007-05-25 15:10] R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsvista.sys [2007-05-25 15:08] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 15:08] R3 SiS6350;SiS6350;C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-09-17 22:09] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 05:12] S3 PAC7302;PAC7302 VGA USB Camera;C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-06-14 15:29] S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [2008-04-23 13:56] S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-01-24 16:38] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-01-24 16:38] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-01-24 16:38] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 15:09] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 15:09] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5654ee7c-c1c4-11dc-bf82-88dd6ad84efc}] \shell\AutoRun\command - E:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbeca187-cc05-11dc-8dcf-001e8c454d96}] \shell\AutoRun\command - E:\LaunchU3.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-07-19 13:00:02 C:\Windows\Tasks\Extension de garantie.job" - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe "2008-07-18 19:18:19 C:\Windows\Tasks\User_Feed_Synchronization-{15747C5E-44C1-462D-B971-284D342E60B6}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-19 15:05:36 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-07-19 15:09:02 ComboFix-quarantined-files.txt 2008-07-19 13:08:51 ComboFix2.txt 2008-07-19 11:18:31 Pre-Run: 96,404,889,600 octets libres Post-Run: 96,374,620,160 octets libres 181 --- E O F --- 2008-07-16 12:20:48
  20. Nytia
    voici le rapport log: ComboFix 08-07-18.3 - c 2008-07-19 14:58:28.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.236 [GMT 2:00] Endroit: C:\Users\c\Desktop\ComboFix.exe Command switches used :: C:\Users\c\Desktop\CFScript.txt * Création d'un nouveau point de restauration * Resident AV is active . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-19 to 2008-07-19 )))))))))))))))))))))))))))))))))))) . 2008-07-17 22:53 . 2008-07-18 15:04 <REP> d-------- C:\Program Files\Navilog1 2008-07-15 20:05 . 2008-07-15 20:05 <REP> d-------- C:\Users\All Users\WindowsSearch 2008-07-15 20:05 . 2008-07-15 20:05 <REP> d-------- C:\ProgramData\WindowsSearch 2008-07-14 01:30 . 2008-07-14 01:30 <REP> d-------- C:\Users\c\table_fichiers 2008-07-13 20:37 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll 2008-07-13 20:37 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll 2008-07-13 20:37 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll 2008-07-09 16:04 . 2008-07-09 16:04 <REP> d-------- C:\Program Files\Lavasoft 2008-07-09 16:03 . 2008-07-09 16:03 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-09 14:10 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-07-09 14:10 . 2008-04-26 10:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe 2008-07-09 14:10 . 2008-04-26 10:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-07-09 14:10 . 2008-04-12 05:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll 2008-07-09 14:10 . 2008-05-10 05:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll 2008-07-09 14:10 . 2008-04-05 03:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys 2008-07-09 14:10 . 2008-04-05 05:34 15,360 --a------ C:\Windows\System32\pacerprf.dll 2008-07-09 14:09 . 2008-05-08 23:59 430,080 --a------ C:\Windows\System32\vbscript.dll 2008-07-09 14:09 . 2008-05-08 23:59 180,224 --a------ C:\Windows\System32\scrobj.dll 2008-07-09 14:09 . 2008-05-08 23:59 172,032 --a------ C:\Windows\System32\scrrun.dll 2008-07-09 14:09 . 2008-05-08 23:59 155,648 --a------ C:\Windows\System32\wscript.exe 2008-07-09 14:09 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\wshom.ocx 2008-07-09 14:09 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\cscript.exe 2008-07-09 14:09 . 2008-05-08 23:59 90,112 --a------ C:\Windows\System32\wshext.dll 2008-07-07 20:11 . 2008-07-07 20:15 <REP> d-------- C:\Users\c\AppData\Roaming\F-Secure 2008-07-07 20:02 . 2007-05-25 15:15 572,784 --a------ C:\Windows\System32\msvcp50.dll 2008-07-07 20:02 . 2007-05-25 15:10 67,120 --a------ C:\Windows\System32\drivers\fsdfw.sys 2008-07-07 20:02 . 2007-05-25 15:09 35,024 --a------ C:\Windows\System32\drivers\fses.sys 2008-07-07 20:01 . 2008-07-07 20:01 <REP> d-------- C:\Users\All Users\F-Secure 2008-07-07 20:01 . 2008-07-07 20:01 <REP> d-------- C:\ProgramData\F-Secure 2008-07-07 20:00 . 2008-07-07 21:51 <REP> d-------- C:\Program Files\F-Secure Internet Security 2008-07-07 19:59 . 2008-07-07 19:59 <REP> d-------- C:\Users\All Users\fssg 2008-07-07 19:59 . 2008-07-07 19:59 <REP> d-------- C:\ProgramData\fssg 2008-07-07 14:45 . 2008-07-08 12:15 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-07 14:45 . 2008-07-07 17:35 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys 2008-07-07 14:45 . 2008-07-07 17:35 17,144 --a------ C:\Windows\System32\drivers\mbam.sys 2008-07-06 23:05 . 2008-07-06 23:05 <REP> d-------- C:\Program Files\Secunia 2008-07-06 16:55 . 2008-07-06 16:55 <REP> d-------- C:\Program Files\Real 2008-07-06 16:55 . 2008-07-06 22:58 <REP> d-------- C:\Program Files\Common Files\Real 2008-07-06 15:37 . 2008-07-10 19:38 <REP> d-------- C:\Program Files\PeerTV 2008-06-22 20:14 . 2008-06-22 22:09 <REP> d-------- C:\Users\c\AppData\Roaming\Skype . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-10 10:59 --------- d-----w C:\Program Files\Windows Mail 2008-07-09 12:12 --------- d-----w C:\ProgramData\Lavasoft 2008-07-07 17:50 --------- d-----w C:\ProgramData\Kaspersky Lab 2008-07-07 12:48 --------- d-----w C:\Program Files\Google 2008-07-07 12:07 --------- d-----w C:\Program Files\adslTV 2008-07-06 13:44 --------- d-----w C:\Users\c\AppData\Roaming\LimeWire 2008-07-05 17:49 921,632 ----a-w C:\PA7302.DAT 2008-06-22 18:13 --------- d-----w C:\ProgramData\CyberLink 2008-06-14 12:23 174 --sha-w C:\Program Files\desktop.ini 2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Sidebar 2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Journal 2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Defender 2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Collaboration 2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Calendar 2008-06-13 18:12 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-06-13 16:50 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2008-06-13 16:49 --------- d-----w C:\Users\c\AppData\Roaming\OpenOffice.org2 2008-06-12 22:09 --------- d-----w C:\ProgramData\Microsoft Help 2008-06-12 18:54 --------- d-----w C:\Program Files\Gadwin Systems 2008-06-11 18:16 --------- d-----w C:\Users\c\AppData\Roaming\ArcSoft 2008-06-11 18:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-11 18:05 --------- d-----w C:\Program Files\ArcSoft 2008-06-11 18:04 --------- d-----w C:\Program Files\Common Files\ArcSoft 2008-06-11 17:59 --------- d-----w C:\Program Files\VGA USB Camera 2008-06-11 17:58 --------- d-----w C:\Users\c\AppData\Roaming\InstallShield 2008-06-10 21:10 --------- d-----w C:\Program Files\LimeWire 2008-06-09 19:52 --------- d-----w C:\Program Files\Kaspersky Lab 2008-05-31 20:58 7,586 ----a-w C:\Users\c\AppData\Roaming\wklnhst.dat 2008-05-09 20:43 720,896 ----a-w C:\Windows\iun6002ev.exe 2007-11-01 20:57 319,488 ----a-w C:\Users\c\setup.exe 2002-03-11 09:06 1,822,520 ----a-w C:\Users\c\instmsiw.exe 2002-03-11 08:45 1,708,856 ----a-w C:\Users\c\instmsia.exe 2008-03-26 17:19 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-03-26 17:19 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-03-26 17:19 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920] "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 12:40 232184] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-16 00:42 243200] "MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-13 00:36 102400] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 03:18 366400] "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672] "PAC7302_Monitor"="C:\Windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 11:01 319488] "F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" [2007-05-25 15:12 183208] "F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 15:11 740208] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 12:39 4702208 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-08-03 07:22 1826816 C:\Windows\SkyTel.exe] C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784] Secunia PSI (RC2).lnk - C:\Program Files\Secunia\PSI (RC2)\psi.exe [2008-05-26 10:49:10 667648] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "LogonHoursAction"= 2 (0x2) "DontDisplayLogonHoursWarnings"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~1\CYBERL~1\MAGICS~1\Kernel\Burner\MKDMP3Enc.ACM [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A5199727-6466-4AEC-8052-7D3C9FDC72BA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{BDDEB3A0-109D-4E3F-BA37-CB557AA61449}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{73B454D4-270E-49A1-9189-E12EDE93C486}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{BE34A8E4-C347-4C64-85AE-4D53F4A3C0F1}C:\\program files\\peertv\\peercast.exe"= UDP:C:\program files\peertv\peercast.exe:PeerCast.exe "UDP Query User{9BE2F5AD-427C-49EE-8315-E592867C9229}C:\\program files\\peertv\\peercast.exe"= TCP:C:\program files\peertv\peercast.exe:PeerCast.exe "{B8568C56-CB86-4B39-9EBA-5F9D13FC6C5E}"= UDP:C:\Program Files\PeerTV\PeerTV.exe:PeerTV "{E8A4C6BD-09C9-402A-A911-3366AE6D945F}"= TCP:C:\Program Files\PeerTV\PeerTV.exe:PeerTV "TCP Query User{3718C70A-6339-47E5-839C-22028C6DBBE7}C:\\program files\\peertv\\vlc\\vlc.exe"= UDP:C:\program files\peertv\vlc\vlc.exe:VLC media player "UDP Query User{8B64C850-B81F-4D8A-9CEA-8D169797CF54}C:\\program files\\peertv\\vlc\\vlc.exe"= TCP:C:\program files\peertv\vlc\vlc.exe:VLC media player "{B99FC945-68EA-4139-A4C4-54CB687B55C9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2008-07-07 21:32] R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-05-25 15:09] R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2007-05-25 15:10] R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsvista.sys [2007-05-25 15:08] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 15:08] R3 SiS6350;SiS6350;C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-09-17 22:09] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 05:12] S3 PAC7302;PAC7302 VGA USB Camera;C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-06-14 15:29] S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [2008-04-23 13:56] S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-01-24 16:38] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-01-24 16:38] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-01-24 16:38] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 15:09] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 15:09] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5654ee7c-c1c4-11dc-bf82-88dd6ad84efc}] \shell\AutoRun\command - E:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbeca187-cc05-11dc-8dcf-001e8c454d96}] \shell\AutoRun\command - E:\LaunchU3.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-07-19 13:00:02 C:\Windows\Tasks\Extension de garantie.job" - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe "2008-07-18 19:18:19 C:\Windows\Tasks\User_Feed_Synchronization-{15747C5E-44C1-462D-B971-284D342E60B6}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-19 15:05:36 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-07-19 15:09:02 ComboFix-quarantined-files.txt 2008-07-19 13:08:51 ComboFix2.txt 2008-07-19 11:18:31 Pre-Run: 96,404,889,600 octets libres Post-Run: 96,374,620,160 octets libres 181 --- E O F --- 2008-07-16 12:20:48
  21. Nytia
    Voici le rapport log: merci de ton aide. ComboFix 08-07-18.3 - c 2008-07-19 13:02:11.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.124 [GMT 2:00] Endroit: C:\Users\c\Desktop\ComboFix.exe * Resident AV is active . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Conditions générales.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Confidentialité.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Désinstaller.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.url C:\Users\c\AppData\Local\gkuky.dat c:\users\c\appdata\local\gkuky.exe c:\Users\c\AppData\Local\gkuky_nav.dat C:\Users\c\AppData\Local\gkuky_navps.dat . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-19 to 2008-07-19 )))))))))))))))))))))))))))))))))))) . 2008-07-17 22:53 . 2008-07-18 15:04 <REP> d-------- C:\Program Files\Navilog1 2008-07-15 20:05 . 2008-07-15 20:05 <REP> d-------- C:\Users\All Users\WindowsSearch 2008-07-15 20:05 . 2008-07-15 20:05 <REP> d-------- C:\ProgramData\WindowsSearch 2008-07-14 01:30 . 2008-07-14 01:30 <REP> d-------- C:\Users\c\table_fichiers 2008-07-13 20:37 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll 2008-07-13 20:37 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll 2008-07-13 20:37 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll 2008-07-09 16:04 . 2008-07-09 16:04 <REP> d-------- C:\Program Files\Lavasoft 2008-07-09 16:03 . 2008-07-09 16:03 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-09 14:10 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-07-09 14:10 . 2008-04-26 10:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe 2008-07-09 14:10 . 2008-04-26 10:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-07-09 14:10 . 2008-04-12 05:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll 2008-07-09 14:10 . 2008-05-10 05:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll 2008-07-09 14:10 . 2008-04-05 03:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys 2008-07-09 14:10 . 2008-04-05 05:34 15,360 --a------ C:\Windows\System32\pacerprf.dll 2008-07-09 14:09 . 2008-05-08 23:59 430,080 --a------ C:\Windows\System32\vbscript.dll 2008-07-09 14:09 . 2008-05-08 23:59 180,224 --a------ C:\Windows\System32\scrobj.dll 2008-07-09 14:09 . 2008-05-08 23:59 172,032 --a------ C:\Windows\System32\scrrun.dll 2008-07-09 14:09 . 2008-05-08 23:59 155,648 --a------ C:\Windows\System32\wscript.exe 2008-07-09 14:09 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\wshom.ocx 2008-07-09 14:09 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\cscript.exe 2008-07-09 14:09 . 2008-05-08 23:59 90,112 --a------ C:\Windows\System32\wshext.dll 2008-07-07 20:11 . 2008-07-07 20:15 <REP> d-------- C:\Users\c\AppData\Roaming\F-Secure 2008-07-07 20:02 . 2007-05-25 15:15 572,784 --a------ C:\Windows\System32\msvcp50.dll 2008-07-07 20:02 . 2007-05-25 15:10 67,120 --a------ C:\Windows\System32\drivers\fsdfw.sys 2008-07-07 20:02 . 2007-05-25 15:09 35,024 --a------ C:\Windows\System32\drivers\fses.sys 2008-07-07 20:01 . 2008-07-07 20:01 <REP> d-------- C:\Users\All Users\F-Secure 2008-07-07 20:01 . 2008-07-07 20:01 <REP> d-------- C:\ProgramData\F-Secure 2008-07-07 20:00 . 2008-07-07 21:51 <REP> d-------- C:\Program Files\F-Secure Internet Security 2008-07-07 19:59 . 2008-07-07 19:59 <REP> d-------- C:\Users\All Users\fssg 2008-07-07 19:59 . 2008-07-07 19:59 <REP> d-------- C:\ProgramData\fssg 2008-07-07 14:45 . 2008-07-08 12:15 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-07 14:45 . 2008-07-07 17:35 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys 2008-07-07 14:45 . 2008-07-07 17:35 17,144 --a------ C:\Windows\System32\drivers\mbam.sys 2008-07-06 23:05 . 2008-07-06 23:05 <REP> d-------- C:\Program Files\Secunia 2008-07-06 16:55 . 2008-07-06 16:55 <REP> d-------- C:\Program Files\Real 2008-07-06 16:55 . 2008-07-06 22:58 <REP> d-------- C:\Program Files\Common Files\Real 2008-07-06 15:37 . 2008-07-10 19:38 <REP> d-------- C:\Program Files\PeerTV 2008-06-22 20:14 . 2008-06-22 22:09 <REP> d-------- C:\Users\c\AppData\Roaming\Skype . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-10 10:59 --------- d-----w C:\Program Files\Windows Mail 2008-07-09 12:12 --------- d-----w C:\ProgramData\Lavasoft 2008-07-07 17:50 --------- d-----w C:\ProgramData\Kaspersky Lab 2008-07-07 12:48 --------- d-----w C:\Program Files\Google 2008-07-07 12:07 --------- d-----w C:\Program Files\adslTV 2008-07-06 13:44 --------- d-----w C:\Users\c\AppData\Roaming\LimeWire 2008-07-05 17:49 921,632 ----a-w C:\PA7302.DAT 2008-06-22 18:13 --------- d-----w C:\ProgramData\CyberLink 2008-06-14 12:23 174 --sha-w C:\Program Files\desktop.ini 2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Sidebar 2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Journal 2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Defender 2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Collaboration 2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Calendar 2008-06-13 18:12 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-06-13 16:50 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2008-06-13 16:49 --------- d-----w C:\Users\c\AppData\Roaming\OpenOffice.org2 2008-06-12 22:09 --------- d-----w C:\ProgramData\Microsoft Help 2008-06-12 18:54 --------- d-----w C:\Program Files\Gadwin Systems 2008-06-11 18:16 --------- d-----w C:\Users\c\AppData\Roaming\ArcSoft 2008-06-11 18:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-11 18:05 --------- d-----w C:\Program Files\ArcSoft 2008-06-11 18:04 --------- d-----w C:\Program Files\Common Files\ArcSoft 2008-06-11 17:59 --------- d-----w C:\Program Files\VGA USB Camera 2008-06-11 17:58 --------- d-----w C:\Users\c\AppData\Roaming\InstallShield 2008-06-10 21:10 --------- d-----w C:\Program Files\LimeWire 2008-06-09 19:52 --------- d-----w C:\Program Files\Kaspersky Lab 2008-05-31 20:58 7,586 ----a-w C:\Users\c\AppData\Roaming\wklnhst.dat 2008-05-09 20:43 720,896 ----a-w C:\Windows\iun6002ev.exe 2007-11-01 20:57 319,488 ----a-w C:\Users\c\setup.exe 2002-03-11 09:06 1,822,520 ----a-w C:\Users\c\instmsiw.exe 2002-03-11 08:45 1,708,856 ----a-w C:\Users\c\instmsia.exe 2008-03-26 17:19 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-03-26 17:19 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-03-26 17:19 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920] "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 12:40 232184] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-16 00:42 243200] "MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-13 00:36 102400] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 03:18 366400] "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672] "PAC7302_Monitor"="C:\Windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 11:01 319488] "F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" [2007-05-25 15:12 183208] "F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 15:11 740208] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 12:39 4702208 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-08-03 07:22 1826816 C:\Windows\SkyTel.exe] C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784] Secunia PSI (RC2).lnk - C:\Program Files\Secunia\PSI (RC2)\psi.exe [2008-05-26 10:49:10 667648] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "LogonHoursAction"= 2 (0x2) "DontDisplayLogonHoursWarnings"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~1\CYBERL~1\MAGICS~1\Kernel\Burner\MKDMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A5199727-6466-4AEC-8052-7D3C9FDC72BA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{BDDEB3A0-109D-4E3F-BA37-CB557AA61449}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{73B454D4-270E-49A1-9189-E12EDE93C486}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{BE34A8E4-C347-4C64-85AE-4D53F4A3C0F1}C:\\program files\\peertv\\peercast.exe"= UDP:C:\program files\peertv\peercast.exe:PeerCast.exe "UDP Query User{9BE2F5AD-427C-49EE-8315-E592867C9229}C:\\program files\\peertv\\peercast.exe"= TCP:C:\program files\peertv\peercast.exe:PeerCast.exe "{B8568C56-CB86-4B39-9EBA-5F9D13FC6C5E}"= UDP:C:\Program Files\PeerTV\PeerTV.exe:PeerTV "{E8A4C6BD-09C9-402A-A911-3366AE6D945F}"= TCP:C:\Program Files\PeerTV\PeerTV.exe:PeerTV "TCP Query User{3718C70A-6339-47E5-839C-22028C6DBBE7}C:\\program files\\peertv\\vlc\\vlc.exe"= UDP:C:\program files\peertv\vlc\vlc.exe:VLC media player "UDP Query User{8B64C850-B81F-4D8A-9CEA-8D169797CF54}C:\\program files\\peertv\\vlc\\vlc.exe"= TCP:C:\program files\peertv\vlc\vlc.exe:VLC media player "TCP Query User{151D7847-BC89-4DC9-BBAB-F7EA24F7C66A}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= UDP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer "UDP Query User{EEA51818-02A9-44EA-BC68-12DCFAC0A0A6}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= TCP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer "{B99FC945-68EA-4139-A4C4-54CB687B55C9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2008-07-07 21:32] R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-05-25 15:09] R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2007-05-25 15:10] R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsvista.sys [2007-05-25 15:08] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 15:08] R3 SiS6350;SiS6350;C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-09-17 22:09] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 05:12] S3 PAC7302;PAC7302 VGA USB Camera;C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-06-14 15:29] S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [2008-04-23 13:56] S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-01-24 16:38] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-01-24 16:38] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-01-24 16:38] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 15:09] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 15:09] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5654ee7c-c1c4-11dc-bf82-88dd6ad84efc}] \shell\AutoRun\command - E:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbeca187-cc05-11dc-8dcf-001e8c454d96}] \shell\AutoRun\command - E:\LaunchU3.exe *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-07-19 11:00:06 C:\Windows\Tasks\Extension de garantie.job" - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe "2008-07-18 19:18:19 C:\Windows\Tasks\User_Feed_Synchronization-{15747C5E-44C1-462D-B971-284D342E60B6}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-19 13:14:21 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-07-19 13:18:29 ComboFix-quarantined-files.txt 2008-07-19 11:18:22 Pre-Run: 95,165,186,048 octets libres Post-Run: 95,146,319,872 octets libres 197 --- E O F --- 2008-07-16 12:20:48
  22. Nytia
    j'ai recommencé le rapport hijackthis, le problème est qu'il n'est pas tout à fait pareil que celui que j'ai posté précédemment..le voici: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:50:33, on 18/07/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\SiS VGA Utilities\SiSTray.exe C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Windows\Pixart\Pac7302\Monitor.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Users\c\AppData\Local\gkuky.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Users\c\Desktop\HiJackThis(2).exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\c\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [siSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [gkuky] c:\users\c\appdata\local\gkuky.exe gkuky O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Secunia PSI (RC2).lnk = C:\Program Files\Secunia\PSI (RC2)\psi.exe O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 9174 bytes
  23. Nytia
    Bonjour, J'ai effectué de nouveau ces 2 opérations en désactivant mon antivirus et l'UAC, cependant je n'ai toujours aucun rapport cleannavi correspondant à la 2e option..j'ai donc refais un rapport hijackthis: le voici. merci Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:23:31, on 18/07/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\SiS VGA Utilities\SiSTray.exe C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Windows\Pixart\Pac7302\Monitor.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Users\c\AppData\Local\gkuky.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Users\c\Desktop\HiJackThis(2).exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 1864 bytes
  24. Nytia
    coucou! c'est Nytia (de son vrai prénom sophie) je suis une petite nouvelle zebulonienne! je prendrais bien un peu de gâteau! merci
  25. Nytia
    le voici: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:57:51, on 18/07/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\SiS VGA Utilities\SiSTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Windows\Pixart\Pac7302\Monitor.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Users\c\AppData\Local\hzauhi.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Secunia\PSI (RC2)\psi.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\c\Desktop\HiJackThis(2).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [siSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [hzauhi] c:\users\c\appdata\local\hzauhi.exe hzauhi O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Secunia PSI (RC2).lnk = C:\Program Files\Secunia\PSI (RC2)\psi.exe O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 9172 bytes
×
×
  • Créer...