Aller au contenu

JM04

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    19

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par JM04

  1. JM04
    Voilà c'est fait J'ai regardé les conseils de ZEBULON pour mettre en sécurité son PC Je fais pas mal de bêtises comme utiliser un seul compte qui est administrateur Je vais effectuer les modifs indiquées Mille mercis !
  2. JM04
    C'est fait MC AFEE n'a rien dit !!! Je désinstalle tollbar navilog et hijackthis ?
  3. JM04
    J'ai relancé la commande en autorisant le programme à s'exécuter et j'ai eu un message ERREUR / YOU CANNOT RENAME ComboFix en COMBOFIX....
  4. JM04
    combofix s'est lancé et mcafee a proposé de le supprimer le souci c'est qu'il est toujours présent sur le bureau
  5. JM04
    LE FIREWALL VERSION 9.1 EDITION 9.1.108 AFFID 501 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:18:46, on 21/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\WINDOWS\system32\sistray.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\SiteAdvisor\6172\SAService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\McAfee\MSC\mcshell.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\diag.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-3674338846-2282021334-2114468751-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Invité') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/R...rod/DownMan.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: McAfee Application Installer Cleanup (0248261216673832) (0248261216673832mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\gilles\LOCALS~1\Temp\024826~1.EXE O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 11352 bytes
  6. JM04
    la commande combofix /u lance l'exécutable je ne l'ai pas fait...
  7. JM04
    Bravo Mc afee fonctionne correctement Encore merci pour le super boulot réalisé ! Chapeau !
  8. JM04
    Non rien de spécial à signaler Je vais essayer de télécharger mC AFEE en espérant qu'il ne bloque plus ! Que dois je faire des exécutables téléchargés comme TOOLBAR et HIJACKTHIS ?
  9. JM04
    Bonsoir et encore merci du temps que vous me consacrez Pour mcafee, je suis abonné par le biais de FREE, je ne sais pas si je maintiens l'abonnement à cet antivirus qu'on m'a conseillénet Voici les rapports : Clean Navipromo version 3.6.1 commencé le 21/07/2008 à 21:49:21,70 Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "gilles" Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\WINDOWS\System32" * ftzkisana.exe trouvé ! Copie ftzkisana.exe réalisée avec succès ! ftzkisana.exe supprimé ! tihohh.exe trouvé ! Copie tihohh.exe réalisée avec succès ! tihohh.exe supprimé ! veveluh.exe trouvé ! Copie veveluh.exe réalisée avec succès ! veveluh.exe supprimé ! zomfucfpld.exe trouvé ! Copie zomfucfpld.exe réalisée avec succès ! zomfucfpld.exe supprimé ! * Suppression dans "C:\Documents and Settings\gilles\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\gilles\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\gilles\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\gilles\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\gilles\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\WINDOWS\system32" * * Dans "C:\Documents and Settings\gilles\locals~1\applic~1" * * Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltdt absent ! *** Nettoyage terminé le 21/07/2008 à 21:53:12,40 *** et le second Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:55:17, on 21/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\WINDOWS\system32\sistray.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\diag.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/R...rod/DownMan.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9095 bytes
  10. JM04
    Un point positif : le WIFI semble fonctionner normalement... J'ai désinstallé MC AFEE, faut il le réinstaller maintenant car je n'ai rien d'actif au niveau antivirus ? Si oui que faut il désinstaller pour éviter tout problème de fonctionnement ? Voici le rapport : Search Navipromo version 3.6.1 commencé le 21/07/2008 à 10:05:17,20 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "gilles" Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\gilles\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\gilles\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\gilles\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier Navipromo trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * Fichiers trouvés : ftzkisana.exe trouvé ! tihohh.exe trouvé ! veveluh.exe trouvé ! zomfucfpld.exe trouvé ! * Recherche dans "C:\Documents and Settings\gilles\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\gilles\locals~1\applic~1" : * Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 21/07/2008 à 10:11:31,67 ***
  11. JM04
    Voilà c'est fait -----------\\ ToolBar S&D 1.0.6 XP/Vista [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : gilles ] [ "C:\Toolbar SD" ] [ Selection : 2 ] [ 21/07/2008 | 7:32:44,53 ] [ PC : LAPIPOU ] [ MAJ : 18-07-2008 | 20:45 ] -----------\\ SUPPRESSION Supprime! - C:\DOCUME~1\gilles\APPLIC~1\Mozilla\Firefox\Profiles\F6W15Y~1.DEF\EXTENS~1\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (gilles) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (gilles) - {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} => megaupload -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" "Default_Search_URL"="http://www.google.com/ie" "Start Page"="http://google.fr/" "Url"="http://go.microsoft.com/fwlink/?LinkID=68928" "Url"="http://go.microsoft.com/fwlink/?LinkID=44406" "Url"="http://go.microsoft.com/fwlink/?LinkID=68929" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" -----------\\ Fin du rapport a 7:33:45,12
  12. JM04
  13. JM04
    Je n'ai pas trouvé le fichier SYS à vérifier Voici le rapport TB -----------\\ ToolBar S&D 1.0.6 XP/Vista [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : gilles ] [ "C:\Toolbar SD" ] [ Selection : 1 ] [ 20/07/2008 | 19:18:41,43 ] [ PC : LAPIPOU ] [ MAJ : 18-07-2008 | 20:45 ] -----------\\ Recherche de Fichiers / Dossiers ... \...\{635abd67-4fe9-1b23-4f01-e679fa7484c1} - (ytoolbar) -----------\\ Extensions (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (gilles) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (gilles) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar (gilles) - {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} => megaupload -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" "Default_Search_URL"="http://www.google.com/ie" "Start Page"="http://google.fr/" "Url"="http://go.microsoft.com/fwlink/?LinkID=68928" "Url"="http://go.microsoft.com/fwlink/?LinkID=44406" "Url"="http://go.microsoft.com/fwlink/?LinkID=68929" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" -----------\\ Fin du rapport a 19:19:08,73
  14. JM04
    Je ne trouve pas le fichier AAB172B449.sys est ce que je continue la procédure indiquée ?
  15. JM04
    Voilà le rapport, est ce que je continue le reste de la procédure indiquée ou j'attend ? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:55:06, on 20/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\explorer.exe C:\Program Files\diag.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O15 - Trusted Zone: http://www.clubic.com O15 - Trusted Zone: http://www.java.com O15 - Trusted Zone: http://housecall65.trendmicro.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/R...rod/DownMan.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8948 bytes
  16. JM04
    voici le rapport COMBOFIX je vais lancer HIJACKTHIS ComboFix 08-07-19.1 - gilles 2008-07-20 18:41:48.2 - NTFSx86 Endroit: C:\Documents and Settings\gilles\Bureau\Combo.exe Command switches used :: C:\Documents and Settings\gilles\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\Documents and Settings\gilles\Application Data\ezpinst.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\gilles\Application Data\ezpinst.exe C:\WINDOWS\system32\drivers\downld . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))))))) . 2008-07-20 17:02 . 2008-07-20 17:02 401,720 --a------ C:\Program Files\diag.exe 2008-07-20 16:44 . 2008-07-20 16:47 <REP> d-------- C:\Documents and Settings\Invité\Application Data\MEGAUPLOADTOOLBAR 2008-07-20 16:43 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage réseau 2008-07-20 16:43 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage réseau 2008-07-20 16:43 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage d'impression 2008-07-20 16:43 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage d'impression 2008-07-20 16:43 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Invité\Modèles 2008-07-20 16:43 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Invité\Modèles 2008-07-20 16:43 . 2008-07-20 16:43 <REP> dr------- C:\Documents and Settings\Invité\Mes documents 2008-07-20 16:43 . 2008-07-20 16:43 <REP> dr------- C:\Documents and Settings\Invité\Mes documents 2008-07-20 16:43 . 2004-08-16 18:55 <REP> dr------- C:\Documents and Settings\Invité\Menu Démarrer 2008-07-20 16:43 . 2004-08-16 18:55 <REP> dr------- C:\Documents and Settings\Invité\Menu Démarrer 2008-07-20 16:43 . 2008-07-20 16:44 <REP> dr------- C:\Documents and Settings\Invité\Favoris 2008-07-20 16:43 . 2008-07-20 16:44 <REP> dr------- C:\Documents and Settings\Invité\Favoris 2008-07-20 16:43 . 2008-07-20 16:43 <REP> dr------- C:\Documents and Settings\Invité\Bureau 2008-07-20 16:43 . 2008-07-20 16:43 <REP> dr------- C:\Documents and Settings\Invité\Bureau 2008-07-20 16:43 . 2006-01-07 16:35 <REP> d-------- C:\Documents and Settings\Invité\Application Data\You've Got Pictures Screensaver 2008-07-20 16:43 . 2006-01-07 16:28 <REP> d-------- C:\Documents and Settings\Invité\Application Data\Symantec 2008-07-20 16:43 . 2008-07-20 16:43 <REP> d-------- C:\Documents and Settings\Invité 2008-07-20 14:44 . 2008-07-20 14:44 <REP> d-------- C:\Program Files\Alwil Software 2008-07-19 17:46 . 2008-07-20 11:41 <REP> d-------- C:\Documents and Settings\gilles\.housecall6.6 2008-07-19 15:34 . 2008-07-19 15:34 <REP> d-------- C:\Documents and Settings\gilles\Application Data\Malwarebytes 2008-07-19 15:34 . 2008-07-19 15:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-19 15:00 . 2008-07-19 15:00 <REP> d-------- C:\WINDOWS\AU_Temp 2008-07-18 23:28 . 2008-07-19 11:30 <REP> d-------- C:\WINDOWS\report 2008-07-18 23:28 . 2008-07-19 11:29 <REP> d-------- C:\WINDOWS\AU_Backup 2008-07-18 23:28 . 2008-07-18 23:28 1,962,632 --a------ C:\WINDOWS\tsc.ptn 2008-07-18 23:28 . 2008-07-19 11:32 1,213,784 --a------ C:\WINDOWS\vsapi32.dll 2008-07-18 23:28 . 2008-07-18 23:28 333,576 --a------ C:\WINDOWS\TSC.exe 2008-07-18 23:28 . 2008-07-19 11:32 91,744 --a------ C:\WINDOWS\BPMNT.dll 2008-07-18 23:28 . 2008-07-18 23:28 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2008-07-18 23:28 . 2008-07-19 15:00 823 --a------ C:\WINDOWS\tsc.ini 2008-07-18 23:27 . 2008-07-18 23:28 25,410,421 --a------ C:\WINDOWS\VPTNFILE.417 2008-07-18 23:22 . 2008-07-18 23:22 <REP> d-------- C:\WINDOWS\AU_Log 2008-07-18 23:22 . 2008-07-18 23:22 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2008-07-18 23:22 . 2008-07-18 23:22 286,720 --a------ C:\WINDOWS\PATCH.EXE 2008-07-18 23:22 . 2008-07-18 23:22 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2008-07-18 23:22 . 2008-07-19 15:00 170 --a------ C:\WINDOWS\GetServer.ini 2008-07-14 15:53 . 2008-07-14 16:38 163 --a------ C:\WINDOWS\Graphex3.ini 2008-07-14 15:52 . 2008-07-14 15:52 <REP> d-------- C:\Program Files\Graphex3 2008-07-14 15:52 . 1999-03-23 09:12 304,128 --a------ C:\WINDOWS\unin040c.exe 2008-06-20 19:41 . 2008-06-20 19:41 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 12:44 . 2008-06-20 12:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 11:55 . 2008-06-20 11:55 <REP> d-------- C:\WINDOWS\system32\VirginMega 2008-06-20 11:55 . 2008-07-18 15:41 <REP> d-------- C:\Program Files\VirginMega . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-20 16:19 --------- d-----w C:\Documents and Settings\gilles\Application Data\OpenOffice.org2 2008-07-20 15:32 --------- d-----w C:\Documents and Settings\gilles\Application Data\MegauploadToolbar 2008-07-20 15:04 10,037 ----a-w C:\Program Files\hijackthis.log 2008-07-20 08:28 32,768 -c--a-w C:\WINDOWS\system32\instlsp.exe 2008-07-19 21:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-07-19 16:27 --------- d-----w C:\Program Files\Java 2008-07-19 07:18 --------- d-----w C:\Program Files\Juice 2008-07-19 07:17 --------- d-----w C:\Program Files\eMule 2008-07-18 17:44 --------- d-----w C:\Program Files\Ripp-it_AM 2008-07-18 10:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-07-11 16:12 --------- d-----w C:\Documents and Settings\gilles\Application Data\Vso 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-19 16:41 --------- d-----w C:\Program Files\MegauploadToolbar 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2006-11-23 19:04 47,360 -c--a-w C:\Documents and Settings\gilles\Application Data\pcouffin.sys 2007-03-14 21:55 56 -csh--r C:\WINDOWS\system32\AAB172B449.sys 2007-03-14 21:55 10,022 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-07-20_18.04.26.34 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-19 14:41:44 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-07-20 16:22:20 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-07-19 14:41:44 49,054 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-07-20 16:22:20 49,054 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-07-19 14:41:44 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-07-20 16:22:20 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-07-19 14:41:44 368,314 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-07-20 16:22:20 368,314 ----a-w C:\WINDOWS\system32\perfh00C.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 16:56 1957888] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2006-10-27 02:10 684032] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:07 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 15:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-07-28 22:29 102400] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-05-11 22:03 708697] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48 127118] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-07 16:26 180269] "Pop-Up Stopper"="C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe" [2003-01-14 01:43 868352] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "SiSPower"="SiSPower.dll" [2005-07-13 03:55 49152 C:\WINDOWS\system32\SiSPower.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360] C:\Documents and Settings\gilles\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56 393216] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:56 65588] Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-19 20:36:19 125624] Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2006-01-07 16:09:31 262144] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "VIDC.MJPG"= pvmjpg21.dll "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll "vidc.yv12"= yv12vfw.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"= "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"= "C:\\Program Files\\AOL 9.0\\waol.exe"= "C:\\Program Files\\AOL 9.0\\aol.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\APPS\\Inventime\\my.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\APPS\\skype\\phone\\Skype.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\APPS\\Powercinema\\PowerCinema.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-07-15 08:13:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2006-05-10 17:28:39 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2006-05-10 17:28:39 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2006-05-10 17:28:39 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-20 18:45:20 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySqlInventime] "ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime" . Temps d'accomplissement: 2008-07-20 18:51:32 ComboFix-quarantined-files.txt 2008-07-20 16:50:14 ComboFix2.txt 2008-07-20 16:07:16 Pre-Run: 18,468,622,336 octets libres Post-Run: 18,454,228,992 octets libres 195 --- E O F --- 2008-07-09 16:37:25
  17. JM04
    Pour le mode sans échec c'est pas possible j'ai eu un message erreur au sujet du disque dur : STOP:0X000007B Puis tout est bloqué suis obligé de passer par l'interrupteur pour redémarrer
  18. JM04
    Voici le rapport COMBOFIX ComboFix 08-07-19.1 - gilles 2008-07-20 17:57:51.1 - NTFSx86 * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\gilles\Application Data\m C:\Documents and Settings\gilles\Application Data\m\data.oct C:\Documents and Settings\gilles\Application Data\m\flec006.exe C:\Documents and Settings\gilles\Application Data\m\list.oct C:\Documents and Settings\gilles\Application Data\m\shared C:\Documents and Settings\gilles\Application Data\m\shared\[Prog.-.ITA].AVG.Anti-Virus.v7.0.143.Professional.Single.Edition.zip C:\Documents and Settings\gilles\Application Data\m\shared\1000_Cool_Web_Page_Buttons_1.zip C:\Documents and Settings\gilles\Application Data\m\shared\1PopCheck_1.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\20-sim_3.6.zip C:\Documents and Settings\gilles\Application Data\m\shared\3D_Draw_Shadows_2.1.7_[KeyGen].zip C:\Documents and Settings\gilles\Application Data\m\shared\4Musics_WMA_to_WAV_Converter_4.0_(Cracked).zip C:\Documents and Settings\gilles\Application Data\m\shared\A_Summer_Vision_Screensaver_1.0_(KeyGen).zip C:\Documents and Settings\gilles\Application Data\m\shared\Active_Caller_ID_1.3.zip C:\Documents and Settings\gilles\Application Data\m\shared\Add_Shade_Font_1.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\AdmitOne_VPN_Client_for_Pocket_PC_1.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\AirGuitar_Wireless_Lyric_and_Tablature_1.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\All-Purpose_Letters_1.03_(Cracked).zip C:\Documents and Settings\gilles\Application Data\m\shared\Amplitude_Imposer_1.00.zip C:\Documents and Settings\gilles\Application Data\m\shared\AMSES_Plate_1.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\AntEater_0.7.2.zip C:\Documents and Settings\gilles\Application Data\m\shared\Aspose.Total_1.4.0.5.zip C:\Documents and Settings\gilles\Application Data\m\shared\Assessor_2.01.zip C:\Documents and Settings\gilles\Application Data\m\shared\Atlas_of_Britain_and_Ireland_1899_1.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\Atomic_Alarm_Clock_4.25.zip C:\Documents and Settings\gilles\Application Data\m\shared\Authent-I_1.3_With_Crack.zip C:\Documents and Settings\gilles\Application Data\m\shared\Avast!.professional.editon.(español).v4.6.691.updated-fixed.12-2006.zip C:\Documents and Settings\gilles\Application Data\m\shared\BeeWatcher_1.1.0.5.zip C:\Documents and Settings\gilles\Application Data\m\shared\Big_Smileys_1.0.0.8.zip C:\Documents and Settings\gilles\Application Data\m\shared\BigSpeed_Zip_OCX_3.0_(Key).zip C:\Documents and Settings\gilles\Application Data\m\shared\BloodEyeRemove_1.5_(Key+Serial).zip C:\Documents and Settings\gilles\Application Data\m\shared\Briblo_Screensaver_1.0.2.zip C:\Documents and Settings\gilles\Application Data\m\shared\Britney_Spears_Sex-E_Screensaver_3.zip C:\Documents and Settings\gilles\Application Data\m\shared\CD_Reader_0.8.2.zip C:\Documents and Settings\gilles\Application Data\m\shared\ChineseBuddy_2.1.1.8.zip C:\Documents and Settings\gilles\Application Data\m\shared\Codename_Eagle_1.41_patch.zip C:\Documents and Settings\gilles\Application Data\m\shared\Control_Runner_3.2.5_(Key+Serial).zip C:\Documents and Settings\gilles\Application Data\m\shared\CoolBrowser_1.0.7_beta.zip C:\Documents and Settings\gilles\Application Data\m\shared\Daily_Reminders_3.0.0.4_(Crack).zip C:\Documents and Settings\gilles\Application Data\m\shared\Des_Moines_Toolbar_1.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\Desktop_Thermometer_1.0_[Crack].zip C:\Documents and Settings\gilles\Application Data\m\shared\DICM_EXPLORE_1.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\DRRDDTM_1.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\DS_SnowFade_1.zip C:\Documents and Settings\gilles\Application Data\m\shared\Dynamic_KeywordBid_Maximizer_Overture_3.0.08.zip C:\Documents and Settings\gilles\Application Data\m\shared\E-Mail_Manager_1.0.10_(Cracked).zip C:\Documents and Settings\gilles\Application Data\m\shared\EArt_Audio_Cutter_1.90_Crack.zip C:\Documents and Settings\gilles\Application Data\m\shared\Easy_Currency_Converter_3.2.zip C:\Documents and Settings\gilles\Application Data\m\shared\Easy_RM_to_MP3_Converter_1.59.50_[Cracked].zip C:\Documents and Settings\gilles\Application Data\m\shared\EDraw_Flowchart_Software_3.1_(Cracked).zip C:\Documents and Settings\gilles\Application Data\m\shared\EL_Aurora_2.1.zip C:\Documents and Settings\gilles\Application Data\m\shared\Ewido.Security.Suite.Plus.3.5.Crack.Reg.File.Keygen.Update.Signature.zip C:\Documents and Settings\gilles\Application Data\m\shared\Exif_It_Toolbar_1.0.0.4.zip C:\Documents and Settings\gilles\Application Data\m\shared\EyeBrowse_Lite_1.29.zip C:\Documents and Settings\gilles\Application Data\m\shared\EZ_WMV_TO_RM_Converter_1.0_(KeyGen).zip C:\Documents and Settings\gilles\Application Data\m\shared\FavLoc_1.1.zip C:\Documents and Settings\gilles\Application Data\m\shared\Favorites_Finder_1.1.zip C:\Documents and Settings\gilles\Application Data\m\shared\FlipAlbum_Standard_6.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\Free_Zodiac_Screensaver_1.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\Frequent_Flyer_Friend_Qantas_Edition_2.1_(Serial).zip C:\Documents and Settings\gilles\Application Data\m\shared\GameMaker_1.1.zip C:\Documents and Settings\gilles\Application Data\m\shared\GcMail_4.0.0.2_Serial.zip C:\Documents and Settings\gilles\Application Data\m\shared\GEDitCOM_3.6.zip C:\Documents and Settings\gilles\Application Data\m\shared\Geneva_Webcams_1.2.2.zip C:\Documents and Settings\gilles\Application Data\m\shared\GIF_to_AVI_SWF_Converter_1.9.zip C:\Documents and Settings\gilles\Application Data\m\shared\gPhotoShow_Pro_3.8.2.zip C:\Documents and Settings\gilles\Application Data\m\shared\Greasemonkey_0.6.6.20061017.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\Hansaworld_FirstOffice_Start_5.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\HP0-785_Practice_Exam_Testing_Engine_Software_1.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\Imaging_Matrix_-_Manual_Indexer_2.1.0_Patch.zip C:\Documents and Settings\gilles\Application Data\m\shared\Infolock_Personal_5.01_[Crack].zip C:\Documents and Settings\gilles\Application Data\m\shared\Instant_Team_1.4_(Cracked).zip C:\Documents and Settings\gilles\Application Data\m\shared\IT_Journal_Lite_1.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\L-system_Fractal_Screen_saver_1.1_Key.zip C:\Documents and Settings\gilles\Application Data\m\shared\Law_of_Averages_-_Guide_to_Online_Roulette_1.zip C:\Documents and Settings\gilles\Application Data\m\shared\LeadingReporter_1.0.2_With_Crack.zip C:\Documents and Settings\gilles\Application Data\m\shared\Learn_Visual_C#_2005_1.0_Serial.zip C:\Documents and Settings\gilles\Application Data\m\shared\LetUknow_2.03.zip C:\Documents and Settings\gilles\Application Data\m\shared\Link_Widgets_1.5.zip C:\Documents and Settings\gilles\Application Data\m\shared\Logs2Intrusions_1.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\Mail_Access_Monitor_for_Exim_Mail_Server_3.2_(Crack).zip C:\Documents and Settings\gilles\Application Data\m\shared\Mail_Whale_2.2.zip C:\Documents and Settings\gilles\Application Data\m\shared\Mario_Forever_4.zip C:\Documents and Settings\gilles\Application Data\m\shared\Master_XP_2.03.zip C:\Documents and Settings\gilles\Application Data\m\shared\McPherran_Utilities_1.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\MindSoft_Defrag_4.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\MSSQL-to-Excel_1.5.zip C:\Documents and Settings\gilles\Application Data\m\shared\Native_Pride_And_Pleasure_1.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\Norton.AntiVirus.2004_NAV_2004.crack.zip C:\Documents and Settings\gilles\Application Data\m\shared\Norton.Antivirus.2005.+.Crack.e.istruzioni.zip C:\Documents and Settings\gilles\Application Data\m\shared\NoScript_1.1.6.12.zip C:\Documents and Settings\gilles\Application Data\m\shared\Oceans_in_Motion_3.5.zip C:\Documents and Settings\gilles\Application Data\m\shared\OPCNetListener_2.0.2.zip C:\Documents and Settings\gilles\Application Data\m\shared\OSS_Audio_Converter_6.0.0.4_KeyGen.zip C:\Documents and Settings\gilles\Application Data\m\shared\PagePopupMaker_2.1.3.zip C:\Documents and Settings\gilles\Application Data\m\shared\Panda.-.Amantes.Sunt.Amentes.zip C:\Documents and Settings\gilles\Application Data\m\shared\Panda.Antivirus.Titanium.2.04.04.zip C:\Documents and Settings\gilles\Application Data\m\shared\PC_Speed_Pro_2.zip C:\Documents and Settings\gilles\Application Data\m\shared\People_vs_Salvador_Dali_3.10_Cracked.zip C:\Documents and Settings\gilles\Application Data\m\shared\Photo_View_1.zip C:\Documents and Settings\gilles\Application Data\m\shared\PicGrabber_4.51.zip C:\Documents and Settings\gilles\Application Data\m\shared\PocketDrums_1.1.zip C:\Documents and Settings\gilles\Application Data\m\shared\Poker_Winning_Video_Downloader_Standard_4.71_KeyGen.zip C:\Documents and Settings\gilles\Application Data\m\shared\QK_SMTP_Server_3.01.zip C:\Documents and Settings\gilles\Application Data\m\shared\Quote_Organizer_Deluxe_2.3.zip C:\Documents and Settings\gilles\Application Data\m\shared\Radia_1.4.zip C:\Documents and Settings\gilles\Application Data\m\shared\Redcoal_EmailSMS_2.3.zip C:\Documents and Settings\gilles\Application Data\m\shared\RightMark_Audio_Analyzer_5.3.zip C:\Documents and Settings\gilles\Application Data\m\shared\Rip_Vinyl_3.38.zip C:\Documents and Settings\gilles\Application Data\m\shared\Sandboxie_3.00_Key+Serial.zip C:\Documents and Settings\gilles\Application Data\m\shared\SceneDraw_1.0a.zip C:\Documents and Settings\gilles\Application Data\m\shared\Screen_Saver_Streets_of_Saint_Petersburg_1.0_[KeyGen].zip C:\Documents and Settings\gilles\Application Data\m\shared\Search_Box_Gadget_1.0.0.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\SharpDevelop_2.1.0.2429_Final.zip C:\Documents and Settings\gilles\Application Data\m\shared\Shop_Booster_XS_1.0_Beta_With_Crack.zip C:\Documents and Settings\gilles\Application Data\m\shared\ShopAssist_Point_Of_Sale_System_4.98.zip C:\Documents and Settings\gilles\Application Data\m\shared\Sippax_2.3.6_(With_Crack).zip C:\Documents and Settings\gilles\Application Data\m\shared\Skype4Outlook_Toolbar_B09.30.zip C:\Documents and Settings\gilles\Application Data\m\shared\Smart_Stopper_1.5.zip C:\Documents and Settings\gilles\Application Data\m\shared\SnipeMonkey_0.9.9.135_(KeyGen).zip C:\Documents and Settings\gilles\Application Data\m\shared\Source_Editor_2.5.7.6.zip C:\Documents and Settings\gilles\Application Data\m\shared\SQL_Documentation_Tool_6.7_Serial.zip C:\Documents and Settings\gilles\Application Data\m\shared\Sunbelt_Messaging_Ninja_2.0.1957.zip C:\Documents and Settings\gilles\Application Data\m\shared\Super_Flexible_File_Synchronizer_3.13.zip C:\Documents and Settings\gilles\Application Data\m\shared\Syn_Text_Editor_3.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\The_Sims_2_Tortoise_Shell_Glasses_skin.zip C:\Documents and Settings\gilles\Application Data\m\shared\TimeZone_Firefox_Add-on_0.2.zip C:\Documents and Settings\gilles\Application Data\m\shared\Toolbar_Buttons_0.4.1.6.zip C:\Documents and Settings\gilles\Application Data\m\shared\TZ_Connection_Booster_Wizard_4.0.0.0.zip C:\Documents and Settings\gilles\Application Data\m\shared\Unreal_Tournament_2003_-_Pulsar_A_skin.zip C:\Documents and Settings\gilles\Application Data\m\shared\Unreal_Tournament_2004_BR_Anima_Ex_Machina_Map.zip C:\Documents and Settings\gilles\Application Data\m\shared\VAS_Free_System_Tools_1.0.1.zip C:\Documents and Settings\gilles\Application Data\m\shared\Webster's_German-English_Hangman_1.zip C:\Documents and Settings\gilles\Application Data\m\shared\WinConverter_2.1.zip C:\Documents and Settings\gilles\Application Data\m\shared\xatshow_7.50_Crack.zip C:\Documents and Settings\gilles\Application Data\m\srvlist.oct C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\pack.epk C:\WINDOWS\system32\ban_list.txt C:\WINDOWS\system32\drivers\downld C:\WINDOWS\system32\drivers\downld\1459421.exe C:\WINDOWS\system32\drivers\downld\1461421.exe C:\WINDOWS\system32\drivers\downld\1601078.exe C:\WINDOWS\system32\drivers\downld\1616156.exe C:\WINDOWS\system32\drivers\downld\1625921.exe C:\WINDOWS\system32\drivers\downld\1644093.exe C:\WINDOWS\system32\drivers\downld\1656921.exe C:\WINDOWS\system32\drivers\downld\1662031.exe C:\WINDOWS\system32\drivers\downld\1683031.exe C:\WINDOWS\system32\drivers\downld\1896687.exe C:\WINDOWS\system32\drivers\downld\1911671.exe C:\WINDOWS\system32\drivers\downld\2388281.exe C:\WINDOWS\system32\drivers\downld\2399828.exe C:\WINDOWS\system32\drivers\downld\2408500.exe C:\WINDOWS\system32\drivers\downld\2433203.exe C:\WINDOWS\system32\drivers\downld\2441093.exe C:\WINDOWS\system32\drivers\downld\2566656.exe C:\WINDOWS\system32\drivers\downld\2785718.exe C:\WINDOWS\system32\drivers\downld\2807500.exe C:\WINDOWS\system32\drivers\hldrrr.exe C:\WINDOWS\system32\drivers\mdelk.exe C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\kvxtfnhx.dat C:\WINDOWS\system32\kvxtfnhx_navup.dat C:\WINDOWS\system32\mdelk.exe C:\WINDOWS\system32\wintems.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))))))) . 2008-07-20 17:02 . 2008-07-20 17:02 401,720 --a------ C:\Program Files\diag.exe 2008-07-20 16:44 . 2008-07-20 16:47 <REP> d-------- C:\Documents and Settings\Invité\Application Data\MEGAUPLOADTOOLBAR 2008-07-20 16:43 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage réseau 2008-07-20 16:43 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage réseau 2008-07-20 16:43 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage d'impression 2008-07-20 16:43 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage d'impression 2008-07-20 16:43 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Invité\Modèles 2008-07-20 16:43 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Invité\Modèles 2008-07-20 16:43 . 2008-07-20 16:43 <REP> dr------- C:\Documents and Settings\Invité\Mes documents 2008-07-20 16:43 . 2008-07-20 16:43 <REP> dr------- C:\Documents and Settings\Invité\Mes documents 2008-07-20 16:43 . 2004-08-16 18:55 <REP> dr------- C:\Documents and Settings\Invité\Menu Démarrer 2008-07-20 16:43 . 2004-08-16 18:55 <REP> dr------- C:\Documents and Settings\Invité\Menu Démarrer 2008-07-20 16:43 . 2008-07-20 16:44 <REP> dr------- C:\Documents and Settings\Invité\Favoris 2008-07-20 16:43 . 2008-07-20 16:44 <REP> dr------- C:\Documents and Settings\Invité\Favoris 2008-07-20 16:43 . 2008-07-20 16:43 <REP> dr------- C:\Documents and Settings\Invité\Bureau 2008-07-20 16:43 . 2008-07-20 16:43 <REP> dr------- C:\Documents and Settings\Invité\Bureau 2008-07-20 16:43 . 2006-01-07 16:35 <REP> d-------- C:\Documents and Settings\Invité\Application Data\You've Got Pictures Screensaver 2008-07-20 16:43 . 2006-01-07 16:28 <REP> d-------- C:\Documents and Settings\Invité\Application Data\Symantec 2008-07-20 16:43 . 2008-07-20 16:43 <REP> d-------- C:\Documents and Settings\Invité 2008-07-20 14:44 . 2008-07-20 14:44 <REP> d-------- C:\Program Files\Alwil Software 2008-07-19 17:46 . 2008-07-20 11:41 <REP> d-------- C:\Documents and Settings\gilles\.housecall6.6 2008-07-19 15:34 . 2008-07-19 15:34 <REP> d-------- C:\Documents and Settings\gilles\Application Data\Malwarebytes 2008-07-19 15:34 . 2008-07-19 15:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-19 15:00 . 2008-07-19 15:00 <REP> d-------- C:\WINDOWS\AU_Temp 2008-07-18 23:28 . 2008-07-19 11:30 <REP> d-------- C:\WINDOWS\report 2008-07-18 23:28 . 2008-07-19 11:29 <REP> d-------- C:\WINDOWS\AU_Backup 2008-07-18 23:28 . 2008-07-18 23:28 1,962,632 --a------ C:\WINDOWS\tsc.ptn 2008-07-18 23:28 . 2008-07-19 11:32 1,213,784 --a------ C:\WINDOWS\vsapi32.dll 2008-07-18 23:28 . 2008-07-18 23:28 333,576 --a------ C:\WINDOWS\TSC.exe 2008-07-18 23:28 . 2008-07-19 11:32 91,744 --a------ C:\WINDOWS\BPMNT.dll 2008-07-18 23:28 . 2008-07-18 23:28 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2008-07-18 23:28 . 2008-07-19 15:00 823 --a------ C:\WINDOWS\tsc.ini 2008-07-18 23:27 . 2008-07-18 23:28 25,410,421 --a------ C:\WINDOWS\VPTNFILE.417 2008-07-18 23:22 . 2008-07-18 23:22 <REP> d-------- C:\WINDOWS\AU_Log 2008-07-18 23:22 . 2008-07-18 23:22 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2008-07-18 23:22 . 2008-07-18 23:22 286,720 --a------ C:\WINDOWS\PATCH.EXE 2008-07-18 23:22 . 2008-07-18 23:22 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2008-07-18 23:22 . 2008-07-19 15:00 170 --a------ C:\WINDOWS\GetServer.ini 2008-07-14 15:53 . 2008-07-14 16:38 163 --a------ C:\WINDOWS\Graphex3.ini 2008-07-14 15:52 . 2008-07-14 15:52 <REP> d-------- C:\Program Files\Graphex3 2008-07-14 15:52 . 1999-03-23 09:12 304,128 --a------ C:\WINDOWS\unin040c.exe 2008-06-20 19:41 . 2008-06-20 19:41 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 12:44 . 2008-06-20 12:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 11:55 . 2008-06-20 11:55 <REP> d-------- C:\WINDOWS\system32\VirginMega 2008-06-20 11:55 . 2008-07-18 15:41 <REP> d-------- C:\Program Files\VirginMega . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-20 15:54 --------- d-----w C:\Documents and Settings\gilles\Application Data\OpenOffice.org2 2008-07-20 15:32 --------- d-----w C:\Documents and Settings\gilles\Application Data\MegauploadToolbar 2008-07-20 15:04 10,037 ----a-w C:\Program Files\hijackthis.log 2008-07-20 08:28 32,768 -c--a-w C:\WINDOWS\system32\instlsp.exe 2008-07-19 21:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-07-19 16:27 --------- d-----w C:\Program Files\Java 2008-07-19 07:18 --------- d-----w C:\Program Files\Juice 2008-07-19 07:17 --------- d-----w C:\Program Files\eMule 2008-07-18 17:44 --------- d-----w C:\Program Files\Ripp-it_AM 2008-07-18 10:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-07-11 16:12 --------- d-----w C:\Documents and Settings\gilles\Application Data\Vso 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-19 16:41 --------- d-----w C:\Program Files\MegauploadToolbar 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2006-11-23 19:04 81,920 -c--a-w C:\Documents and Settings\gilles\Application Data\ezpinst.exe 2006-11-23 19:04 47,360 -c--a-w C:\Documents and Settings\gilles\Application Data\pcouffin.sys 2007-03-14 21:55 56 -csh--r C:\WINDOWS\system32\AAB172B449.sys 2007-03-14 21:55 10,022 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 16:56 1957888] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2006-10-27 02:10 684032] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:07 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 15:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-07-28 22:29 102400] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-05-11 22:03 708697] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48 127118] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-07 16:26 180269] "Pop-Up Stopper"="C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe" [2003-01-14 01:43 868352] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "SiSPower"="SiSPower.dll" [2005-07-13 03:55 49152 C:\WINDOWS\system32\SiSPower.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360] C:\Documents and Settings\gilles\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56 393216] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:56 65588] Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-19 20:36:19 125624] Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2006-01-07 16:09:31 262144] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "VIDC.MJPG"= pvmjpg21.dll "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll "vidc.yv12"= yv12vfw.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"= "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"= "C:\\Program Files\\AOL 9.0\\waol.exe"= "C:\\Program Files\\AOL 9.0\\aol.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\APPS\\Inventime\\my.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\APPS\\skype\\phone\\Skype.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\APPS\\Powercinema\\PowerCinema.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2005-06-22 15:50] R3 ZD1211U(ASUS);ASUS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ASUS);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-09-08 10:41] S3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-28 11:13] S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 17:43] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-07-15 08:13:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2006-05-10 17:28:39 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2006-05-10 17:28:39 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2006-05-10 17:28:39 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe . - - - - ORPHANS REMOVED - - - - HKCU-Run-PowerBar - \PowerBar.exe HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe HKLM-Run-EPSON Stylus DX3800 Series - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-20 18:01:48 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySqlInventime] "ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime" . ------------------------ Other Running Processes ------------------------ . C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\APPS\HIDSERVICE\HidService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\APPS\Powercinema\Kernel\TV\CLSched.exe . ************************************************************************** . Temps d'accomplissement: 2008-07-20 18:07:16 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-20 16:06:34 Pre-Run: 18,239,352,832 octets libres Post-Run: 18,343,854,080 octets libres 374 --- E O F --- 2008-07-09 16:37:25
  19. JM04
    Voici le rapport, merci de votre aide : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:04:37, on 20/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\gilles\Application Data\m\flec006.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\WINDOWS\system32\winlogon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\diag.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [PowerBar] "\PowerBar.exe" /AtBootTime O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-3674338846-2282021334-2114468751-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Invité') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O15 - Trusted Zone: http://www.clubic.com O15 - Trusted Zone: http://www.java.com O15 - Trusted Zone: http://housecall65.trendmicro.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/R...rod/DownMan.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 10035 bytes
×
×
  • Créer...