Aller au contenu

azdare

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    34

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par azdare

  1. azdare
    Desole je me suis melange les pinceaux voici le rapport hijackthis merci!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:52:27, on 06/09/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\RayV\RayV\RayV.exe C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.241.125.226:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: WirelessSelector.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe -- End of file - 7674 bytes
  2. azdare
    alors voici ci dessous le rapport COMBOFix ComboFix 08-09-05.02 - azdare 2008-09-06 22:33:25.2 - NTFSx86 Microsoft® Windows Vista™ Professionnel 6.0.6000.0.1252.1.1036.18.379 [GMT 1:00] Endroit: C:\Users\azdare\Desktop\ComboFix.exe Command switches used :: C:\Users\azdare\Desktop\CFScript.txt * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\qvkrudap . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))))))) . Pas de nouveau fichier cr‚‚ dans cet espace de temps . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-06 21:23 --------- d-----w C:\Users\azdare\AppData\Roaming\Azureus 2008-09-06 17:32 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-09-06 17:23 --------- d-----w C:\ProgramData\Microsoft Help 2008-09-05 22:35 --------- d-----w C:\Program Files\RayV 2008-09-04 22:20 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-09-04 19:23 --------- d-----w C:\Program Files\Java 2008-09-04 17:51 --------- d-----w C:\ProgramData\Avira 2008-09-04 17:51 --------- d-----w C:\Program Files\Avira 2008-09-04 16:57 --------- d-----w C:\Users\azdare\AppData\Roaming\Malwarebytes 2008-09-04 16:57 --------- d-----w C:\ProgramData\Malwarebytes 2008-09-04 16:57 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-09-01 23:16 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys 2008-09-01 23:16 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-08-31 09:02 --------- d-----w C:\Program Files\McAfee 2008-08-30 09:52 --------- d-----w C:\ProgramData\McAfee 2008-08-21 18:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-19 22:12 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-19 16:39 --------- d-----w C:\Users\azdare\AppData\Roaming\RayV 2008-08-17 11:47 --------- d-----w C:\Program Files\Winamp 2008-08-16 20:54 --------- d-----w C:\Program Files\WebTV 2008-08-16 20:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-16 20:16 --------- d-----w C:\Program Files\Common Files\Xstream 2008-08-16 19:32 --------- d-----w C:\Program Files\DivX 2008-08-16 11:36 --------- d-----w C:\ProgramData\TVU Networks 2008-08-16 11:36 --------- d-----w C:\Program Files\TVUPlayer 2008-08-13 22:37 --------- d-----w C:\Program Files\Windows Mail 2008-08-09 19:03 --------- d-----w C:\Program Files\TVAnts 2008-08-09 18:59 --------- d-----w C:\Program Files\SopCast 2008-08-09 09:56 --------- d-----w C:\Program Files\Apple Software Update 2008-08-09 09:55 --------- d-----w C:\Program Files\iTunes 2008-08-09 09:54 --------- d-----w C:\Program Files\iPod 2008-07-18 20:57 --------- d-----w C:\Program Files\CCleaner 2008-07-14 18:09 --------- d-----w C:\Program Files\Trend Micro 2008-07-13 12:09 174 --sha-w C:\Program Files\desktop.ini 2008-07-12 11:02 --------- d-----w C:\Program Files\QuickTime 2008-07-10 17:46 --------- d-----w C:\Users\azdare\AppData\Roaming\uTorrent 2008-07-07 18:32 --------- d-----w C:\Program Files\Download Direct 2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-02-05 15:20 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-02-05 15:20 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-02-05 15:20 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-09-06_17.37.34.71 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-06 16:31:40 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-09-06 21:43:11 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-09-06 21:43:11 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-09-06 16:31:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-09-06 21:43:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-09-06 21:43:11 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-09-06 14:32:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-09-06 19:41:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-09-06 14:32:35 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-09-06 19:41:50 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-09-06 14:32:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-09-06 19:41:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-09-03 21:31:22 371,312 ----a-w C:\Windows\System32\FNTCACHE.DAT + 2008-09-06 17:26:13 367,592 ----a-w C:\Windows\System32\FNTCACHE.DAT - 2008-09-04 19:06:10 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2008-09-06 17:25:02 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT - 2008-09-06 16:19:49 11,448 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3438326428-904574685-394746558-1000_UserData.bin + 2008-09-06 21:30:52 11,916 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3438326428-904574685-394746558-1000_UserData.bin - 2008-09-06 16:19:49 50,680 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-09-06 21:30:52 50,982 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-09-06 16:19:41 46,046 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-09-06 21:30:47 46,330 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "RayV"="C:\Program Files\RayV\RayV\RayV.exe" [2008-08-31 3708200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-06 180269] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-17 1295656] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 36640] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ WirelessSelector.lnk - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe [2007-12-02 650752] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A2619507-F35A-4156-90F5-BD9B3B767B2D}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{473CE743-059C-4F26-AA35-2E5F7BE3DDA1}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{A0F135A8-6BCE-4C5E-9DAA-153D20E4B5B5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{7274B160-0A46-4ABE-BDBA-8A02C33AF246}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{BD0AF089-AD95-43FD-A8D4-DDEF1FE34CF5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{F5E48BD0-4AE5-4427-B3E3-E3F16C4FC4C4}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{4BB09C9B-6185-4DE7-ADFD-F44C8800FB87}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{622500BF-FB5E-4456-A2DD-B9F0937C8452}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{362DB49A-EE33-41BF-8FF6-AAA0127B079B}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{519FA5ED-4591-4E1B-968D-CD32CF9461E3}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{0D23B2FE-B6EE-42AC-9996-E8EF808C0CC7}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{6C018C8C-31B5-4C90-BB58-9C98F24B2E34}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{564EA501-1D82-491F-AA65-171345E9BBF0}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver "{4661956D-E0EA-4294-AE73-2B3EDC047652}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent "{18C2C736-7B66-4422-B182-CB6DCB176796}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{59D866B5-A44A-47B2-87BA-F49D9F040220}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{CD75C61F-C681-4137-AF62-C7497A2C935D}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{27E1A093-9E08-4B04-8B40-8DC546CFA61F}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{4008BE86-7AFA-4D8D-8A88-0502046F7E10}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{02D8F467-0D00-4285-9219-6CC5BB71FA54}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{4B47F0A5-7CD2-4EFB-95E6-76E0A4AC146B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{9E50C529-4F32-4033-A015-E1526A760A10}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{4C380E3C-5CF2-453B-B80F-D21DA0D017CA}"= UDP:C:\Program Files\RayV\RayV\RayV.exe:RayV "{28FBB77B-D888-4FAC-9D55-8363A5C546B5}"= TCP:C:\Program Files\RayV\RayV\RayV.exe:RayV "{AE3F7369-4DED-46EE-BC83-E90328A7E622}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{85C97E40-5537-43A7-917B-2DB421CE31B2}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{8599F6CC-B857-464B-969F-4DCFC264B227}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{5CDA125E-2D1E-4D89-9F5A-2AAD6FD55C50}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-06 22:43:19 Windows 6.0.6000 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\SiteAdvisor\6253\saHook.dll -> ?:\Windows\system32\urlmon.dll . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe C:\Windows\System32\conime.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Temps d'accomplissement: 2008-09-06 22:49:27 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-06 21:49:03 ComboFix2.txt 2008-09-06 16:39:15 Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application. Post-Run: 47,490,289,664 octets libres 199 --- E O F --- 2008-09-04 19:36:57 et bien sur le rapport hijackthis merci!! ComboFix 08-09-05.02 - azdare 2008-09-06 22:33:25.2 - NTFSx86 Microsoft® Windows Vista™ Professionnel 6.0.6000.0.1252.1.1036.18.379 [GMT 1:00] Endroit: C:\Users\azdare\Desktop\ComboFix.exe Command switches used :: C:\Users\azdare\Desktop\CFScript.txt * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\qvkrudap . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))))))) . Pas de nouveau fichier cr‚‚ dans cet espace de temps . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-06 21:23 --------- d-----w C:\Users\azdare\AppData\Roaming\Azureus 2008-09-06 17:32 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-09-06 17:23 --------- d-----w C:\ProgramData\Microsoft Help 2008-09-05 22:35 --------- d-----w C:\Program Files\RayV 2008-09-04 22:20 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-09-04 19:23 --------- d-----w C:\Program Files\Java 2008-09-04 17:51 --------- d-----w C:\ProgramData\Avira 2008-09-04 17:51 --------- d-----w C:\Program Files\Avira 2008-09-04 16:57 --------- d-----w C:\Users\azdare\AppData\Roaming\Malwarebytes 2008-09-04 16:57 --------- d-----w C:\ProgramData\Malwarebytes 2008-09-04 16:57 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-09-01 23:16 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys 2008-09-01 23:16 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-08-31 09:02 --------- d-----w C:\Program Files\McAfee 2008-08-30 09:52 --------- d-----w C:\ProgramData\McAfee 2008-08-21 18:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-19 22:12 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-19 16:39 --------- d-----w C:\Users\azdare\AppData\Roaming\RayV 2008-08-17 11:47 --------- d-----w C:\Program Files\Winamp 2008-08-16 20:54 --------- d-----w C:\Program Files\WebTV 2008-08-16 20:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-16 20:16 --------- d-----w C:\Program Files\Common Files\Xstream 2008-08-16 19:32 --------- d-----w C:\Program Files\DivX 2008-08-16 11:36 --------- d-----w C:\ProgramData\TVU Networks 2008-08-16 11:36 --------- d-----w C:\Program Files\TVUPlayer 2008-08-13 22:37 --------- d-----w C:\Program Files\Windows Mail 2008-08-09 19:03 --------- d-----w C:\Program Files\TVAnts 2008-08-09 18:59 --------- d-----w C:\Program Files\SopCast 2008-08-09 09:56 --------- d-----w C:\Program Files\Apple Software Update 2008-08-09 09:55 --------- d-----w C:\Program Files\iTunes 2008-08-09 09:54 --------- d-----w C:\Program Files\iPod 2008-07-18 20:57 --------- d-----w C:\Program Files\CCleaner 2008-07-14 18:09 --------- d-----w C:\Program Files\Trend Micro 2008-07-13 12:09 174 --sha-w C:\Program Files\desktop.ini 2008-07-12 11:02 --------- d-----w C:\Program Files\QuickTime 2008-07-10 17:46 --------- d-----w C:\Users\azdare\AppData\Roaming\uTorrent 2008-07-07 18:32 --------- d-----w C:\Program Files\Download Direct 2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-02-05 15:20 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-02-05 15:20 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-02-05 15:20 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-09-06_17.37.34.71 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-06 16:31:40 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-09-06 21:43:11 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-09-06 21:43:11 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-09-06 16:31:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-09-06 21:43:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-09-06 21:43:11 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-09-06 14:32:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-09-06 19:41:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-09-06 14:32:35 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-09-06 19:41:50 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-09-06 14:32:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-09-06 19:41:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-09-03 21:31:22 371,312 ----a-w C:\Windows\System32\FNTCACHE.DAT + 2008-09-06 17:26:13 367,592 ----a-w C:\Windows\System32\FNTCACHE.DAT - 2008-09-04 19:06:10 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2008-09-06 17:25:02 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT - 2008-09-06 16:19:49 11,448 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3438326428-904574685-394746558-1000_UserData.bin + 2008-09-06 21:30:52 11,916 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3438326428-904574685-394746558-1000_UserData.bin - 2008-09-06 16:19:49 50,680 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-09-06 21:30:52 50,982 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-09-06 16:19:41 46,046 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-09-06 21:30:47 46,330 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "RayV"="C:\Program Files\RayV\RayV\RayV.exe" [2008-08-31 3708200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-06 180269] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-17 1295656] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 36640] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ WirelessSelector.lnk - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe [2007-12-02 650752] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A2619507-F35A-4156-90F5-BD9B3B767B2D}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{473CE743-059C-4F26-AA35-2E5F7BE3DDA1}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{A0F135A8-6BCE-4C5E-9DAA-153D20E4B5B5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{7274B160-0A46-4ABE-BDBA-8A02C33AF246}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{BD0AF089-AD95-43FD-A8D4-DDEF1FE34CF5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{F5E48BD0-4AE5-4427-B3E3-E3F16C4FC4C4}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{4BB09C9B-6185-4DE7-ADFD-F44C8800FB87}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{622500BF-FB5E-4456-A2DD-B9F0937C8452}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{362DB49A-EE33-41BF-8FF6-AAA0127B079B}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{519FA5ED-4591-4E1B-968D-CD32CF9461E3}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{0D23B2FE-B6EE-42AC-9996-E8EF808C0CC7}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{6C018C8C-31B5-4C90-BB58-9C98F24B2E34}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{564EA501-1D82-491F-AA65-171345E9BBF0}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver "{4661956D-E0EA-4294-AE73-2B3EDC047652}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent "{18C2C736-7B66-4422-B182-CB6DCB176796}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{59D866B5-A44A-47B2-87BA-F49D9F040220}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{CD75C61F-C681-4137-AF62-C7497A2C935D}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{27E1A093-9E08-4B04-8B40-8DC546CFA61F}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{4008BE86-7AFA-4D8D-8A88-0502046F7E10}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{02D8F467-0D00-4285-9219-6CC5BB71FA54}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{4B47F0A5-7CD2-4EFB-95E6-76E0A4AC146B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{9E50C529-4F32-4033-A015-E1526A760A10}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{4C380E3C-5CF2-453B-B80F-D21DA0D017CA}"= UDP:C:\Program Files\RayV\RayV\RayV.exe:RayV "{28FBB77B-D888-4FAC-9D55-8363A5C546B5}"= TCP:C:\Program Files\RayV\RayV\RayV.exe:RayV "{AE3F7369-4DED-46EE-BC83-E90328A7E622}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{85C97E40-5537-43A7-917B-2DB421CE31B2}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{8599F6CC-B857-464B-969F-4DCFC264B227}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{5CDA125E-2D1E-4D89-9F5A-2AAD6FD55C50}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-06 22:43:19 Windows 6.0.6000 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\SiteAdvisor\6253\saHook.dll -> ?:\Windows\system32\urlmon.dll . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe C:\Windows\System32\conime.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Temps d'accomplissement: 2008-09-06 22:49:27 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-06 21:49:03 ComboFix2.txt 2008-09-06 16:39:15 Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application. Post-Run: 47,490,289,664 octets libres 199 --- E O F --- 2008-09-04 19:36:57
  3. azdare
    excuse moi je tenvois le bon rapport malwarebytes pour la deuxieme manoeuvre je vais la faire et je te tiens au courant merci!!! Malwarebytes' Anti-Malware 1.26 Version de la base de données: 1112 Windows 6.0.6000 04/09/2008 18:47:21 mbam-log-2008-09-04 (18-47-21).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 106117 Temps écoulé: 42 minute(s), 22 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 13 Valeur(s) du Registre infectée(s): 6 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 22 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{794cc7d6-0346-432e-ab3f-ead6a9ac4fe3} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3c2f7072-1013-4973-bad4-2599c2cdd381} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{53a2962f-87f9-4bcb-88a4-c21fd3087232} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07c5cf0d-d917-4533-9e6a-2b01db8dacc8} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{16d3a5c1-da2f-4a3f-9308-c0a88b87d27f} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6c093b7f-fa00-47a4-9327-145f0d04c1e2} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bc287897-af8a-4347-ac3f-6f64c057c245} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c409e78e-3968-48ad-ba75-277af85bc629} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d075cd33-0c27-4cb3-a262-61b1d343ca38} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\gksraemq.bswm (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie4da6.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie592b.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\run (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Installer (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\xrdwbfgn (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\dgksvbpn (Trojan.FakeAlert) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Users\azdare\AppData\Roaming\Microsoft\dtsc (Trojan.Agent) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Windows\System32\VIE4DA6.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\System32\VIE592B.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\WinRAR\Unipatch.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\azdare\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00037a (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\azdare\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00037b (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\evnr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\azdare\AppData\Roaming\Microsoft\dtsc\s (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\MSA.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully. C:\Users\azdare\AppData\Roaming\Adobe\Manager.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\azdare\AppData\Local\Temp\HDVideodll_ver1.6123.0.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\tdssadw.dll (Trojan.Agent) -> Delete on reboot. C:\Windows\System32\tdssl.dll (Trojan.Agent) -> Delete on reboot. C:\Windows\System32\tdssserf.dll (Trojan.Agent) -> Delete on reboot. C:\Windows\System32\tdssmain.dll (Trojan.Agent) -> Delete on reboot. C:\Windows\System32\tdssinit.dll (Trojan.Agent) -> Delete on reboot. C:\Windows\System32\tdsslog.dll (Trojan.Agent) -> Delete on reboot. C:\Windows\System32\tdssservers.dat (Trojan.Agent) -> Delete on reboot. C:\Windows\System32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot. C:\Windows\vanwxemgvdp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\xrdwbfgn.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\sxmaokgf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\azdare\AppData\Local\Temp\lwpwer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  4. azdare
    derniere nouvelle de google chrome L'autorité allemande de sûreté des techniques d'information (BSI) a mis en garde les consommateurs contre le nouveau navigateur lancé par le géant de l'internet Google, baptisé «Chrome», en recommandant son usage dans des cas limités. «Google Chrome ne doit pas être employé pour un usage d'ordre général», a déclaré un porte-parole de l'autorité fédérale, Matthias Gärtner, dans le quotidien Berliner Zeitung paru samedi. Chrome est certes «pratique» mais son utilisation est «critique» parce que le programme en est à une phase de test, qu'il n'est donc pas mûr et parce que Google a la frénésie du stockage d'informations, a estimé le porte-parole. Quand un consommateur utilise le navigateur Chrome, le géant de l'internet Google peut lire les adresses consultées. «Pour des raisons de sécurité technique, l'accumulation de données par un fournisseur pose problème», a estimé M. Gärtner. Google a officiellement lancé mardi son nouveau navigateur, Chrome, qu'il présente comme plus rapide et plus sûr que le leader du secteur, le moteur de recherche Internet Explorer, de Microsoft. Il a été mis en ligne gratuitement. Chrome était mardi immédiatement téléchargeable dans une version expérimentale (bêta), accessible en 43 langues et dans 122 pays. Plusieurs innovations de Chrome ont été particulièrement saluées, comme le dispositif permettant d'isoler la consultation de chaque site, de telle sorte qu'un problème rencontré sur une page web n'oblige pas à fermer de façon simultanée toutes les autres pages en cours de consultation. Les premiers utilisateurs ont également apprécié la vitesse du navigateur, et la fenêtre unique permettant d'afficher à la fois l'adresse du site visité et de taper une recherche, ainsi que la fonction «Incognito» permettant de visiter un site internet sans en laisser la trace sur l'ordinateur.
  5. azdare
    voila le rapport combo ci dessus ComboFix 08-09-05.02 - azdare 2008-09-06 17:23:41.1 - NTFSx86 Microsoft® Windows Vista™ Professionnel 6.0.6000.0.1252.1.1036.18.242 [GMT 1:00] Endroit: C:\Users\azdare\Desktop\ComboFix.exe * Resident AV is active . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat C:\Users\azdare\AppData\Roaming\Adobe\crc.dat C:\Windows\msnimport.exe C:\Windows\system32\drivers\npf.sys C:\Windows\system32\packet.dll C:\Windows\system32\wpcap.dll ----- BITS: Possible sites infect‚s ----- http://theinstalls.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV -------\Service_NPF -------\Service_TDSSserv ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))))))) . Pas de nouveau fichier cr‚‚ dans cet espace de temps . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-05 23:30 --------- d-----w C:\Users\azdare\AppData\Roaming\Azureus 2008-09-05 22:35 --------- d-----w C:\Program Files\RayV 2008-09-04 22:20 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-09-04 20:32 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-09-04 19:23 --------- d-----w C:\Program Files\Java 2008-09-04 17:51 --------- d-----w C:\ProgramData\Avira 2008-09-04 17:51 --------- d-----w C:\Program Files\Avira 2008-09-04 16:57 --------- d-----w C:\Users\azdare\AppData\Roaming\Malwarebytes 2008-09-04 16:57 --------- d-----w C:\ProgramData\Malwarebytes 2008-09-04 16:57 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-09-01 23:16 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys 2008-09-01 23:16 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-08-31 09:02 --------- d-----w C:\Program Files\McAfee 2008-08-30 09:52 --------- d-----w C:\ProgramData\McAfee 2008-08-21 18:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-19 22:12 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-19 16:39 --------- d-----w C:\Users\azdare\AppData\Roaming\RayV 2008-08-17 11:47 --------- d-----w C:\Program Files\Winamp 2008-08-16 20:54 --------- d-----w C:\Program Files\WebTV 2008-08-16 20:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-16 20:16 --------- d-----w C:\Program Files\Common Files\Xstream 2008-08-16 19:32 --------- d-----w C:\Program Files\DivX 2008-08-16 11:36 --------- d-----w C:\ProgramData\TVU Networks 2008-08-16 11:36 --------- d-----w C:\Program Files\TVUPlayer 2008-08-13 22:45 --------- d-----w C:\ProgramData\Microsoft Help 2008-08-13 22:37 --------- d-----w C:\Program Files\Windows Mail 2008-08-09 19:03 --------- d-----w C:\Program Files\TVAnts 2008-08-09 18:59 --------- d-----w C:\Program Files\SopCast 2008-08-09 09:56 --------- d-----w C:\Program Files\Apple Software Update 2008-08-09 09:55 --------- d-----w C:\Program Files\iTunes 2008-08-09 09:54 --------- d-----w C:\Program Files\iPod 2008-07-18 20:57 --------- d-----w C:\Program Files\CCleaner 2008-07-14 18:09 --------- d-----w C:\Program Files\Trend Micro 2008-07-13 12:09 174 --sha-w C:\Program Files\desktop.ini 2008-07-12 11:02 --------- d-----w C:\Program Files\QuickTime 2008-07-11 17:53 --------- d-----w C:\ProgramData\qvkrudap 2008-07-10 17:46 --------- d-----w C:\Users\azdare\AppData\Roaming\uTorrent 2008-07-07 18:32 --------- d-----w C:\Program Files\Download Direct 2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-02-05 15:20 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-02-05 15:20 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-02-05 15:20 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\azdare\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-02 133104] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "RayV"="C:\Program Files\RayV\RayV\RayV.exe" [2008-08-31 3708200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-06 180269] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-17 1295656] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 36640] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ WirelessSelector.lnk - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe [2007-12-02 650752] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A2619507-F35A-4156-90F5-BD9B3B767B2D}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{473CE743-059C-4F26-AA35-2E5F7BE3DDA1}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{A0F135A8-6BCE-4C5E-9DAA-153D20E4B5B5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{7274B160-0A46-4ABE-BDBA-8A02C33AF246}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{BD0AF089-AD95-43FD-A8D4-DDEF1FE34CF5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{F5E48BD0-4AE5-4427-B3E3-E3F16C4FC4C4}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{4BB09C9B-6185-4DE7-ADFD-F44C8800FB87}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{622500BF-FB5E-4456-A2DD-B9F0937C8452}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{362DB49A-EE33-41BF-8FF6-AAA0127B079B}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{519FA5ED-4591-4E1B-968D-CD32CF9461E3}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{0D23B2FE-B6EE-42AC-9996-E8EF808C0CC7}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{6C018C8C-31B5-4C90-BB58-9C98F24B2E34}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{564EA501-1D82-491F-AA65-171345E9BBF0}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver "{4661956D-E0EA-4294-AE73-2B3EDC047652}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent "{18C2C736-7B66-4422-B182-CB6DCB176796}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{59D866B5-A44A-47B2-87BA-F49D9F040220}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{CD75C61F-C681-4137-AF62-C7497A2C935D}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{27E1A093-9E08-4B04-8B40-8DC546CFA61F}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{4008BE86-7AFA-4D8D-8A88-0502046F7E10}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{02D8F467-0D00-4285-9219-6CC5BB71FA54}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{7DAD4645-DBD8-4BDE-BBE6-ECA21C631996}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{4B47F0A5-7CD2-4EFB-95E6-76E0A4AC146B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{9E50C529-4F32-4033-A015-E1526A760A10}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{4C380E3C-5CF2-453B-B80F-D21DA0D017CA}"= UDP:C:\Program Files\RayV\RayV\RayV.exe:RayV "{28FBB77B-D888-4FAC-9D55-8363A5C546B5}"= TCP:C:\Program Files\RayV\RayV\RayV.exe:RayV "{AE3F7369-4DED-46EE-BC83-E90328A7E622}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{85C97E40-5537-43A7-917B-2DB421CE31B2}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{8599F6CC-B857-464B-969F-4DCFC264B227}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{5CDA125E-2D1E-4D89-9F5A-2AAD6FD55C50}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' . - - - - ORPHANS REMOVED - - - - HKCU-Run-lazfldca - C:\Windows\system32\arobafwh.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\azdare\AppData\Roaming\Mozilla\Firefox\Profiles\c2110aqy.default\ FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\RayV\RayV\RayVExtension@RayV.com\plugins\nprayvplugin.dll FF -: plugin - C:\Users\azdare\AppData\Local\Google\Update\1.2.131.11\npGoogleOneClick5.dll FF -: plugin - C:\Users\azdare\AppData\Roaming\Mozilla\Firefox\Profiles\c2110aqy.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-06 17:31:49 Windows 6.0.6000 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\SiteAdvisor\6253\saHook.dll . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Windows\System32\wbem\unsecapp.exe C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe C:\Windows\System32\conime.exe . ************************************************************************** . Temps d'accomplissement: 2008-09-06 17:39:11 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-06 16:38:47 Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application. Post-Run: 49,247,576,064 octets libres 198 --- E O F --- 2008-09-04 19:36:57 et enfin le rapport hijackthis merci!!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:24:24, on 04/09/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\WinRAR\WinRAR.exe C:\Users\azdare\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\azdare\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Users\azdare\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.241.125.226:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O3 - Toolbar: gksraemq - {F661BA6B-FAF4-4165-A701-F65A7585AC91} - C:\Windows\gksraemq.dll (file missing) O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [\VIE4DA6.exe] C:\Windows\System32\VIE4DA6.exe O4 - HKLM\..\Run: [\VIE592B.exe] C:\Windows\System32\VIE592B.exe O4 - HKCU\..\Run: [lazfldca] C:\Windows\system32\arobafwh.exe O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Users\azdare\AppData\Roaming\Microsoft\dtsc\6687.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background O4 - HKCU\..\Run: [Google Update] "C:\Users\azdare\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Run] "C:\Users\azdare\AppData\Roaming\Adobe\Manager.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O21 - SSODL: dgksvbpn - {E49D58FE-C8E6-4A15-A8EF-37582F79A191} - C:\Windows\dgksvbpn.dll (file missing) O21 - SSODL: xrdwbfgn - {07C5CF0D-D917-4533-9E6A-2B01DB8DACC8} - C:\Windows\xrdwbfgn.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe -- End of file - 7335 bytes
  6. azdare
    salut le sioux je te poste le rapport malware ci dessous, ensuite je vais faire combo et je te tiens au courant. Merci Malwarebytes' Anti-Malware 1.26 Version de la base de données: 1119 Windows 6.0.6000 06/09/2008 17:09:57 mbam-log-2008-09-06 (17-09-57).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 100810 Temps écoulé: 1 hour(s), 41 minute(s), 13 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  7. azdare
    Salut a tous en telechargeant un programme je me suis chope msa antivirus 2008, j`ai reussi a l`eradiquer avec malwarebytes mais bien sure je me mefie toujours est ce que quelqu`un pourrait m`analyse mon rapport ci dessous je vous serais tres reconnaissant, merci d`avance. Ps: j`ai fait le scan aujourd`hui mais je ne sais pas pourquoi il me la date du 04/09/08 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:24:24, on 04/09/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\WinRAR\WinRAR.exe C:\Users\azdare\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\azdare\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Users\azdare\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.241.125.226:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O3 - Toolbar: gksraemq - {F661BA6B-FAF4-4165-A701-F65A7585AC91} - C:\Windows\gksraemq.dll (file missing) O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [\VIE4DA6.exe] C:\Windows\System32\VIE4DA6.exe O4 - HKLM\..\Run: [\VIE592B.exe] C:\Windows\System32\VIE592B.exe O4 - HKCU\..\Run: [lazfldca] C:\Windows\system32\arobafwh.exe O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Users\azdare\AppData\Roaming\Microsoft\dtsc\6687.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background O4 - HKCU\..\Run: [Google Update] "C:\Users\azdare\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Run] "C:\Users\azdare\AppData\Roaming\Adobe\Manager.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O21 - SSODL: dgksvbpn - {E49D58FE-C8E6-4A15-A8EF-37582F79A191} - C:\Windows\dgksvbpn.dll (file missing) O21 - SSODL: xrdwbfgn - {07C5CF0D-D917-4533-9E6A-2B01DB8DACC8} - C:\Windows\xrdwbfgn.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe -- End of file - 7335 bytes
×
×
  • Créer...