Aller au contenu

loloetseb

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    3

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par loloetseb

  1. loloetseb
    Salut thanos, Je viens de faire un scan avec combofix.Je te joints le rapport,si cela peut etre utile.J ai eu en cours d analyse un icone kiwee qui est apparru en me demandant si je souhaitais vraiment supprimer la barre kiwee,ce message est sur mon fond d ecran en ce moment.Je suis un peu inquiet car le virus via msn c etait chargé ,a priori dans la barre kiwee.Donc pour l instant je valide pas le message.Merci d avance pour ton aide ComboFix 08-12-14.05 - LIONEL 2008-12-15 18:44:34.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.958.525 [GMT 1:00] Lancé depuis: c:\documents and settings\LIONEL\Bureau\C-FIX.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrateur\Application Data\vlc-0.9.4-win32.exe c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe c:\program files\Internet Explorer\fxavx.ini D:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-15 au 2008-12-15 )))))))))))))))))))))))))))))))))))) . 2008-12-15 10:43 . 2008-12-15 10:43 <REP> d-------- C:\VundoFix Backups 2008-12-14 18:19 . 2008-12-14 18:19 <REP> dr------- c:\documents and settings\LocalService\Favoris 2008-12-14 18:11 . 2008-12-14 18:31 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier 2008-12-14 18:11 . 2008-12-14 18:13 4,212 ---h----- c:\windows\system32\zllictbl.dat 2008-12-14 18:10 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll 2008-12-14 18:09 . 2008-12-14 18:36 <REP> d-------- c:\windows\Internet Logs 2008-12-14 17:38 . 2008-12-14 17:38 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-14 17:38 . 2008-12-14 17:38 <REP> d-------- c:\documents and settings\LIONEL\Application Data\Malwarebytes 2008-12-14 17:38 . 2008-12-14 17:38 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-14 17:38 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-14 17:38 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-14 17:29 . 2008-12-14 17:37 <REP> d-------- c:\program files\MSNFix 2008-12-14 14:49 . 2008-12-14 22:35 <REP> d-------- c:\program files\a-squared Free 2008-12-14 12:34 . 2008-12-14 12:34 21,415,977 --a------ c:\windows\VPTNFILE.707 2008-12-14 12:34 . 2008-12-14 12:34 21,415,977 --a------ c:\windows\LPT$VPN.707 2008-12-14 12:33 . 2008-12-14 12:34 <REP> d-------- c:\windows\AU_Temp 2008-12-14 04:14 . 2008-12-14 04:19 <REP> d-------- c:\windows\avxoscan 2008-12-09 08:54 . 2008-12-09 08:54 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-08 23:59 . 2008-12-14 20:28 <REP> d-------- c:\program files\PeerGuardian2 2008-12-05 10:52 . 2008-12-05 10:52 <REP> dr------- c:\documents and settings\LIONEL\Application Data\Brother 2008-12-02 21:53 . 2008-12-02 21:53 <REP> d-------- c:\documents and settings\LIONEL\Application Data\Template 2008-12-02 21:53 . 2008-12-02 22:01 138 --a------ c:\documents and settings\LIONEL\Application Data\wklnhst.dat 2008-12-02 09:49 . 2008-12-02 09:49 <REP> d-------- c:\program files\Comptes et Budget Free V5.0 2008-12-02 09:49 . 2008-12-02 09:49 <REP> d-------- c:\documents and settings\LIONEL\Application Data\AlauxSoft 2008-11-24 20:53 . 2008-11-24 20:53 <REP> dr------- c:\documents and settings\erienne\Application Data\Brother 2008-11-24 19:48 . 2008-11-24 19:48 <REP> d-------- c:\documents and settings\erienne\Application Data\OpenOffice.org 2008-11-22 22:59 . 2008-11-22 22:59 <REP> d-------- c:\documents and settings\LIONEL\Application Data\vlc 2008-11-22 19:20 . 2008-12-03 18:22 <REP> d-------- c:\documents and settings\LIONEL\Application Data\Azureus 2008-11-22 19:12 . 2008-11-22 19:20 <REP> d-------- c:\documents and settings\erienne\Application Data\Azureus 2008-11-22 15:51 . 2008-11-22 16:15 <REP> d-------- c:\documents and settings\erienne\Application Data\vlc 2008-11-22 15:50 . 2008-11-22 15:51 <REP> d-------- c:\documents and settings\erienne\Application Data\dvdcss 2008-11-22 13:14 . 2008-11-22 13:14 <REP> d-------- c:\documents and settings\erienne\Application Data\CyberLink 2008-11-21 20:23 . 2008-12-05 14:02 <REP> d-------- c:\documents and settings\LIONEL\Contacts 2008-11-21 20:22 . 2008-11-21 20:38 <REP> d-------- c:\documents and settings\LIONEL\Application Data\agi 2008-11-21 19:18 . 2008-11-21 19:18 <REP> d-------- c:\documents and settings\LIONEL\Application Data\OpenOffice.org 2008-11-21 19:02 . 2006-06-20 10:22 <REP> d-------- c:\documents and settings\LIONEL\WINDOWS 2008-11-21 19:02 . 2005-10-20 20:05 <REP> d-------- c:\documents and settings\LIONEL\Voisinage réseau 2008-11-21 19:02 . 2005-10-20 20:05 <REP> d-------- c:\documents and settings\LIONEL\Voisinage d'impression 2008-11-21 19:02 . 2005-10-26 23:35 <REP> d-------- c:\documents and settings\LIONEL\Modèles 2008-11-21 19:02 . 2008-12-14 14:49 <REP> dr------- c:\documents and settings\LIONEL\Mes documents 2008-11-21 19:02 . 2005-10-26 23:35 <REP> d-------- c:\documents and settings\LIONEL\Menu Démarrer 2008-11-21 19:02 . 2008-12-14 22:23 <REP> dr------- c:\documents and settings\LIONEL\Favoris 2008-11-21 19:02 . 2008-12-15 18:35 <REP> d-------- c:\documents and settings\LIONEL\Bureau 2008-11-21 19:02 . 2008-12-15 10:41 <REP> d-------- c:\documents and settings\LIONEL 2008-11-17 11:45 . 2008-11-17 11:45 <REP> dr-h----- c:\documents and settings\erienne\Application Data\SecuROM 2008-11-16 20:27 . 2008-11-22 17:26 <REP> d-------- c:\documents and settings\erienne\Contacts 2008-11-16 20:27 . 2008-11-16 21:30 <REP> d-------- c:\documents and settings\erienne\Application Data\agi 2008-11-16 20:14 . 2006-06-20 10:22 <REP> d-------- c:\documents and settings\erienne\WINDOWS 2008-11-16 20:14 . 2005-10-20 20:05 <REP> d-------- c:\documents and settings\erienne\Voisinage réseau 2008-11-16 20:14 . 2005-10-20 20:05 <REP> d-------- c:\documents and settings\erienne\Voisinage d'impression 2008-11-16 20:14 . 2005-10-26 23:35 <REP> d-------- c:\documents and settings\erienne\Modèles 2008-11-16 20:14 . 2008-11-30 18:47 <REP> dr------- c:\documents and settings\erienne\Mes documents 2008-11-16 20:14 . 2005-10-26 23:35 <REP> d-------- c:\documents and settings\erienne\Menu Démarrer 2008-11-16 20:14 . 2008-12-04 02:01 <REP> dr------- c:\documents and settings\erienne\Favoris 2008-11-16 20:14 . 2008-12-05 14:23 <REP> d-------- c:\documents and settings\erienne\Bureau 2008-11-16 20:14 . 2008-12-11 23:52 <REP> d-------- c:\documents and settings\erienne . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-15 10:03 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-14 17:20 --------- d-----w c:\program files\MSN Messenger 2008-12-14 11:34 91,744 ----a-w c:\windows\BPMNT.dll 2008-12-14 11:34 1,213,784 ----a-w c:\windows\vsapi32.dll 2008-12-13 17:31 --------- d-----w c:\program files\akboot 2008-12-09 07:54 --------- d-----w c:\program files\Java 2008-12-03 21:59 --------- d-----w c:\program files\scrabbleproB1.0.8 2008-11-30 20:46 --------- d-----w c:\program files\Vuze 2008-11-18 21:16 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Azureus 2008-11-11 12:34 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\ScanSoft 2008-11-11 12:13 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\HP 2008-11-07 08:15 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant 2008-11-05 22:50 --------- d-----w c:\program files\EA GAMES 2008-11-05 13:32 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-04 16:40 --------- d-----w c:\program files\Mio Technology 2008-11-04 14:41 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-03 10:17 --------- d-----w c:\program files\Brother 2008-11-03 10:16 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\InstallShield 2008-11-02 15:00 --------- d-----w c:\program files\NOS 2008-11-02 15:00 --------- d-----w c:\documents and settings\All Users\Application Data\NOS 2008-10-27 14:40 71,749 ----a-w c:\windows\hcextoutput.dll 2008-10-27 14:40 348,229 ----a-w c:\windows\TSC.exe 2008-10-27 14:39 69,689 ----a-w c:\windows\UNZIP.DLL 2008-10-27 14:39 507,904 ----a-w c:\windows\TMUPDATE.DLL 2008-10-27 14:39 286,720 ----a-w c:\windows\PATCH.EXE 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys 2008-10-24 00:20 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion 2008-10-23 23:20 --------- d-----w c:\program files\Yahoo! 2008-10-23 23:18 --------- d-----w c:\program files\7-Zip 2008-10-23 19:33 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\OpenOffice.org 2008-10-23 19:30 --------- d-----w c:\program files\OpenOffice.org 3 2008-10-23 19:30 --------- d-----w c:\program files\JRE 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll 2008-10-22 22:15 --------- d-----w c:\program files\HP 2008-10-22 22:14 --------- d-----w c:\program files\Hewlett-Packard 2008-10-22 20:06 928 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat 2008-10-17 00:48 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-10-16 20:03 --------- d-----w c:\program files\PC-Doctor 5 for Windows 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe 2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll 2008-10-13 10:40 339,968 ----a-w c:\windows\system32\pythoncom25.dll 2008-10-13 10:40 2,117,632 ----a-w c:\windows\system32\python25.dll 2008-10-13 10:40 114,688 ----a-w c:\windows\system32\pywintypes25.dll 2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-10-03 10:03 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-23 16:46 245,408 ----a-w c:\windows\system32\unicows.dll 2008-09-16 16:26 1,332,197 ----a-w c:\windows\system32\pythondll.zip 2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-15 15:26 1,846,528 ------w c:\windows\system32\dllcache\win32k.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}] 2008-12-04 21:14 277648 --a------ c:\program files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll" [2008-12-04 277648] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll" [2008-12-04 277648] [HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}] [HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}] [HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 147456] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-27 77824] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-20 180269] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "PCDrSmartMonitor"="c:\program files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" [2006-02-02 360448] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-06-20 27136] c:\documents and settings\erienne\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000] Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-06-20 27136] c:\documents and settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000] c:\documents and settings\LIONEL\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000] Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-06-20 27136] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624] Sagem - Utilitaire r‚seau pour Cl‚ USB Wi-Fi 802.11g.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2007-12-30 679936] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=bukbtg.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08] --a------ 2005-06-02 07:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 111184] R2 AGWinService;AG Windows Service;"c:\program files\AGI\common\win32\PythonService.exe" [2008-10-13 10240] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-05 20560] R2 CKService;CKService;c:\windows\system32\CKService.exe [2006-03-22 107008] R2 litsgt;litsgt;c:\windows\system32\DRIVERS\litsgt.sys [2006-10-21 137344] R2 tansgt;tansgt;c:\windows\system32\DRIVERS\tansgt.sys [2006-10-21 12032] R3 PCD5SRVC{8A863ACB-F5F6CC6A-05010003};PCD5SRVC{8A863ACB-F5F6CC6A-05010003} - PCDR Kernel Mode Service Helper Driver;\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2006-02-08 21120] R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\DRIVERS\wn5301.sys [2006-06-20 468768] S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\DRIVERS\WlanUIG.sys [2007-12-30 379456] *Newly Created Service* - PCANDIS5 *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Tâches planifiées' 2007-05-07 c:\windows\Tasks\Connexion facile à Internet.job - c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 18:23] 2008-12-15 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file) HKLM-Run-Workflow - E:\Workflow.exe MSConfigStartUp-JeticoPFStartup - c:\program files\Jetico\Jetico Personal Firewall\fwsrv.exe MSConfigStartUp-Numericable Controle Parental - c:\program files\Numericable Controle Parental\Numericable Controle Parental.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=63&bd=PAVILION&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=63&bd=PAVILION&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: {{B1474CCB-9FAF-45D8-B831-84F9A77EEE43} - c:\windows\system32\Suggestion.exe IE: {{B1474CCB-9FAF-45D8-B831-84F9A77EEE43} - c:\windows\system32\Suggestion.exe - c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab c:\windows\Downloaded Program Files\OSDC5.OSD O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-15 18:47:57 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{8A863ACB-F5F6CC6A-05010003}] "ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(776) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2008-12-15 18:48:57 ComboFix-quarantined-files.txt 2008-12-15 17:48:44 Avant-CF: 223 888 855 040 octets libres Après-CF: 223,905,169,408 octets libres 295 --- E O F --- 2008-12-11 13:08:05
  2. loloetseb
    Salut thanos, Je te remercie pour ton aide,j ai fait 4 scans avec malwarebytes,le dernier est a priori clean,je te transmets les 4 rapports: Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1456 Windows 5.1.2600 Service Pack 3 14/12/2008 17:45:17 mbam-log-2008-12-14 (17-45-17).txt Type de recherche: Examen rapide Eléments examinés: 27776 Temps écoulé: 5 minute(s), 5 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 2 Clé(s) du Registre infectée(s): 6 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\efcBttqn.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\bukbtg.dll (Trojan.Vundo.H) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2a3bbde0-c6c0-4cf1-9017-5da72cb3750d} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2a3bbde0-c6c0-4cf1-9017-5da72cb3750d} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c034568-1e8f-4c5c-a4cf-d75b5b629c4f} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6c034568-1e8f-4c5c-a4cf-d75b5b629c4f} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6c034568-1e8f-4c5c-a4cf-d75b5b629c4f} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2a3bbde0-c6c0-4cf1-9017-5da72cb3750d} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\efcbttqn -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\efcbttqn -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\efcBttqn.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\nqttBcfe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nqttBcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bukbtg.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\gshtcxna.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1456 Windows 5.1.2600 Service Pack 3 14/12/2008 18:00:08 mbam-log-2008-12-14 (18-00-08).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 39404 Temps écoulé: 12 minute(s), 9 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 2 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\efcBttqn.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\bukbtg.dll (Trojan.Vundo.H) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2a3bbde0-c6c0-4cf1-9017-5da72cb3750d} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2a3bbde0-c6c0-4cf1-9017-5da72cb3750d} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\efcbttqn -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\efcbttqn -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\efcBttqn.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\nqttBcfe.ini (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\nqttBcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bukbtg.dll (Trojan.Vundo.H) -> Delete on reboot. Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1500 Windows 5.1.2600 Service Pack 3 14/12/2008 19:49:57 mbam-log-2008-12-14 (19-49-57).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 182128 Temps écoulé: 51 minute(s), 8 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 4 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\A360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Delete on reboot. Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1500 Windows 5.1.2600 Service Pack 3 15/12/2008 10:01:43 mbam-log-2008-12-15 (10-01-43).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 183405 Temps écoulé: 50 minute(s), 42 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) J ai aussi fait un scan avec vundo fiw,a priori par de detection.J ai plus d anomalie de fonctionnement,mais je suppose que le mal est en suspens.Je n ai par contre pas fait le scan avec la cle usb branché sur l ordi.Celle ci peut elle etre contaminiée.J ai retire la restauration systeme (a priori , j ai lu que c etait preferable,quand dois je la remettre?;je suppose quand j aurais plus les contaminations). Merci d avance pour ta reponse. LIONEL LAVANANT
  3. loloetseb
    Bonjour a tous, Jai un soucis depuis hier.J ai charge un lien via msn qui m a transmis des trojans.Ces liens m ont demandé de charger antivirus 360,ce que je n ai pas fait car c 'est un virus,mais j ai plusieurs trojan en 40 ene sur avast.J ai pu supprimer le fichier executable qui m a transmis les trojans,ce qui m a permis de les mettre en 40 ene.Ca fonctionne a peu pres normalement.J ai utilisé plusieurs logiciels spybbot,c cleaner,malwarebytes et a scared.J ai fait un scan hijack this.Pouvez vous m aider a supprimer les derniers dossiers malveillants.Merci d avance Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:59:34, on 14/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\AGI\common\win32\PythonService.exe C:\WINDOWS\system32\CKService.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerCinema\PCMService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\HP\KBD\KBD.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Documents and Settings\LIONEL\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file) O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Workflow] E:\Workflow.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [PCDrSmartMonitor] "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ? O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Numericable Controle Parental - {B1474CCB-9FAF-45D8-B831-84F9A77EEE43} - C:\WINDOWS\system32\Suggestion.exe O9 - Extra 'Tools' menuitem: Numericable Controle Parental - {B1474CCB-9FAF-45D8-B831-84F9A77EEE43} - C:\WINDOWS\system32\Suggestion.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Filter hijack: text/html - {2AE72FFB-40C9-4BC6-89E7-18D924ADD652} - (no file) O20 - AppInit_DLLs: bukbtg.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CKService - Unknown owner - C:\WINDOWS\system32\CKService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- End of file - 15157 bytes
×
×
  • Créer...