Aller au contenu

houch

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    57

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par houch

  1. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    c 'est ce qui est bizarre il y a un processus inactif du systeme a 99 en permanence mais quand je sature il se met a zero et c'est le programme utilisé qui se met a fond.
  2. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    depouissierage fait. quand l'uc sature je vois pas de processus en particulier + gourmand que d'habitude. Le pb est apparu d'un coup un matin. Aucune installe particuliere avant.
  3. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    desolé... c'etait pas ds mes intentions
  4. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    je fais quoi avec mon pb ?
  5. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    c fait
  6. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    OOHA c pire qu'avant. sifflement en continu
  7. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    c fait...et mer........le pb et tjrs la j'ai perdu le rapport de toolscleaner..je le trouve ou ?
  8. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    genial ondirait que c bon...aprés netoyage symentac tout est ok..plsu de siflement strident. Merci bien
  9. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    je pense pas avoir du dymentc dedans mais je netoie quand même...et malheureusement j'ai toujours mon pb. Je commence par me demander si c'est pas un pb materiel mais cj'en doute fort
  10. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    voila la scan kaspersky Tuesday, February 3, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, February 02, 2009 18:24:28 Records in database: 1738007 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics Files scanned 110997 Threat name 0 Infected objects 0 Suspicious objects 0 Duration of the scan 04:37:39 No malware has been detected. The scan area is clean. The selected area was scanned.
  11. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    le scan n'avance pas car saturation : a peine 2% seulement
  12. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    ok mais c long
  13. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    ComboFix 09-02-01.01 - Stéphane 2009-02-02 18:33:03.4 - NTFSx86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1535.1279 [GMT 1:00] Lancé depuis: c:\documents and settings\Stéphane\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Stéphane\Bureau\CFScript.txt AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-02 au 2009-02-02 )))))))))))))))))))))))))))))))))))) . 2009-02-02 13:55 . 2009-02-02 13:55 230 --a------ c:\windows\system32\spupdsvc.inf 2009-02-02 13:17 . 2009-02-02 13:29 <REP> d-------- C:\ToolBar SD 2009-02-02 10:50 . 2009-02-02 10:51 <REP> d-------- C:\rsit 2009-01-23 20:56 . 2009-01-23 20:56 <REP> d-------- c:\program files\FRANCEPROSPECT 2009-01-14 19:34 . 2009-01-19 12:42 1,374 --a------ c:\windows\imsins.BAK 2009-01-14 19:11 . 2008-10-16 21:18 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2009-01-14 19:11 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2009-01-14 19:11 . 2007-03-08 06:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2009-01-14 19:11 . 2008-10-16 21:18 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2009-01-14 19:11 . 2008-10-16 21:18 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2009-01-14 19:11 . 2008-10-16 21:18 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2009-01-14 19:11 . 2008-10-16 21:18 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-01-14 19:11 . 2008-10-16 21:18 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2009-01-14 19:11 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2009-01-12 21:00 . 2009-01-12 21:00 93,033,860 --a------ C:\Sauv.reg 2009-01-12 20:43 . 2009-01-12 20:43 <REP> d-------- c:\program files\Foxit Software 2009-01-12 20:43 . 2009-01-12 20:43 <REP> d-------- c:\documents and settings\Stéphane\Application Data\Foxit 2009-01-12 18:06 . 2009-01-12 18:06 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-12 18:06 . 2009-01-12 18:06 <REP> d-------- c:\documents and settings\Stéphane\Application Data\Malwarebytes 2009-01-12 18:06 . 2009-01-12 18:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-12 18:06 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-12 18:06 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-12 16:54 . 2009-02-02 13:44 <REP> d-------- c:\program files\Trend Micro 2009-01-12 14:08 . 2009-01-12 14:08 <REP> d-------- c:\program files\Avira 2009-01-12 14:08 . 2009-01-12 14:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-01-12 11:16 . 1997-02-27 00:00 73,216 --a------ c:\windows\ST5UNST.EXE 2009-01-11 20:40 . 2009-01-09 19:53 5,700,105 --a------ c:\windows\system32\ahnszds.szd 2009-01-11 20:40 . 2009-01-09 19:57 4,856,280 --a------ c:\windows\system32\ahnszhs.szd 2009-01-11 20:40 . 2009-01-09 19:52 3,034,214 --a------ c:\windows\system32\ahnszns.szd 2009-01-11 20:40 . 2008-12-22 19:07 70,528 --a------ c:\windows\system32\drivers\ahnsze.sys 2009-01-11 20:36 . 2009-01-11 20:36 <REP> d-------- c:\windows\system32\Kaspersky Lab 2009-01-11 20:32 . 2009-01-11 20:32 <REP> d-------- c:\program files\AhnLab 2009-01-10 11:59 . 2009-01-10 11:59 <REP> d-------- c:\program files\CCleaner 2009-01-10 11:13 . 2009-01-10 11:13 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-01-10 11:13 . 2009-01-10 11:13 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-01-10 11:11 . 2009-01-10 11:11 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy) 2009-01-10 11:11 . 2009-01-10 11:11 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-01-09 19:43 . 2009-01-10 11:11 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-08 12:59 . 2009-01-19 11:01 <REP> d-------- c:\program files\Oxemis 2009-01-05 19:05 . 2009-01-05 19:05 <REP> d-------- c:\documents and settings\Stéphane\Application Data\Oxemis . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-02 08:54 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-02-01 16:11 --------- d-----w c:\documents and settings\Stéphane\Application Data\Azureus 2009-01-13 07:22 --------- d-----w c:\program files\MDIConvertor 2009-01-12 21:49 --------- d-----w c:\program files\Yahoo! 2009-01-12 19:49 --------- d-----w c:\program files\Java 2009-01-12 19:44 --------- d-----w c:\program files\Fichiers communs\Adobe 2009-01-12 17:30 2,138 ----a-w c:\documents and settings\Stéphane\Application Data\Cache-3000.bin 2009-01-12 17:30 11,150 ----a-w c:\documents and settings\Stéphane\Application Data\Global.bin 2009-01-10 10:46 --------- d-----w c:\program files\Anti-Trojan-55 2009-01-05 15:35 --------- d-----w c:\program files\Google 2008-12-17 10:20 --------- d-----w c:\program files\Microsoft 2008-12-17 10:19 --------- d-----w c:\program files\Windows Live SkyDrive 2008-12-17 10:18 --------- d-----w c:\program files\Windows Live 2008-12-17 10:15 --------- d-----w c:\program files\Fichiers communs\Windows Live 2008-12-13 12:35 --------- d-----w c:\program files\SystemRequirementsLab 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-10 07:55 --------- d-----w c:\program files\BatchDPG 2008-12-09 15:07 --------- d-----w c:\program files\Fichiers communs\LogiShared 2008-12-09 15:07 --------- d-----w c:\documents and settings\Stéphane\Application Data\Leadertech 2008-12-09 15:06 --------- d-----w c:\documents and settings\Stéphane\Application Data\Logitech 2008-12-09 15:05 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-12-09 15:05 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-12-09 15:05 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-12-09 15:04 --------- d-----w c:\program files\Fichiers communs\Logitech 2008-12-09 15:04 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech 2008-12-09 15:03 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-09 15:03 --------- d-----w c:\program files\Logitech 2008-12-09 15:03 --------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd 2008-12-08 13:39 --------- d-----w c:\program files\Allok 3GP PSP MP4 iPod Video Converter 2008-11-27 18:13 2,798 ----a-w c:\documents and settings\Stéphane\Application Data\Cache--1.bin 2008-11-27 17:54 2,797 ----a-w c:\documents and settings\Stéphane\Application Data\Cache-43.bin . ((((((((((((((((((((((((((((( snapshot@2009-02-02_14.42.52,87 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-02 17:40:14 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6ac.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960] "Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152] "PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024] "LTSMMSG"="LTSMMSG.exe" [2002-08-02 c:\windows\LTSMMSG.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2005-01-27 263776] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.VDOM"= vdowave.drv "msacm.divxa32"= DivXa32.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk backup=c:\windows\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VAIO Action Setup (Serveur).lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\VAIO Action Setup (Serveur).lnk backup=c:\windows\pss\VAIO Action Setup (Serveur).lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL] --a------ 2002-11-02 07:33 45056 c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] --a------ 2002-12-02 15:17 73728 c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] --a------ 2003-09-04 09:45 135214 c:\program files\Fichiers communs\Logitech\QCDriver2\LVComS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-10 15:27 385024 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard] --a------ 2002-06-18 00:01 155648 c:\program files\VERITAS Software\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Norton Ghost"=2 (0x2) "wscsvc"=2 (0x2) "Fax"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitTorrent\\btdownloadgui.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\Anti-Trojan-55\\Anti-Trojan.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"= "c:\\Program Files\\NetMeeting\\conf.exe"= "d:\\Installation\\CRM\\mysql\\bin\\mysqld.exe"= "d:\\Installation\\CRM\\apache2\\bin\\Apache.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8080:TCP"= 8080:TCP:free "1234:UDP"= 1234:UDP:free "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "80:TCP"= 80:TCP:http R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016] R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [2005-11-12 137344] R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [2005-11-12 12032] R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2002-08-02 816043] S2 SNAWApache;SNAWApache;"c:\documents and settings\Stéphane\Bureau\distrib_cligraphcrm_0.97\CLIGRAPHCRM\server\apache\bin\httpd.exe" -k runservice --> c:\documents and settings\Stéphane\Bureau\distrib_cligraphcrm_0.97\CLIGRAPHCRM\server\apache\bin\httpd.exe [?] S2 sugarMysql;sugarMysql;c:\progra~1\SUGARC~1.0G\mysql\bin\mysqld.exe --defaults-file=c:\progra~1\SUGARC~1.0G\mysql\my.ini sugarMysql --> c:\progra~1\SUGARC~1.0G\mysql\bin\mysqld.exe --defaults-file=c:\progra~1\SUGARC~1.0G\mysql\my.ini sugarMysql [?] S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2004-10-08 152576] . Contenu du dossier 'Tâches planifiées' 2009-02-02 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-01-27 14:59] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mWindow Title = uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Sothink SWF Catcher - c:\program files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-02 18:41:10 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL" . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\rundll32.exe c:\program files\Portrait Displays\Pivot Software\Floater.exe c:\program files\Microsoft ActiveSync\rapimgr.exe . ************************************************************************** . Heure de fin: 2009-02-02 18:46:20 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-02 17:46:16 ComboFix2.txt 2009-02-02 15:38:54 ComboFix3.txt 2009-02-02 15:24:20 ComboFix4.txt 2009-02-02 13:45:00 Avant-CF: 11 248 963 584 octets libres Après-CF: 9,742,147,584 octets libres 251
  14. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    impossible de finir le scan, l'ordi sature et siffle a fond je fais quoi du coup ?
  15. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    j'ai pourtant suivi ce qui etait ecrit...j'ai manqué quoi ?* le scan est en cours... pou rla procedure j'ai copié/collé, renommé et glissé sur combofix...puis envoyé le rapport. quelle est mon erreur ?
  16. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    ComboFix 09-02-01.01 - Stéphane 2009-02-02 16:28:07.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1535.1134 [GMT 1:00] Lancé depuis: c:\documents and settings\Stéphane\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Stéphane\Bureau\CFScript.txt AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-02 au 2009-02-02 )))))))))))))))))))))))))))))))))))) . 2009-02-02 13:55 . 2009-02-02 13:55 230 --a------ c:\windows\system32\spupdsvc.inf 2009-02-02 13:17 . 2009-02-02 13:29 <REP> d-------- C:\ToolBar SD 2009-02-02 10:50 . 2009-02-02 10:51 <REP> d-------- C:\rsit 2009-01-23 20:56 . 2009-01-23 20:56 <REP> d-------- c:\program files\FRANCEPROSPECT 2009-01-14 19:34 . 2009-01-19 12:42 1,374 --a------ c:\windows\imsins.BAK 2009-01-14 19:11 . 2008-10-16 21:18 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2009-01-14 19:11 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2009-01-14 19:11 . 2007-03-08 06:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2009-01-14 19:11 . 2008-10-16 21:18 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2009-01-14 19:11 . 2008-10-16 21:18 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2009-01-14 19:11 . 2008-10-16 21:18 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2009-01-14 19:11 . 2008-10-16 21:18 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-01-14 19:11 . 2008-10-16 21:18 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2009-01-14 19:11 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2009-01-12 21:00 . 2009-01-12 21:00 93,033,860 --a------ C:\Sauv.reg 2009-01-12 20:43 . 2009-01-12 20:43 <REP> d-------- c:\program files\Foxit Software 2009-01-12 20:43 . 2009-01-12 20:43 <REP> d-------- c:\documents and settings\Stéphane\Application Data\Foxit 2009-01-12 18:06 . 2009-01-12 18:06 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-12 18:06 . 2009-01-12 18:06 <REP> d-------- c:\documents and settings\Stéphane\Application Data\Malwarebytes 2009-01-12 18:06 . 2009-01-12 18:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-12 18:06 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-12 18:06 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-12 16:54 . 2009-02-02 13:44 <REP> d-------- c:\program files\Trend Micro 2009-01-12 14:08 . 2009-01-12 14:08 <REP> d-------- c:\program files\Avira 2009-01-12 14:08 . 2009-01-12 14:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-01-12 11:16 . 1997-02-27 00:00 73,216 --a------ c:\windows\ST5UNST.EXE 2009-01-11 20:40 . 2009-01-09 19:53 5,700,105 --a------ c:\windows\system32\ahnszds.szd 2009-01-11 20:40 . 2009-01-09 19:57 4,856,280 --a------ c:\windows\system32\ahnszhs.szd 2009-01-11 20:40 . 2009-01-09 19:52 3,034,214 --a------ c:\windows\system32\ahnszns.szd 2009-01-11 20:40 . 2008-12-22 19:07 70,528 --a------ c:\windows\system32\drivers\ahnsze.sys 2009-01-11 20:36 . 2009-01-11 20:36 <REP> d-------- c:\windows\system32\Kaspersky Lab 2009-01-11 20:32 . 2009-01-11 20:32 <REP> d-------- c:\program files\AhnLab 2009-01-10 11:59 . 2009-01-10 11:59 <REP> d-------- c:\program files\CCleaner 2009-01-10 11:13 . 2009-01-10 11:13 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-01-10 11:13 . 2009-01-10 11:13 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-01-10 11:11 . 2009-01-10 11:11 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy) 2009-01-10 11:11 . 2009-01-10 11:11 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-01-09 19:43 . 2009-01-10 11:11 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-08 12:59 . 2009-01-19 11:01 <REP> d-------- c:\program files\Oxemis 2009-01-05 19:05 . 2009-01-05 19:05 <REP> d-------- c:\documents and settings\Stéphane\Application Data\Oxemis . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-02 08:54 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-02-01 16:11 --------- d-----w c:\documents and settings\Stéphane\Application Data\Azureus 2009-01-13 07:22 --------- d-----w c:\program files\MDIConvertor 2009-01-12 21:49 --------- d-----w c:\program files\Yahoo! 2009-01-12 19:49 --------- d-----w c:\program files\Java 2009-01-12 19:44 --------- d-----w c:\program files\Fichiers communs\Adobe 2009-01-12 17:30 2,138 ----a-w c:\documents and settings\Stéphane\Application Data\Cache-3000.bin 2009-01-12 17:30 11,150 ----a-w c:\documents and settings\Stéphane\Application Data\Global.bin 2009-01-10 10:46 --------- d-----w c:\program files\Anti-Trojan-55 2009-01-05 15:35 --------- d-----w c:\program files\Google 2008-12-17 10:20 --------- d-----w c:\program files\Microsoft 2008-12-17 10:19 --------- d-----w c:\program files\Windows Live SkyDrive 2008-12-17 10:18 --------- d-----w c:\program files\Windows Live 2008-12-17 10:15 --------- d-----w c:\program files\Fichiers communs\Windows Live 2008-12-13 12:35 --------- d-----w c:\program files\SystemRequirementsLab 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-10 07:55 --------- d-----w c:\program files\BatchDPG 2008-12-09 15:07 --------- d-----w c:\program files\Fichiers communs\LogiShared 2008-12-09 15:07 --------- d-----w c:\documents and settings\Stéphane\Application Data\Leadertech 2008-12-09 15:06 --------- d-----w c:\documents and settings\Stéphane\Application Data\Logitech 2008-12-09 15:05 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-12-09 15:05 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-12-09 15:05 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-12-09 15:04 --------- d-----w c:\program files\Fichiers communs\Logitech 2008-12-09 15:04 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech 2008-12-09 15:03 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-09 15:03 --------- d-----w c:\program files\Logitech 2008-12-09 15:03 --------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd 2008-12-08 13:39 --------- d-----w c:\program files\Allok 3GP PSP MP4 iPod Video Converter 2008-11-27 18:13 2,798 ----a-w c:\documents and settings\Stéphane\Application Data\Cache--1.bin 2008-11-27 17:54 2,797 ----a-w c:\documents and settings\Stéphane\Application Data\Cache-43.bin . ((((((((((((((((((((((((((((( snapshot@2009-02-02_14.42.52,87 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-02 15:32:38 16,384 ----atw c:\windows\temp\Perflib_Perfdata_15c.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960] "Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152] "PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024] "LTSMMSG"="LTSMMSG.exe" [2002-08-02 c:\windows\LTSMMSG.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2005-01-27 263776] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.VDOM"= vdowave.drv "msacm.divxa32"= DivXa32.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk backup=c:\windows\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VAIO Action Setup (Serveur).lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\VAIO Action Setup (Serveur).lnk backup=c:\windows\pss\VAIO Action Setup (Serveur).lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL] --a------ 2002-11-02 07:33 45056 c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] --a------ 2002-12-02 15:17 73728 c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] --a------ 2003-09-04 09:45 135214 c:\program files\Fichiers communs\Logitech\QCDriver2\LVComS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-10 15:27 385024 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard] --a------ 2002-06-18 00:01 155648 c:\program files\VERITAS Software\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Norton Ghost"=2 (0x2) "wscsvc"=2 (0x2) "Fax"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitTorrent\\btdownloadgui.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\Anti-Trojan-55\\Anti-Trojan.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"= "c:\\Program Files\\NetMeeting\\conf.exe"= "d:\\Installation\\CRM\\mysql\\bin\\mysqld.exe"= "d:\\Installation\\CRM\\apache2\\bin\\Apache.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8080:TCP"= 8080:TCP:free "1234:UDP"= 1234:UDP:free "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "80:TCP"= 80:TCP:http R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016] R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [2005-11-12 137344] R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [2005-11-12 12032] R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2002-08-02 816043] S2 SNAWApache;SNAWApache;"c:\documents and settings\Stéphane\Bureau\distrib_cligraphcrm_0.97\CLIGRAPHCRM\server\apache\bin\httpd.exe" -k runservice --> c:\documents and settings\Stéphane\Bureau\distrib_cligraphcrm_0.97\CLIGRAPHCRM\server\apache\bin\httpd.exe [?] S2 sugarMysql;sugarMysql;c:\progra~1\SUGARC~1.0G\mysql\bin\mysqld.exe --defaults-file=c:\progra~1\SUGARC~1.0G\mysql\my.ini sugarMysql --> c:\progra~1\SUGARC~1.0G\mysql\bin\mysqld.exe --defaults-file=c:\progra~1\SUGARC~1.0G\mysql\my.ini sugarMysql [?] S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2004-10-08 152576] . Contenu du dossier 'Tâches planifiées' 2009-02-02 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-01-27 14:59] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mWindow Title = uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Sothink SWF Catcher - c:\program files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-02 16:32:56 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL" . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\rundll32.exe c:\program files\Portrait Displays\Pivot Software\Floater.exe c:\program files\Microsoft ActiveSync\rapimgr.exe . ************************************************************************** . Heure de fin: 2009-02-02 16:38:48 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-02 15:38:44 ComboFix2.txt 2009-02-02 15:24:20 ComboFix3.txt 2009-02-02 13:45:00 Avant-CF: 9 994 809 344 octets libres Après-CF: 9,984,946,176 octets libres 254
  17. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    j'en susi toujours au même^point...de quoi devenir fou
  18. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    ComboFix 09-02-01.01 - Stéphane 2009-02-02 14:36:58.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1535.1155 [GMT 1:00] Lancé depuis: c:\documents and settings\Stéphane\Bureau\ComboFix.exe AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Stéphane\err.log c:\windows\Downloaded Program Files\Quarantine c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe D:\Autorun.inf D:\resycled K:\Autorun.inf K:\resycled . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-02 au 2009-02-02 )))))))))))))))))))))))))))))))))))) . 2009-02-02 13:55 . 2009-02-02 13:55 230 --a------ c:\windows\system32\spupdsvc.inf 2009-02-02 13:17 . 2009-02-02 13:29 <REP> d-------- C:\ToolBar SD 2009-02-02 10:50 . 2009-02-02 10:51 <REP> d-------- C:\rsit 2009-01-23 20:56 . 2009-01-23 20:56 <REP> d-------- c:\program files\FRANCEPROSPECT 2009-01-14 19:34 . 2009-01-19 12:42 1,374 --a------ c:\windows\imsins.BAK 2009-01-14 19:11 . 2008-10-16 21:18 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2009-01-14 19:11 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2009-01-14 19:11 . 2007-03-08 06:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2009-01-14 19:11 . 2008-10-16 21:18 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2009-01-14 19:11 . 2008-10-16 21:18 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2009-01-14 19:11 . 2008-10-16 21:18 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2009-01-14 19:11 . 2008-10-16 21:18 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-01-14 19:11 . 2008-10-16 21:18 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2009-01-14 19:11 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2009-01-12 21:00 . 2009-01-12 21:00 93,033,860 --a------ C:\Sauv.reg 2009-01-12 20:43 . 2009-01-12 20:43 <REP> d-------- c:\program files\Foxit Software 2009-01-12 20:43 . 2009-01-12 20:43 <REP> d-------- c:\documents and settings\Stéphane\Application Data\Foxit 2009-01-12 18:06 . 2009-01-12 18:06 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-12 18:06 . 2009-01-12 18:06 <REP> d-------- c:\documents and settings\Stéphane\Application Data\Malwarebytes 2009-01-12 18:06 . 2009-01-12 18:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-12 18:06 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-12 18:06 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-12 16:54 . 2009-02-02 13:44 <REP> d-------- c:\program files\Trend Micro 2009-01-12 14:08 . 2009-01-12 14:08 <REP> d-------- c:\program files\Avira 2009-01-12 14:08 . 2009-01-12 14:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-01-12 11:16 . 1997-02-27 00:00 73,216 --a------ c:\windows\ST5UNST.EXE 2009-01-11 20:40 . 2009-01-09 19:53 5,700,105 --a------ c:\windows\system32\ahnszds.szd 2009-01-11 20:40 . 2009-01-09 19:57 4,856,280 --a------ c:\windows\system32\ahnszhs.szd 2009-01-11 20:40 . 2009-01-09 19:52 3,034,214 --a------ c:\windows\system32\ahnszns.szd 2009-01-11 20:40 . 2008-12-22 19:07 70,528 --a------ c:\windows\system32\drivers\ahnsze.sys 2009-01-11 20:36 . 2009-01-11 20:36 <REP> d-------- c:\windows\system32\Kaspersky Lab 2009-01-11 20:32 . 2009-01-11 20:32 <REP> d-------- c:\program files\AhnLab 2009-01-10 11:59 . 2009-01-10 11:59 <REP> d-------- c:\program files\CCleaner 2009-01-10 11:13 . 2009-01-10 11:13 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-01-10 11:13 . 2009-01-10 11:13 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-01-10 11:11 . 2009-01-10 11:11 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy) 2009-01-10 11:11 . 2009-01-10 11:11 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-01-09 19:43 . 2009-01-10 11:11 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-08 12:59 . 2009-01-19 11:01 <REP> d-------- c:\program files\Oxemis 2009-01-05 19:05 . 2009-01-05 19:05 <REP> d-------- c:\documents and settings\Stéphane\Application Data\Oxemis . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-02 08:54 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-02-01 16:11 --------- d-----w c:\documents and settings\Stéphane\Application Data\Azureus 2009-01-13 07:22 --------- d-----w c:\program files\MDIConvertor 2009-01-12 21:49 --------- d-----w c:\program files\Yahoo! 2009-01-12 19:49 --------- d-----w c:\program files\Java 2009-01-12 19:44 --------- d-----w c:\program files\Fichiers communs\Adobe 2009-01-12 17:30 2,138 ----a-w c:\documents and settings\Stéphane\Application Data\Cache-3000.bin 2009-01-12 17:30 11,150 ----a-w c:\documents and settings\Stéphane\Application Data\Global.bin 2009-01-10 10:46 --------- d-----w c:\program files\Anti-Trojan-55 2009-01-05 15:35 --------- d-----w c:\program files\Google 2008-12-17 10:20 --------- d-----w c:\program files\Microsoft 2008-12-17 10:19 --------- d-----w c:\program files\Windows Live SkyDrive 2008-12-17 10:18 --------- d-----w c:\program files\Windows Live 2008-12-17 10:15 --------- d-----w c:\program files\Fichiers communs\Windows Live 2008-12-13 12:35 --------- d-----w c:\program files\SystemRequirementsLab 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-10 07:55 --------- d-----w c:\program files\BatchDPG 2008-12-09 15:07 --------- d-----w c:\program files\Fichiers communs\LogiShared 2008-12-09 15:07 --------- d-----w c:\documents and settings\Stéphane\Application Data\Leadertech 2008-12-09 15:06 --------- d-----w c:\documents and settings\Stéphane\Application Data\Logitech 2008-12-09 15:05 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-12-09 15:05 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-12-09 15:05 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-12-09 15:04 --------- d-----w c:\program files\Fichiers communs\Logitech 2008-12-09 15:04 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech 2008-12-09 15:03 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-09 15:03 --------- d-----w c:\program files\Logitech 2008-12-09 15:03 --------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd 2008-12-08 13:39 --------- d-----w c:\program files\Allok 3GP PSP MP4 iPod Video Converter 2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll 2008-11-27 18:13 2,798 ----a-w c:\documents and settings\Stéphane\Application Data\Cache--1.bin 2008-11-27 17:54 2,797 ----a-w c:\documents and settings\Stéphane\Application Data\Cache-43.bin 2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll 1998-09-29 11:56 10,000 -c--a-w c:\windows\inf\unregpn.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960] "Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152] "PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024] "LTSMMSG"="LTSMMSG.exe" [2002-08-02 c:\windows\LTSMMSG.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2005-01-27 263776] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.VDOM"= vdowave.drv "msacm.divxa32"= DivXa32.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk backup=c:\windows\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VAIO Action Setup (Serveur).lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\VAIO Action Setup (Serveur).lnk backup=c:\windows\pss\VAIO Action Setup (Serveur).lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL] --a------ 2002-11-02 07:33 45056 c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] --a------ 2002-12-02 15:17 73728 c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] --a------ 2003-09-04 09:45 135214 c:\program files\Fichiers communs\Logitech\QCDriver2\LVComS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-10 15:27 385024 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard] --a------ 2002-06-18 00:01 155648 c:\program files\VERITAS Software\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Norton Ghost"=2 (0x2) "wscsvc"=2 (0x2) "Fax"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "UpdatesDisableNotify"="0x00000000" "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitTorrent\\btdownloadgui.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\Anti-Trojan-55\\Anti-Trojan.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"= "c:\\Program Files\\NetMeeting\\conf.exe"= "d:\\Installation\\CRM\\mysql\\bin\\mysqld.exe"= "d:\\Installation\\CRM\\apache2\\bin\\Apache.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8080:TCP"= 8080:TCP:free "1234:UDP"= 1234:UDP:free "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "80:TCP"= 80:TCP:http R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016] R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [2005-11-12 137344] R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [2005-11-12 12032] R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2002-08-02 816043] S2 SNAWApache;SNAWApache;"c:\documents and settings\Stéphane\Bureau\distrib_cligraphcrm_0.97\CLIGRAPHCRM\server\apache\bin\httpd.exe" -k runservice --> c:\documents and settings\Stéphane\Bureau\distrib_cligraphcrm_0.97\CLIGRAPHCRM\server\apache\bin\httpd.exe [?] S2 sugarMysql;sugarMysql;c:\progra~1\SUGARC~1.0G\mysql\bin\mysqld.exe --defaults-file=c:\progra~1\SUGARC~1.0G\mysql\my.ini sugarMysql --> c:\progra~1\SUGARC~1.0G\mysql\bin\mysqld.exe --defaults-file=c:\progra~1\SUGARC~1.0G\mysql\my.ini sugarMysql [?] S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2004-10-08 152576] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d: \Shell\Open\command - resycled\boot.com d: . Contenu du dossier 'Tâches planifiées' 2009-02-02 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-01-27 14:59] . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB5; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 1.1.4322; .NET MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\MsnMsgr.Exe MSConfigStartUp-Norton Ghost 9 - c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mWindow Title = uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Sothink SWF Catcher - c:\program files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-02 14:41:46 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL" . Heure de fin: 2009-02-02 14:44:59 ComboFix-quarantined-files.txt 2009-02-02 13:44:34 Avant-CF: 9 298 022 400 octets libres Après-CF: 9,874,714,624 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn 272
  19. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    SmitFraudFix v2.392 Rapport fait à 14:13:34,20, 02/02/2009 Executé à partir de C:\Documents and Settings\St‚phane\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\LTSMMSG.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Portrait Displays\Pivot Software\floater.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\Documents and Settings\Stéphane\Bureau\SmitfraudFix\Policies.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\St‚phane »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\STPHAN~1\LOCALS~1\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\St‚phane\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\STPHAN~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="file:///C:/DOCUME~1/STPHAN~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif" "SubscribedURL"="file:///C:/DOCUME~1/STPHAN~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "LoadAppInit_DLLs"=dword:00000001 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets DNS Server Search Order: 212.27.40.241 DNS Server Search Order: 212.27.40.240 HKLM\SYSTEM\CCS\Services\Tcpip\..\{355E7817-E559-4D93-A8E2-EA5A92B9ED26}: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS1\Services\Tcpip\..\{355E7817-E559-4D93-A8E2-EA5A92B9ED26}: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS2\Services\Tcpip\..\{355E7817-E559-4D93-A8E2-EA5A92B9ED26}: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS3\Services\Tcpip\..\{355E7817-E559-4D93-A8E2-EA5A92B9ED26}: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  20. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    rapport 1 -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Athlon Processor ) BIOS : Award Medallion BIOS v6.0 USER : Stéphane ( Administrator ) BOOT : Fail-safe boot Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:27 Go (Free:10 Go) D:\ (Local Disk) - NTFS - Total:48 Go (Free:40 Go) F:\ (CD or DVD) G:\ (CD or DVD) H:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 02/02/2009|13:21 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\AskBarDis C:\Program Files\AskBarDis\bar C:\Program Files\AskBarDis\PopSwatter C:\Program Files\AskBarDis\unins000.dat C:\Program Files\AskBarDis\unins000.exe C:\Program Files\AskBarDis\bar\bin C:\Program Files\AskBarDis\bar\Cache C:\Program Files\AskBarDis\bar\History C:\Program Files\AskBarDis\bar\Settings C:\Program Files\AskBarDis\bar\bin\askBar.dll C:\Program Files\AskBarDis\bar\bin\askPopStp.dll C:\Program Files\AskBarDis\bar\bin\psvince.dll C:\Program Files\AskBarDis\bar\Cache\002CBDEB.bin C:\Program Files\AskBarDis\bar\Cache\002CBF91.bin C:\Program Files\AskBarDis\bar\Cache\002CC27F.bin C:\Program Files\AskBarDis\bar\Cache\002CC3E6.bin C:\Program Files\AskBarDis\bar\Cache\002CC56D.bin C:\Program Files\AskBarDis\bar\Cache\002CC6C4.bin C:\Program Files\AskBarDis\bar\Cache\002CC82C.bin C:\Program Files\AskBarDis\bar\Cache\002CC9A3.bin C:\Program Files\AskBarDis\bar\Cache\002CCB0A.bin C:\Program Files\AskBarDis\bar\Cache\002CCC62.bin C:\Program Files\AskBarDis\bar\Cache\002CEE61.bin C:\Program Files\AskBarDis\bar\Cache\002D7053.bin C:\Program Files\AskBarDis\bar\Cache\002FCEF3.bin C:\Program Files\AskBarDis\bar\Cache\0032C6C7.bin C:\Program Files\AskBarDis\bar\Cache\0999E6D6 C:\Program Files\AskBarDis\bar\Cache\10947414 C:\Program Files\AskBarDis\bar\Cache\files.ini C:\Program Files\AskBarDis\bar\History\search C:\Program Files\AskBarDis\bar\Settings\config.dat C:\Program Files\AskBarDis\bar\Settings\config.dat.bak C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm C:\Program Files\AskBarDis\PopSwatter\History C:\Program Files\AskBarDis\PopSwatter\History\allowed C:\Program Files\AskBarDis\PopSwatter\History\notallow C:\DOCUME~1\STPHAN~1\LOCALS~1\Temp\ICD1.tmp -----------\\ Extensions (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (St‚phane) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (St‚phane) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.fr/"'>http://www.google.fr/" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Search Page"="http://www.google.com"'>http://www.google.com" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 02/02/2009|13:24 - Option : [1] -----------\\ Fin du rapport a 13:24:19,62 rapport apres suppression -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Athlon Processor ) BIOS : Award Medallion BIOS v6.0 USER : Stéphane ( Administrator ) BOOT : Fail-safe boot Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:27 Go (Free:10 Go) D:\ (Local Disk) - NTFS - Total:48 Go (Free:40 Go) F:\ (CD or DVD) G:\ (CD or DVD) H:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 02/02/2009|13:28 ) -----------\\ SUPPRESSION Supprime! - C:\Program Files\AskBarDis\bar Supprime! - C:\Program Files\AskBarDis\PopSwatter Supprime! - C:\Program Files\AskBarDis\unins000.dat Supprime! - C:\Program Files\AskBarDis\unins000.exe Supprime! - C:\DOCUME~1\STPHAN~1\LOCALS~1\Temp\ICD1.tmp Supprime! - C:\Program Files\AskBarDis -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (St‚phane) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (St‚phane) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.fr/" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Search Page"="http://www.google.com" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Bar"="http://www.google.com/ie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 02/02/2009|13:24 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 02/02/2009|13:29 - Option : [2] -----------\\ Fin du rapport a 13:29:27,35 raport hijack Logfile of random's system information tool 1.05 (written by random/random) Run by Stéphane at 2009-02-02 13:44:11 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 9 GB (31%) free of 29 GB Total RAM: 1535 MB (73% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:44:18, on 02/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\LTSMMSG.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Portrait Displays\Pivot Software\floater.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Stéphane\Bureau\RSIT.exe C:\Program Files\trend micro\Stéphane.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB5; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" -"http://www.funlabo.com/moto/cascades-motos.htm" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/ O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/e/38.05/57g...0/uploader2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleG...PluginIEWin.cab O16 - DPF: {6531D99C-0D0E-4293-B3CB-A3E1D0D41847} (AhnASP Control) - http://aspglobal.ahnlab.com/asp/cab/AhnASP.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SNAWApache - Unknown owner - C:\Documents and Settings\Stéphane\Bureau\distrib_cligraphcrm_0.97\CLIGRAPHCRM\server\apache\bin\httpd.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: sugarMysql - Unknown owner - C:\PROGRA~1\SUGARC~1.0G\mysql\bin\mysqld.exe (file missing) O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/STPHAN~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif -- End of file - 10033 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Symantec NetDetect.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-01 251504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-01 657904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-01 522224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "LTSMMSG"=C:\WINDOWS\LTSMMSG.exe [2002-08-02 32768] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] "ezShieldProtector for Px"=C:\WINDOWS\System32\ezSP_Px.exe [2002-08-20 40960] "Omnipage"=C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-06-03 49152] "PivotSoftware"=C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe [2007-02-09 694008] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-10 385024] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-12-02 3882312] "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-02 68856] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-08-06 447928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe [2002-11-02 45056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe [2002-12-02 73728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE [2003-09-04 135214] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe /background [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2008-01-10 385024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [2002-06-18 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2002-08-16 110592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2006-02-10 73728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk] C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2007-04-23 692224] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VAIO Action Setup (Serveur).lnk] C:\PROGRA~1\Sony\VAIOAC~1\VAServ.exe [2002-11-07 40960] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Norton Ghost"=2 "wscsvc"=2 "Fax"=2 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui" "C:\Program Files\BitTorrent\btdownloadgui.exe"="C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui" "C:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe"="C:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe:*:Enabled:javaw" "C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Disabled:Java 2 Platform Standard Edition binary" "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary" "C:\Program Files\AVPersonal\AVWIN.EXE"="C:\Program Files\AVPersonal\AVWIN.EXE:*:Enabled:AntiVir" "C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe:*:Disabled:RealOne Player" "C:\Program Files\KiSS Technology\KiSS PC-Link\KiSS PC-Link.exe"="C:\Program Files\KiSS Technology\KiSS PC-Link\KiSS PC-Link.exe:*:Enabled:Server Application For KiSS PC-LINK" "C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary" "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\Documents and Settings\Armelle\Bureau\incredimail_install.exe"="C:\Documents and Settings\Armelle\Bureau\incredimail_install.exe:*:Enabled:IncrediMail Installer" "C:\Program Files\Freeplayer\vlc\vlc.exe"="C:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player" "D:\Installation\free\EasySync.exe"="D:\Installation\free\EasySync.exe:*:Enabled:EasySync" "D:\Videos\EasySync.exe"="D:\Videos\EasySync.exe:*:Enabled:EasySync" "D:\Videos\Greys Anatomy Season 2\EasySync.exe"="D:\Videos\Greys Anatomy Season 2\EasySync.exe:*:Enabled:EasySync" "D:\Videos\freebox\EasySync.exe"="D:\Videos\freebox\EasySync.exe:*:Enabled:EasySync" "C:\Program Files\JAlbum 6.5\JAlbumWin.exe"="C:\Program Files\JAlbum 6.5\JAlbumWin.exe:*:Enabled:JAlbumWin" "C:\Program Files\Anti-Trojan-55\Anti-Trojan.exe"="C:\Program Files\Anti-Trojan-55\Anti-Trojan.exe:*:Enabled:Anti-Trojan 5.5 Professional" "C:\Program Files\Xi\NetXfer\NetTransport.exe"="C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager" "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word" "C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®" "C:\Program Files\WDGold Lite\WDGold Lite.exe"="C:\Program Files\WDGold Lite\WDGold Lite.exe:*:Enabled:Gestion des contacts" "C:\Documents and Settings\Stéphane\Local Settings\Temp\Rar$EX00.500\distrib_cligraphcrm_0.96\CLIGRAPHCRM\server\apache\bin\httpd.exe"="C:\Documents and Settings\Stéphane\Local Settings\Temp\Rar$EX00.500\distrib_cligraphcrm_0.96\CLIGRAPHCRM\server\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server" "C:\Program Files\sugarcrm-5.0.0g\mysql\bin\mysqld.exe"="C:\Program Files\sugarcrm-5.0.0g\mysql\bin\mysqld.exe:*:Enabled:mysqld" "C:\Program Files\sugarcrm-5.0.0g\apache2\bin\Apache.exe"="C:\Program Files\sugarcrm-5.0.0g\apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server" "D:\Installation\CRM\mysql\bin\mysqld.exe"="D:\Installation\CRM\mysql\bin\mysqld.exe:*:Enabled:mysqld" "D:\Installation\CRM\apache2\bin\Apache.exe"="D:\Installation\CRM\apache2\bin\Apache.exe:*:Disabled:Apache HTTP Server" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "F:\setup\HPZNET01.EXE"="F:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe" "F:\setup\HPONICIFS01.EXE"="F:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe" "C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d: shell\Open\command - resycled\boot.com d: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d64a4c8e-9f51-11dd-a054-00e018fccfb9}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com k: shell\Open\command - resycled\boot.com k: ======File associations====== .js - edit - ======List of files/folders created in the last 1 months====== 2009-02-02 13:21:31 ----A---- C:\TB.txt 2009-02-02 13:17:42 ----D---- C:\ToolBar SD 2009-02-02 10:50:59 ----D---- C:\rsit 2009-01-23 20:56:51 ----D---- C:\Program Files\FRANCEPROSPECT 2009-01-15 10:32:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-01-14 19:38:30 ----D---- C:\WINDOWS\ie7updates 2009-01-14 19:37:27 ----D---- C:\WINDOWS\WBEM 2009-01-14 19:34:58 ----A---- C:\WINDOWS\imsins.BAK 2009-01-12 20:43:17 ----D---- C:\Program Files\Foxit Software 2009-01-12 20:43:17 ----D---- C:\Documents and Settings\Stéphane\Application Data\Foxit 2009-01-12 20:40:10 ----A---- C:\WINDOWS\system32\javaws.exe 2009-01-12 20:40:10 ----A---- C:\WINDOWS\system32\javaw.exe 2009-01-12 20:40:10 ----A---- C:\WINDOWS\system32\java.exe 2009-01-12 18:06:20 ----D---- C:\Documents and Settings\Stéphane\Application Data\Malwarebytes 2009-01-12 18:06:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-01-12 18:06:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-01-12 16:54:48 ----D---- C:\Program Files\Trend Micro 2009-01-12 16:08:58 ----A---- C:\WINDOWS\system32\tmp.txt 2009-01-12 16:08:55 ----A---- C:\rapport.txt 2009-01-12 15:45:53 ----A---- C:\WINDOWS\ntbtlog.txt 2009-01-12 14:08:51 ----D---- C:\Program Files\Avira 2009-01-12 14:08:51 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-01-12 11:16:24 ----A---- C:\WINDOWS\ST5UNST.EXE 2009-01-12 07:50:58 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-01-11 20:53:57 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2009-01-11 20:36:58 ----D---- C:\WINDOWS\system32\Kaspersky Lab 2009-01-11 20:32:01 ----D---- C:\Program Files\AhnLab 2009-01-10 11:59:37 ----D---- C:\Program Files\CCleaner 2009-01-10 11:13:07 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy) 2009-01-10 11:13:06 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy) 2009-01-10 11:11:55 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy) 2009-01-10 11:11:55 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy) 2009-01-09 19:43:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-09 19:42:56 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-01-08 12:59:14 ----D---- C:\Program Files\Oxemis 2009-01-05 19:05:08 ----D---- C:\Documents and Settings\Stéphane\Application Data\Oxemis ======List of files/folders modified in the last 1 months====== 2009-02-02 13:44:19 ----D---- C:\WINDOWS\Prefetch 2009-02-02 13:41:05 ----D---- C:\WINDOWS\Temp 2009-02-02 13:28:50 ----RD---- C:\Program Files 2009-02-02 10:57:46 ----D---- C:\WINDOWS\SoftwareDistribution 2009-02-02 10:56:56 ----D---- C:\WINDOWS\system32\CatRoot 2009-02-02 10:56:55 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-02 10:54:58 ----D---- C:\WINDOWS\system32 2009-02-02 10:54:52 ----D---- C:\WINDOWS 2009-02-02 09:54:14 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2009-02-01 17:11:25 ----A---- C:\WINDOWS\NeroDigital.ini 2009-02-01 17:11:15 ----D---- C:\Documents and Settings\Stéphane\Application Data\Azureus 2009-01-23 20:58:55 ----SHD---- C:\WINDOWS\Installer 2009-01-23 20:58:55 ----D---- C:\Config.Msi 2009-01-19 12:42:07 ----HD---- C:\WINDOWS\inf 2009-01-19 12:42:06 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-01-19 12:42:02 ----HD---- C:\WINDOWS\$hf_mig$ 2009-01-15 10:32:24 ----D---- C:\WINDOWS\system32\drivers 2009-01-14 19:42:33 ----D---- C:\WINDOWS\Help 2009-01-14 19:42:33 ----D---- C:\Program Files\Internet Explorer 2009-01-14 19:38:40 ----D---- C:\WINDOWS\system32\fr-fr 2009-01-14 19:36:52 ----HDC---- C:\WINDOWS\ie7 2009-01-14 19:12:45 ----D---- C:\WINDOWS\Debug 2009-01-13 09:58:17 ----D---- C:\WINDOWS\WinSxS 2009-01-13 08:48:32 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-01-13 08:22:17 ----D---- C:\Program Files\MDIConvertor 2009-01-12 22:49:01 ----D---- C:\WINDOWS\system32\Macromed 2009-01-12 22:49:01 ----D---- C:\Program Files\Yahoo! 2009-01-12 20:49:04 ----D---- C:\Program Files\Java 2009-01-12 20:44:57 ----AC---- C:\WINDOWS\AcrobatSetupStatus.ini 2009-01-12 20:44:54 ----D---- C:\Program Files\Fichiers communs\Adobe 2009-01-12 15:53:34 ----SHD---- C:\RECYCLER 2009-01-11 21:20:26 ----RASH---- C:\boot.ini 2009-01-11 21:20:26 ----A---- C:\WINDOWS\win.ini 2009-01-11 21:20:26 ----A---- C:\WINDOWS\system.ini 2009-01-10 12:03:45 ----D---- C:\WINDOWS\Minidump 2009-01-10 11:58:08 ----D---- C:\Program Files\Fichiers communs 2009-01-10 11:58:03 ----RSD---- C:\WINDOWS\Fonts 2009-01-10 11:57:58 ----A---- C:\WINDOWS\bizpub32.INI 2009-01-10 11:46:11 ----D---- C:\Program Files\Anti-Trojan-55 2009-01-09 17:35:30 ----A---- C:\WINDOWS\system32\MRT.exe 2009-01-06 09:12:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-01-06 09:12:50 ----D---- C:\WINDOWS\addins 2009-01-05 16:35:12 ----D---- C:\Program Files\Google ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 DMICall;Sony DMI Call service; C:\WINDOWS\System32\DRIVERS\DMICall.sys [2000-12-05 3952] R1 Pivot;Pivot; C:\WINDOWS\System32\drivers\pivot.sys [2007-02-09 17465] R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2002-11-29 16320] R2 giveio;IC-Prog Driver; \??\D:\Installation\ICPROG\icprog.sys [] R2 litsgt;litsgt; C:\WINDOWS\system32\DRIVERS\litsgt.sys [2005-11-12 137344] R2 tansgt;tansgt; C:\WINDOWS\system32\DRIVERS\tansgt.sys [2005-11-12 12032] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2002-11-28 15360] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112] R3 LucentSoftModem;Lucent Technologies Soft Modem; C:\WINDOWS\System32\DRIVERS\LTSM.sys [2002-08-02 816043] R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624] R3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-07-22 13184] R3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-07-22 209280] R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-11-16 15920] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-03-21 9856] R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-06-13 45568] R3 SONYWBMS;Sony Memory Stick controller(WB); C:\WINDOWS\System32\DRIVERS\SonyWBMS.SYS [2002-11-19 36184] R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-23 6912] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\F:\INSTAL~E\Core\BVRPMPR5.SYS [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-12-09 223128] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568] S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 pdiddcci;DDC/CI monitor; C:\WINDOWS\System32\DRIVERS\pdiddcci.sys [2007-04-24 11776] S3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\System32\DRIVERS\LV532AV.SYS [2003-09-04 152576] S3 pivotmou;Pivot Mouse/Pointers Filter Driver; \??\C:\WINDOWS\system32\drivers\pivotmou.sys [] S3 Ser2pl;Sitecom Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-01-09 41088] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe [2007-04-25 73728] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-15 168432] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728] S2 SNAWApache;SNAWApache; C:\Documents and Settings\Stéphane\Bureau\distrib_cligraphcrm_0.97\CLIGRAPHCRM\server\apache\bin\httpd.exe -k runservice [] S2 sugarMysql;sugarMysql; C:\PROGRA~1\SUGARC~1.0G\mysql\bin\mysqld.exe --defaults-file=C:\PROGRA~1\SUGARC~1.0G\mysql\my.ini sugarMysql [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920] S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SPTISRV;Sony SPTI Service; C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe [2002-07-23 65536] -----------------EOF----------------- pb tjrs la ...
  21. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    même pb sous tous les profils pour la table de registre, j'ose pas...trouve pas la ligne DesktopProcess et je sais pas créer une valeur
  22. houch

    saturation UC

    houch a répondu à un(e) sujet de houch dans Analyses et éradication malwares

    log.txt Logfile of random's system information tool 1.05 (written by random/random) Run by Stéphane at 2009-02-02 10:50:59 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 9 GB (31%) free of 29 GB Total RAM: 1535 MB (60% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:51:11, on 02/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\LTSMMSG.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Portrait Displays\Pivot Software\floater.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe D:\EasyPHP 2.0b1\EasyPHP.exe D:\EASYPH~1.0B1\Apache\bin\apache.exe D:\EASYPH~1.0B1\Apache\bin\apache.exe D:\EASYPH~1.0B1\MySql\bin\mysqld.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\REGEDIT.exe C:\Documents and Settings\Stéphane\Local Settings\Temporary Internet Files\Content.IE5\CLBKTC1N\RSIT[1].exe C:\Program Files\trend micro\Stéphane.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB5; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" -"http://www.funlabo.com/moto/cascades-motos.htm" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-554085901-3065808025-3036636359-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Armelle') O4 - HKUS\S-1-5-21-554085901-3065808025-3036636359-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Armelle') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/ O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/e/38.05/57g...0/uploader2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleG...PluginIEWin.cab O16 - DPF: {6531D99C-0D0E-4293-B3CB-A3E1D0D41847} (AhnASP Control) - http://aspglobal.ahnlab.com/asp/cab/AhnASP.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SNAWApache - Unknown owner - C:\Documents and Settings\Stéphane\Bureau\distrib_cligraphcrm_0.97\CLIGRAPHCRM\server\apache\bin\httpd.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: sugarMysql - Unknown owner - C:\PROGRA~1\SUGARC~1.0G\mysql\bin\mysqld.exe (file missing) O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/STPHAN~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif -- End of file - 10970 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Symantec NetDetect.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-01 251504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-01 657904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-01 522224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "LTSMMSG"=C:\WINDOWS\LTSMMSG.exe [2002-08-02 32768] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] "ezShieldProtector for Px"=C:\WINDOWS\System32\ezSP_Px.exe [2002-08-20 40960] "Omnipage"=C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-06-03 49152] "PivotSoftware"=C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe [2007-02-09 694008] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-10 385024] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-12-02 3882312] "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-02 68856] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-08-06 447928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe [2002-11-02 45056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe [2002-12-02 73728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE [2003-09-04 135214] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe /background [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2008-01-10 385024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [2002-06-18 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2002-08-16 110592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2006-02-10 73728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk] C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2007-04-23 692224] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VAIO Action Setup (Serveur).lnk] C:\PROGRA~1\Sony\VAIOAC~1\VAServ.exe [2002-11-07 40960] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Norton Ghost"=2 "wscsvc"=2 "Fax"=2 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui" "C:\Program Files\BitTorrent\btdownloadgui.exe"="C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui" "C:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe"="C:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe:*:Enabled:javaw" "C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Disabled:Java 2 Platform Standard Edition binary" "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary" "C:\Program Files\AVPersonal\AVWIN.EXE"="C:\Program Files\AVPersonal\AVWIN.EXE:*:Enabled:AntiVir" "C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe:*:Disabled:RealOne Player" "C:\Program Files\KiSS Technology\KiSS PC-Link\KiSS PC-Link.exe"="C:\Program Files\KiSS Technology\KiSS PC-Link\KiSS PC-Link.exe:*:Enabled:Server Application For KiSS PC-LINK" "C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary" "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\Documents and Settings\Armelle\Bureau\incredimail_install.exe"="C:\Documents and Settings\Armelle\Bureau\incredimail_install.exe:*:Enabled:IncrediMail Installer" "C:\Program Files\Freeplayer\vlc\vlc.exe"="C:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player" "D:\Installation\free\EasySync.exe"="D:\Installation\free\EasySync.exe:*:Enabled:EasySync" "D:\Videos\EasySync.exe"="D:\Videos\EasySync.exe:*:Enabled:EasySync" "D:\Videos\Greys Anatomy Season 2\EasySync.exe"="D:\Videos\Greys Anatomy Season 2\EasySync.exe:*:Enabled:EasySync" "D:\Videos\freebox\EasySync.exe"="D:\Videos\freebox\EasySync.exe:*:Enabled:EasySync" "C:\Program Files\JAlbum 6.5\JAlbumWin.exe"="C:\Program Files\JAlbum 6.5\JAlbumWin.exe:*:Enabled:JAlbumWin" "C:\Program Files\Anti-Trojan-55\Anti-Trojan.exe"="C:\Program Files\Anti-Trojan-55\Anti-Trojan.exe:*:Enabled:Anti-Trojan 5.5 Professional" "C:\Program Files\Xi\NetXfer\NetTransport.exe"="C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager" "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word" "C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®" "C:\Program Files\WDGold Lite\WDGold Lite.exe"="C:\Program Files\WDGold Lite\WDGold Lite.exe:*:Enabled:Gestion des contacts" "C:\Documents and Settings\Stéphane\Local Settings\Temp\Rar$EX00.500\distrib_cligraphcrm_0.96\CLIGRAPHCRM\server\apache\bin\httpd.exe"="C:\Documents and Settings\Stéphane\Local Settings\Temp\Rar$EX00.500\distrib_cligraphcrm_0.96\CLIGRAPHCRM\server\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server" "C:\Program Files\sugarcrm-5.0.0g\mysql\bin\mysqld.exe"="C:\Program Files\sugarcrm-5.0.0g\mysql\bin\mysqld.exe:*:Enabled:mysqld" "C:\Program Files\sugarcrm-5.0.0g\apache2\bin\Apache.exe"="C:\Program Files\sugarcrm-5.0.0g\apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server" "D:\Installation\CRM\mysql\bin\mysqld.exe"="D:\Installation\CRM\mysql\bin\mysqld.exe:*:Enabled:mysqld" "D:\Installation\CRM\apache2\bin\Apache.exe"="D:\Installation\CRM\apache2\bin\Apache.exe:*:Disabled:Apache HTTP Server" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "F:\setup\HPZNET01.EXE"="F:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe" "F:\setup\HPONICIFS01.EXE"="F:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe" "C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d: shell\Open\command - resycled\boot.com d: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d2d697b-196d-11d9-b11a-806d6172696f}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d: shell\Open\command - resycled\boot.com d: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d64a4c8e-9f51-11dd-a054-00e018fccfb9}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com k: shell\Open\command - resycled\boot.com k: ======File associations====== .js - edit - ======List of files/folders created in the last 1 months====== 2009-02-02 10:50:59 ----D---- C:\rsit 2009-01-23 20:56:51 ----D---- C:\Program Files\FRANCEPROSPECT 2009-01-15 10:32:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-01-14 19:38:30 ----D---- C:\WINDOWS\ie7updates 2009-01-14 19:37:27 ----D---- C:\WINDOWS\WBEM 2009-01-14 19:34:58 ----A---- C:\WINDOWS\imsins.BAK 2009-01-12 20:43:27 ----D---- C:\Program Files\AskBarDis 2009-01-12 20:43:17 ----D---- C:\Program Files\Foxit Software 2009-01-12 20:43:17 ----D---- C:\Documents and Settings\Stéphane\Application Data\Foxit 2009-01-12 20:40:10 ----A---- C:\WINDOWS\system32\javaws.exe 2009-01-12 20:40:10 ----A---- C:\WINDOWS\system32\javaw.exe 2009-01-12 20:40:10 ----A---- C:\WINDOWS\system32\java.exe 2009-01-12 18:06:20 ----D---- C:\Documents and Settings\Stéphane\Application Data\Malwarebytes 2009-01-12 18:06:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-01-12 18:06:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-01-12 16:54:48 ----D---- C:\Program Files\Trend Micro 2009-01-12 16:08:58 ----A---- C:\WINDOWS\system32\tmp.txt 2009-01-12 16:08:55 ----A---- C:\rapport.txt 2009-01-12 15:45:53 ----A---- C:\WINDOWS\ntbtlog.txt 2009-01-12 14:08:51 ----D---- C:\Program Files\Avira 2009-01-12 14:08:51 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-01-12 11:16:24 ----A---- C:\WINDOWS\ST5UNST.EXE 2009-01-12 07:50:58 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-01-11 20:53:57 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2009-01-11 20:36:58 ----D---- C:\WINDOWS\system32\Kaspersky Lab 2009-01-11 20:32:01 ----D---- C:\Program Files\AhnLab 2009-01-10 11:59:37 ----D---- C:\Program Files\CCleaner 2009-01-10 11:13:07 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy) 2009-01-10 11:13:06 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy) 2009-01-10 11:11:55 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy) 2009-01-10 11:11:55 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy) 2009-01-09 19:43:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-09 19:42:56 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-01-08 12:59:14 ----D---- C:\Program Files\Oxemis 2009-01-05 19:05:08 ----D---- C:\Documents and Settings\Stéphane\Application Data\Oxemis ======List of files/folders modified in the last 1 months====== 2009-02-02 10:51:05 ----D---- C:\WINDOWS\Prefetch 2009-02-02 09:21:48 ----D---- C:\WINDOWS\Temp 2009-02-01 17:11:25 ----A---- C:\WINDOWS\NeroDigital.ini 2009-02-01 17:11:15 ----D---- C:\Documents and Settings\Stéphane\Application Data\Azureus 2009-02-01 08:54:54 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2009-01-26 21:25:02 ----D---- C:\WINDOWS\system32 2009-01-25 11:41:46 ----D---- C:\WINDOWS\system32\CatRoot2 2009-01-23 20:58:55 ----SHD---- C:\WINDOWS\Installer 2009-01-23 20:58:55 ----D---- C:\Config.Msi 2009-01-23 20:56:51 ----RD---- C:\Program Files 2009-01-23 10:38:35 ----D---- C:\WINDOWS 2009-01-19 12:42:07 ----HD---- C:\WINDOWS\inf 2009-01-19 12:42:06 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-01-19 12:42:02 ----HD---- C:\WINDOWS\$hf_mig$ 2009-01-15 10:32:36 ----D---- C:\WINDOWS\system32\CatRoot 2009-01-15 10:32:24 ----D---- C:\WINDOWS\system32\drivers 2009-01-14 19:42:33 ----D---- C:\WINDOWS\Help 2009-01-14 19:42:33 ----D---- C:\Program Files\Internet Explorer 2009-01-14 19:38:40 ----D---- C:\WINDOWS\system32\fr-fr 2009-01-14 19:36:52 ----HDC---- C:\WINDOWS\ie7 2009-01-14 19:12:45 ----D---- C:\WINDOWS\Debug 2009-01-13 09:58:17 ----D---- C:\WINDOWS\WinSxS 2009-01-13 08:48:32 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-01-13 08:22:17 ----D---- C:\Program Files\MDIConvertor 2009-01-12 22:49:01 ----D---- C:\WINDOWS\system32\Macromed 2009-01-12 22:49:01 ----D---- C:\Program Files\Yahoo! 2009-01-12 20:49:04 ----D---- C:\Program Files\Java 2009-01-12 20:44:57 ----AC---- C:\WINDOWS\AcrobatSetupStatus.ini 2009-01-12 20:44:54 ----D---- C:\Program Files\Fichiers communs\Adobe 2009-01-12 15:53:34 ----SHD---- C:\RECYCLER 2009-01-11 21:20:26 ----RASH---- C:\boot.ini 2009-01-11 21:20:26 ----A---- C:\WINDOWS\win.ini 2009-01-11 21:20:26 ----A---- C:\WINDOWS\system.ini 2009-01-10 12:03:45 ----D---- C:\WINDOWS\Minidump 2009-01-10 11:58:08 ----D---- C:\Program Files\Fichiers communs 2009-01-10 11:58:03 ----RSD---- C:\WINDOWS\Fonts 2009-01-10 11:57:58 ----A---- C:\WINDOWS\bizpub32.INI 2009-01-10 11:46:11 ----D---- C:\Program Files\Anti-Trojan-55 2009-01-09 17:35:30 ----A---- C:\WINDOWS\system32\MRT.exe 2009-01-06 09:12:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-01-06 09:12:50 ----D---- C:\WINDOWS\addins 2009-01-05 16:35:12 ----D---- C:\Program Files\Google ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 DMICall;Sony DMI Call service; C:\WINDOWS\System32\DRIVERS\DMICall.sys [2000-12-05 3952] R1 Pivot;Pivot; C:\WINDOWS\System32\drivers\pivot.sys [2007-02-09 17465] R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2002-11-29 16320] R2 giveio;IC-Prog Driver; \??\D:\Installation\ICPROG\icprog.sys [] R2 litsgt;litsgt; C:\WINDOWS\system32\DRIVERS\litsgt.sys [2005-11-12 137344] R2 tansgt;tansgt; C:\WINDOWS\system32\DRIVERS\tansgt.sys [2005-11-12 12032] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2002-11-28 15360] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112] R3 LucentSoftModem;Lucent Technologies Soft Modem; C:\WINDOWS\System32\DRIVERS\LTSM.sys [2002-08-02 816043] R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624] R3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-07-22 13184] R3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-07-22 209280] R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-11-16 15920] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-03-21 9856] R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-06-13 45568] R3 SONYWBMS;Sony Memory Stick controller(WB); C:\WINDOWS\System32\DRIVERS\SonyWBMS.SYS [2002-11-19 36184] R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-23 6912] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\F:\INSTAL~E\Core\BVRPMPR5.SYS [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-12-09 223128] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568] S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 pdiddcci;DDC/CI monitor; C:\WINDOWS\System32\DRIVERS\pdiddcci.sys [2007-04-24 11776] S3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\System32\DRIVERS\LV532AV.SYS [2003-09-04 152576] S3 pivotmou;Pivot Mouse/Pointers Filter Driver; \??\C:\WINDOWS\system32\drivers\pivotmou.sys [] S3 Ser2pl;Sitecom Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-01-09 41088] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe [2007-04-25 73728] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-15 168432] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728] S2 SNAWApache;SNAWApache; C:\Documents and Settings\Stéphane\Bureau\distrib_cligraphcrm_0.97\CLIGRAPHCRM\server\apache\bin\httpd.exe -k runservice [] S2 sugarMysql;sugarMysql; C:\PROGRA~1\SUGARC~1.0G\mysql\bin\mysqld.exe --defaults-file=C:\PROGRA~1\SUGARC~1.0G\mysql\my.ini sugarMysql [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920] S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SPTISRV;Sony SPTI Service; C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe [2002-07-23 65536] -----------------EOF----------------- info.txt info.txt logfile of random's system information tool 1.05 2009-02-02 10:51:14 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3} -->C:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-aware 6 Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop Elements 2.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll" Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log AhnLab Smart Update i-->"C:\Program Files\AhnLab\ASP\Smart Update i\update\patch\03\SUpdateiSetup.exe" -Uninstall AhnLab SpyZero-->"C:\Program Files\AhnLab\ASP\Smart Update i\update\patch\3b\spyzerosetup.exe" -Uninstall Allok 3GP PSP MP4 iPod Video Converter 4.2.0709-->"C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter\unins000.exe" Anti-Trojan 5.5-->"C:\Program Files\Anti-Trojan-55\unins001.exe" Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ArcSoft PhotoStudio 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}\setup.exe" -l0x40c -uninst Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe" Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2} Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0009 -removeonly Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" Azureus-->C:\Program Files\Azureus\Uninstall.exe BitTorrent 3.2.1-->"C:\Program Files\BitTorrent\uninstall.exe" BusinessCardsMX 3.93-->"C:\Program Files\MOJOSOFT\BusinessCardsMX3\unins000.exe" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA} Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Click to DVD 1.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe" CloneCD-->"C:\Program Files\Elaborate Bytes\CloneCD\ccd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneCD" Coloriage-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\denouvel\Coloriage\UnInst01.log" "/APPNAME=Coloriage" Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} Convert XLS-->"C:\Program Files\Softinterface, Inc\Convert XLS\unins000.exe" CoreAAC Audio Decoder (remove only)-->"C:\WINDOWS\system32\CoreAAC-uninstall.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN EasyPHP 2.0b1-->"D:\EasyPHP 2.0b1\unins000.exe" EBSoft - CONTACTA-->C:\WINDOWS\COSMODEV\WDDESI~1.EXE /uninst /EBSoft - CONTACTA /C:\Program Files\EBSoft\Contacta Enregistrement en ligne VAIO (Français)-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{668B1BD6-4593-4959-970E-249AFFE6F35C} /l1036 ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe" FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe" Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe FRANCE PROSPECT Email 120-->MsiExec.exe /I{CBB4ED66-9C21-4DDF-A6D0-162081570A73} Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe Furnish Pro-->C:\WINDOWS\unvise32.exe C:\Program Files\Furnish Pro\Furnish Pro uninstal.log Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall Guitar Pro 5.0-->"C:\Program Files\Guitar Pro 5\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Document Viewer 7.0-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP My Display-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15733AD1-1CEF-459A-9245-0924FC63BDD5}\setup.exe" -l0x40c -removeonly HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB} Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0} Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe Kaspersky On-line Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719} Labtec WebCam-->MsiExec.exe /I{0463B519-E4C8-4C16-84AA-4743D1ED91B5} Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Logitech Registration-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C} Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x040c -removeonly Lucent Technologies Soft Modem AMR-->ltremove Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76} Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6} Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB} Macromedia Flash Player 8-->MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6} MagicPDF 2.01-->"C:\Program Files\MagicPDF\unins000.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Manual CanoScan 3000,3000F-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E088AC54-7379-4C8F-A8B6-D2381E5A1172}\setup.exe" -l0x40c MDI2PDF 2.4-->"C:\Program Files\MDIConvertor\unins000.exe" Media Player Classic 6.4.8.4-->C:\Program Files\Media Player Classic\mpc_uninst.exe Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe MoodLogic-->C:\WINDOWS\ml-uninstall-v10.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Music Visualizer Library 1.4.00-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe" -l0x40c Nero 6 Enterprise Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Network Smart Capture-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30642CE1-217B-40C0-92E2-6BF849599D9E}\Setup.exe" -l0x40c NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe OmniPage SE-->MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94} OpenMG Limited Patch 3.1-02-10-22-01-->C:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix3.1-02-10-22-01\HotFixSetup\setup.exe /u OpenMG Limited Patch 3.1-02-10-23-01-->C:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix3.1-02-10-23-01\HotFixSetup\setup.exe /u OpenMG Secure Module 3.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{117C01B5-9D68-4A15-85E2-A7CDFA82CEB9}\setup.exe" -l0x40c UNINSTALL Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} OxiMailing-->MsiExec.exe /I{C37A19CE-1CEC-4460-8110-6D4F8BDB982E} OxiSms-->MsiExec.exe /I{4315A3B7-9A2D-4228-9705-550C483A06A4} PictureGear Studio 1.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27C5164D-ED0E-4D64-B788-93305BD62101}\Setup.exe" Pivot Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}\setup.exe" -l0x40c -removeonly PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log QuickTime-->MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA} SDK-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9 Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Sint Nicolaas 2.00 Uninstaller-->"C:\Program Files\Sinterklaas\uninst-SintNicolaas-200.exe" SonicStage 1.5.05-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x40c UNINSTALL Sothink SWF Decompiler-->"C:\Program Files\SourceTec\Sothink SWF Decompiler\unins000.exe" System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe TablEdit 2.65-->"C:\Program Files\TablEdit\unins000.exe" TeLL me More-->"C:\TELL ME MORE NV\BIN\unsetup.exe" -file "C:\TELL ME MORE NV\unsetup.aui" Tux Paint (remove only)-->"C:\Program Files\TuxPaint\uninstall.exe" VAIO Action Setup-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}\Setup.exe" -l0x40c VAIO BrightColor Wallpaper-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}\setup.exe" VAIO Clock Screen Saver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1D057E97-A116-4BF9-B307-83C3FBD86515}\setup.exe" VAIO DeepSea Wallpaper-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3147661C-2807-49EC-B971-3B0F23D95018}\setup.exe" VAIO System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2366D960-F00F-11D3-99D3-00C04FCCB775}\Setup.exe" VAIO Web Phone-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{764FBCE2-1593-11D4-A51F-0800460222F0}\setup.exe" Add/Remove VERITAS RecordNow Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3} VERITAS RecordNow-->MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264} VideoLAN VLC media player 0.7.0-->"C:\Program Files\VideoLAN\VLC\uninstall.exe" VideoLAN VLC media player 0.8.4a-->C:\Program Files\VideoLAN\VLC\uninstall.exe VisualGPSce-->C:\Program Files\Microsoft ActiveSync\VisualGPSce\Uninstall.exe VisualGPSce Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B} Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B} Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" XviD 1.1 final uninstall-->"C:\Program Files\Xvid\unins001.exe" ======Hosts File====== 127.0.0.1 localhost 192.168.0.12 HP001CC4B958FD ======Security center information====== AV: Avira AntiVir PersonalEdition Classic System event log Computer Name: NOM-XA4CSBG3HKY Event Code: 7036 Message: Le service Pml Driver HPZ12 est entré dans l'état : en cours d'exécution. Record Number: 84039 Source Name: Service Control Manager Time Written: 20081209141726.000000+060 Event Type: Informations User: Computer Name: NOM-XA4CSBG3HKY Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Pml Driver HPZ12. Record Number: 84038 Source Name: Service Control Manager Time Written: 20081209141726.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: NOM-XA4CSBG3HKY Event Code: 7036 Message: Le service HP Status Server est entré dans l'état : en cours d'exécution. Record Number: 84037 Source Name: Service Control Manager Time Written: 20081209141726.000000+060 Event Type: Informations User: Computer Name: NOM-XA4CSBG3HKY Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service HP Status Server. Record Number: 84036 Source Name: Service Control Manager Time Written: 20081209141726.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: NOM-XA4CSBG3HKY Event Code: 7036 Message: Le service HP Port Resolver est entré dans l'état : en cours d'exécution. Record Number: 84035 Source Name: Service Control Manager Time Written: 20081209141726.000000+060 Event Type: Informations User: Application event log Computer Name: NOM-XA4CSBG3HKY Event Code: 701 Message: msnmsgr (3024) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\Stéphane\Local Settings\Application Data\Microsoft\Messenger\steph20092000@hotmail.com\SharingMetadata\Working\database_3AE8_2572_E825_2E17\dfsr.db'. Record Number: 34690 Source Name: ESENT Time Written: 20081201145935.000000+060 Event Type: Informations User: Computer Name: NOM-XA4CSBG3HKY Event Code: 700 Message: msnmsgr (3024) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\Stéphane\Local Settings\Application Data\Microsoft\Messenger\steph20092000@hotmail.com\SharingMetadata\Working\database_3AE8_2572_E825_2E17\dfsr.db'. Record Number: 34689 Source Name: ESENT Time Written: 20081201145935.000000+060 Event Type: Informations User: Computer Name: NOM-XA4CSBG3HKY Event Code: 701 Message: msnmsgr (3024) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\Stéphane\Local Settings\Application Data\Microsoft\Messenger\steph20092000@hotmail.com\SharingMetadata\Working\database_3AE8_2572_E825_2E17\dfsr.db'. Record Number: 34688 Source Name: ESENT Time Written: 20081201135935.000000+060 Event Type: Informations User: Computer Name: NOM-XA4CSBG3HKY Event Code: 700 Message: msnmsgr (3024) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\Stéphane\Local Settings\Application Data\Microsoft\Messenger\steph20092000@hotmail.com\SharingMetadata\Working\database_3AE8_2572_E825_2E17\dfsr.db'. Record Number: 34687 Source Name: ESENT Time Written: 20081201135935.000000+060 Event Type: Informations User: Computer Name: NOM-XA4CSBG3HKY Event Code: 701 Message: msnmsgr (3024) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\Stéphane\Local Settings\Application Data\Microsoft\Messenger\steph20092000@hotmail.com\SharingMetadata\Working\database_3AE8_2572_E825_2E17\dfsr.db'. Record Number: 34686 Source Name: ESENT Time Written: 20081201125935.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Sonic\MyDVD;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=0801 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip -----------------EOF-----------------
  23. houch
    Bonjour Mon ordi fonctionne bien masi dés que j'ouvre un programme quel qu'il soit mon uc est à 100 % et emet un siflement trés aigu. Est un virus ou pas ?
  24. houch
    merci infiniment - trés efficace -
  25. houch
    rapport Malwarebytes Malwarebytes' Anti-Malware 1.32 Version de la base de données: 1646 Windows 5.1.2600 Service Pack 3 12/01/2009 19:56:54 mbam-log-2009-01-12 (19-56-54).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 211596 Temps écoulé: 1 hour(s), 40 minute(s), 33 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 5 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 8 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntivirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Error Safe Free (Rogue.Errorsafe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\drivecleaner 2006 free (Rogue.DriveCleaner) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\drivecleaner free (Rogue.DriveCleaner) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\Fichiers communs\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Documents and Settings\Stéphane\Application Data\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Documents and Settings\Stéphane\Application Data\DriveCleaner 2006 Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\Downloaded Program Files\UERSV_0001_N91S2108NetInstaller.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\Downloaded Program Files\UERSV_9999_N91S1912NetInstaller.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\Downloaded Program Files\UWAS6V_0001_N91M2208NetInstaller.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSV_9999_N91S1912NetInstaller.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Stéphane\Application Data\DriveCleaner 2006 Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msqpdxtmrmsecn.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\msqpdxmxemhstv.sys (Trojan.Agent) -> Quarantined and deleted successfully. et hijackthis apriori pb resolu merci Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:05:04, on 12/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\LTSMMSG.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Portrait Displays\Pivot Software\floater.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB5; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" -"http://www.funlabo.com/moto/cascades-motos.htm" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/ O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/e/38.05/57g...0/uploader2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleG...PluginIEWin.cab O16 - DPF: {6531D99C-0D0E-4293-B3CB-A3E1D0D41847} (AhnASP Control) - http://aspglobal.ahnlab.com/asp/cab/AhnASP.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SNAWApache - Unknown owner - C:\Documents and Settings\Stéphane\Bureau\distrib_cligraphcrm_0.97\CLIGRAPHCRM\server\apache\bin\httpd.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: sugarMysql - Unknown owner - C:\PROGRA~1\SUGARC~1.0G\mysql\bin\mysqld.exe (file missing) O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/STPHAN~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif -- End of file - 10108 bytes
×
×
  • Créer...