

michelba
Membres-
Compteur de contenus
29 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par michelba
-
[résolu] problème connexion, soupçon infection
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Pas bête! Bon, je crois que tout est fait. Je te dis un grand merci! -
[résolu] problème connexion, soupçon infection
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Le message d'erreur est Vous devez disposer d 'une autorisation pour effectuer cette action. -
[résolu] problème connexion, soupçon infection
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
C'est fait, mais il y a toujours un dossier C:\ComboFix que je n'ai pas réussi à enlever. Par contre C:\QooBox est parti. -
[résolu] problème connexion, soupçon infection
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
C'est bon, plus de O20. -
[résolu] problème connexion, soupçon infection
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
C'est fait. Bonne nuit et à demain, alors! Merci. -
[résolu] problème connexion, soupçon infection
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Le voilà : ====================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:16:25, on 31/01/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16764) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Launch Manager\LManager.exe C:\Windows\system32\wuauclt.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\ICQ6\ICQ.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Users\ALEXAN~1\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Users\alexandra\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\4324\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenкtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\4324\toolbaru.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [iCQ] "C:\Program Files\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Envoyer а OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer а OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://vkontakte.ru/uploader/ImageUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: G G G O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8772 bytes -
[résolu] problème connexion, soupçon infection
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Oui tout est nickel. Je marque résolu? -
[résolu] problème connexion, soupçon infection
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Non, c'est bon, Norton a disparu! D'autre part, Internet se connecte maintenant! C'était peut-être ça le problème... On arrête ou on peaufine les vérifications? J'attends tes instructions. Et merci infiniment! -
[résolu] problème connexion, soupçon infection
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Le voilà : ==================================== Logfile of random's system information tool 1.05 (written by random/random) Run by alexandra at 2009-01-30 23:27:16 Microsoft® Windows Vista™ Йdition Familiale Premium System drive C: has 11 GB (34%) free of 33 GB Total RAM: 766 MB (34% free) HijackThis download failed ======Scheduled tasks folder====== C:\Windows\tasks\User_Feed_Synchronization-{CFFA675E-CF03-45CC-8E49-BCF05E1BD668}.job C:\Windows\tasks\Vйrifier les mises а jour de Windows Live Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}] XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\4324\toolbaru.dll [2006-12-25 701952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-06-03 1404928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-11-11 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}] ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2007-02-06 299008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-07-28 2436160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-06 151552] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenкtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\PROGRA~1\ICQTOO~1\4324\toolbaru.dll [2006-12-25 701952] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-07-28 2436160] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704] "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-02-06 90191] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-02-06 81920] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-02-06 7770112] "LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-12-21 659456] "eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-02-06 464168] "Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-01-17 151552] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352] "ICQ"=C:\Program Files\ICQ6\ICQ.exe [2008-09-01 173304] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-07-28 171448] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-09 1232896] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="G G G" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\Windows\system32\klogon.dll [2008-11-11 218376] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96e78210-109b-11dd-ab98-0016d35b843a}] shell\AutoRun\command - F:\EmDesk.exe shell\EmDesk\command - F:\EmDesk.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d900ae78-9286-11dc-9697-0016d35b843a}] shell\AutoRun\command - G:\LaunchU3.exe -a ======List of files/folders created in the last 1 months====== 2009-01-30 09:25:18 ----D---- C:\ProgramData\NortonInstaller 2009-01-29 19:21:39 ----D---- C:\Windows\temp 2009-01-29 19:21:32 ----A---- C:\ComboFix.txt 2009-01-29 19:14:04 ----A---- C:\Windows\PSEXESVC.EXE 2009-01-28 23:32:02 ----A---- C:\Windows\zip.exe 2009-01-28 23:32:02 ----A---- C:\Windows\VFIND.exe 2009-01-28 23:32:02 ----A---- C:\Windows\SWXCACLS.exe 2009-01-28 23:32:02 ----A---- C:\Windows\SWSC.exe 2009-01-28 23:32:02 ----A---- C:\Windows\SWREG.exe 2009-01-28 23:32:02 ----A---- C:\Windows\sed.exe 2009-01-28 23:32:02 ----A---- C:\Windows\NIRCMD.exe 2009-01-28 23:32:02 ----A---- C:\Windows\grep.exe 2009-01-28 23:32:02 ----A---- C:\Windows\fdsv.exe 2009-01-28 23:31:54 ----D---- C:\Windows\ERDNT 2009-01-28 23:31:54 ----D---- C:\Qoobox 2009-01-28 23:31:53 ----D---- C:\ComboFix 2009-01-28 17:39:55 ----D---- C:\rsit 2009-01-28 17:39:55 ----D---- C:\Program Files\trend micro 2009-01-08 21:29:54 ----D---- C:\Windows\pss 2009-01-07 20:43:45 ----A---- C:\Windows\system32\mshtml.dll 2009-01-04 03:54:40 ----D---- C:\Windows\Minidump 2009-01-03 21:23:01 ----SHD---- C:\Config.Msi 2009-01-03 21:10:53 ----D---- C:\ProgramData\Kaspersky Lab Setup Files ======List of files/folders modified in the last 1 months====== 2009-01-30 23:27:17 ----D---- C:\Windows\Prefetch 2009-01-30 21:04:59 ----D---- C:\ProgramData\Kaspersky Lab 2009-01-30 20:43:36 ----D---- C:\Program Files\Mozilla Firefox 2009-01-30 10:31:15 ----SHD---- C:\System Volume Information 2009-01-30 09:27:04 ----RD---- C:\Program Files 2009-01-30 09:27:04 ----D---- C:\Program Files\Common Files 2009-01-30 09:27:01 ----AD---- C:\Windows\system32\drivers 2009-01-30 09:26:59 ----HD---- C:\ProgramData 2009-01-30 09:25:32 ----SHD---- C:\Windows\Installer 2009-01-29 21:05:04 ----D---- C:\Windows\winsxs 2009-01-29 19:21:44 ----D---- C:\Windows\system32\fr-FR 2009-01-29 19:21:44 ----AD---- C:\Windows\System32 2009-01-29 19:21:39 ----AD---- C:\Windows 2009-01-29 19:14:46 ----A---- C:\Windows\system.ini 2009-01-29 19:11:40 ----D---- C:\Windows\AppPatch 2009-01-28 17:42:27 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-01-28 17:41:24 ----D---- C:\Windows\inf 2009-01-28 17:28:46 ----D---- C:\Windows\system32\catroot 2009-01-28 17:28:38 ----D---- C:\Program Files\Windows Mail 2009-01-28 00:43:54 ----D---- C:\Windows\system32\catroot2 2009-01-10 02:35:28 ----A---- C:\Windows\system32\mrt.exe 2009-01-08 21:47:14 ----D---- C:\Windows\system32\LogFiles 2009-01-08 09:50:33 ----D---- C:\Users\alexandra\AppData\Roaming\Skype 2009-01-08 09:50:23 ----D---- C:\Users\alexandra\AppData\Roaming\skypePM 2009-01-03 22:19:19 ----SD---- C:\ProgramData\Microsoft 2009-01-03 21:47:46 ----D---- C:\Program Files\Kaspersky Lab 2009-01-03 21:29:33 ----D---- C:\Windows\Tasks ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872] R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-10-27 239632] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496] R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-01-02 76584] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 RMCAST;Pilote du protocole RMCAT PGMP; C:\Windows\system32\DRIVERS\RMCAST.sys [2008-05-10 113664] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 8192] R3 BCM43XX;Pilote pour carte rйseau Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 534016] R3 Cam5607;Acer OrbiCam; C:\Windows\System32\Drivers\BisonC07.sys [2005-11-29 792368] R3 CmBatt;Pilote pour Batterie а mйthode de contrфle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-15 14208] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-08 986624] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-08 206848] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-09 1647976] R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-03-27 6144] R3 NVENETFD;Pilote du contrфleur de rйseau NVIDIA nForce; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-02-06 4456320] R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 11520] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896] R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-08 659968] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-11-15 11264] S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456] S3 BCM43XV;Pilote de la carte rйseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 534016] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544] S3 usbvideo;Pйriphйrique vidйo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432] S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-06 457512] R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-12-22 24576] R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-03-22 131072] R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-01-31 53248] R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-02 24576] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440] R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247] R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 135168] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-05 386560] R3 avp;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2008-11-11 206088] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-28 138168] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] -----------------EOF----------------- -
[résolu] problème connexion, soupçon infection
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Oui, le centre de sécurité m'indique : "Le pare-feu Windows et Norton Internet Security indiquent qu'ils sont tous deux activés" (car entre temps, pensant être débarassé de Norton, j'avais réactivé le pare-feu Windows!) ...?? -
[résolu] problème connexion, soupçon infection
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Et d'autre part, l'UAC a l'air de fonctionner ; chaque opération engendre une demande d'autorisation ou presque... -
[résolu] problème connexion, soupçon infection
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Bizarre... Après redémarrage, je suis allé ouvrir le centre de sécurité. Dans la section "Pare-Feu", on lit encore : Norton Internet Security indique qu'il est activé! Quand je clique sur "Afficher les programmes pare-feu", c'est confirmé et on lit aussi que le pare-feu Windows est désactivé. Maintenant, quand je ferme le centre de sécurité et que je clique sur "Pare-feu Windows" dans le panneau de configuration, on y lit que Le pare-feu Windows est activé! Il est vrai qu'on me dit aussi qu'il n'utilise pas les paramètres recommandés... Help! -
[résolu] problème connexion, soupçon infection
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Bonjour, Falkra (et merci pour cette inspection pas à pas!) J'ai supprimé les restes de Norton. Pour l'UAC, je ne savais même pas ce que c'était (je te rappelle que ce n'est pas mon ordinateur, moi j'ai XP et pas Vista). Penses-tu qu'il soit bon de le réactiver? Pour le centre de sécurité, c'est moi qui avait tout désactivé pour ne pas gêner ComboFix, mais c'était peut-être inutile? Pour les mises à jour, je vais voir! Bon, qu'est-ce que je fais après tout ça? -
[résolu] problème connexion, soupçon infection
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Et voila Combofix.txt (désolé pour les lettres cyrilliques, c'est dû à ma configuration) ============================= ComboFix 09-01-21.04 - alexandra 2009-01-29 19:08:28.1 - NTFSx86 Microsoft® Windows Vista™ Йdition Familiale Premium 6.0.6000.0.1252.1.1036.18.766.256 [GMT 1:00] Lancй depuis: c:\users\alexandra\Desktop\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) AV: Norton Internet Security *On-access scanning enabled* (Outdated) FW: Norton Internet Security *enabled* * Un nouveau point de restauration a йtй crйй . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Temp\log.txt . ((((((((((((((((((((((((((((( Fichiers crййs du 2008-12-28 au 2009-01-28 )))))))))))))))))))))))))))))))))))) . 2009-01-28 17:39 . 2009-01-28 17:40 <REP> d-------- C:\rsit 2009-01-28 17:39 . 2009-01-28 17:39 <REP> d-------- c:\program files\trend micro 2009-01-28 00:44 . 2008-12-16 04:14 290,304 --a------ c:\windows\System32\drivers\srv.sys 2009-01-07 20:43 . 2008-12-12 02:53 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2009-01-04 03:53 . 2009-01-04 03:54 139,650,807 --a------ c:\windows\MEMORY.DMP 2009-01-04 03:53 . 2009-01-29 09:26 360,480 --ahs---- c:\windows\System32\drivers\fidbox2.dat 2009-01-04 03:53 . 2009-01-29 09:25 2,312 --ahs---- c:\windows\System32\drivers\fidbox2.idx 2009-01-03 21:10 . 2009-01-03 21:10 <REP> d-------- c:\users\All Users\Kaspersky Lab Setup Files 2009-01-03 21:10 . 2009-01-03 21:10 <REP> d-------- c:\programdata\Kaspersky Lab Setup Files . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-29 18:05 13,213 ----a-w c:\users\alexandra\AppData\Roaming\nvModes.dat 2009-01-28 22:37 --------- d-----w c:\programdata\Kaspersky Lab 2009-01-28 16:28 --------- d-----w c:\program files\Windows Mail 2009-01-27 23:49 597,080 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-01-27 23:49 44,443,424 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-01-08 08:50 --------- d-----w c:\users\alexandra\AppData\Roaming\skypePM 2009-01-08 08:50 --------- d-----w c:\users\alexandra\AppData\Roaming\Skype 2009-01-03 20:47 --------- d-----w c:\program files\Kaspersky Lab 2009-01-03 20:42 --------- d-----w c:\program files\Symantec 2009-01-03 20:36 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-03 20:35 --------- d-----w c:\programdata\Symantec 2008-12-11 05:17 174 --sha-w c:\program files\desktop.ini 2008-12-10 22:43 --------- d-----w c:\programdata\Microsoft Help 2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll 2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe 2008-07-29 20:09 56 ---ha-w c:\users\All Users\ezsidmv.dat 2008-07-29 20:09 56 ---ha-w c:\programdata\ezsidmv.dat 2007-10-19 20:31 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-10-19 20:31 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-10-19 20:31 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les йlйments vides & les йlйments initiaux lйgitimes ne sont pas listйs REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-28 171448] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-06 90191] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-06 81920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-06 7770112] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-21 659456] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-17 151552] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-03-27 528384] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=G G G [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{A4DB2792-CB56-45C5-AA0F-F255F3CB8787}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger "UDP Query User{BEF06702-6016-4AB7-819E-83930381B1E8}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DisabledInterfaces"= {259C8A65-8F12-4FB5-B2F6-7DCE7573A664} "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 32784] R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071220.001\IDSvix86.sys [2007-12-22 180272] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496] R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2007-10-30 37936] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96e78210-109b-11dd-ab98-0016d35b843a}] \shell\AutoRun\command - F:\EmDesk.exe \shell\EmDesk\command - F:\EmDesk.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d900ae78-9286-11dc-9697-0016d35b843a}] \shell\AutoRun\command - G:\LaunchU3.exe -a . Contenu du dossier 'Tвches planifiйes' 2009-01-28 c:\windows\Tasks\User_Feed_Synchronization-{CFFA675E-CF03-45CC-8E49-BCF05E1BD668}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 10:45] 2009-01-29 c:\windows\Tasks\Vйrifier les mises а jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Device Detector - DevDetect.exe HKLM-Run-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe HKLM-Run-Acer Tour - (no file) HKLM-Run-eRecoveryService - (no file) . ------- Examen supplйmentaire ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = about:blank uInternet Settings,ProxyOverride = <local> FF - ProfilePath - c:\users\alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\h6g9njg1.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-29 19:14:36 Windows 6.0.6000 NTFS Recherche de processus cachйs ... Recherche d'йlйments en dйmarrage automatique cachйs ... Recherche de fichiers cachйs ... Scan terminй avec succиs Fichiers cachйs: 0 ************************************************************************** . --------------------- DLLs chargйes dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(624) c:\windows\system32\eNetHook.dll - - - - - - - > 'lsass.exe'(592) c:\windows\system32\eNetHook.dll . Heure de fin: 2009-01-29 19:21:30 ComboFix-quarantined-files.txt 2009-01-29 18:18:15 Avant-CF: 13 464 461 312 octets libres Aprиs-CF: 13,270,679,552 octets libres Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6,7 165 --- E O F --- 2009-01-28 16:28:47 ====================================== Voila, chef, j'attends les ordres! -
[résolu] problème connexion, soupçon infection
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
J'ai relancé avec Kaspersky désactivé, j'obtiens la fenêtre : "Le scanneur Norton Internet Security est toujours actif mais ComboFix va continuer à s'éxécuter. Veuillez noter que c'est à vos risques et périls" Est-ce que j'appuie sur OK? -
[résolu] problème connexion, soupçon infection
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Merci Falkra, j'ai fait ce que tu as dit, mais j'arrive à un problème délicat : j'en suis au point où la fenêtre "Administrateur" s'est ouverte et indique "Merci de patienter ; ComboFix s'apprête à démarrer". A ce moment, une fenêtre s'est ouverte avec écrit : (je résume) "ComboFix a repéré que les scanneurs Kasperky et Norton Internet Security sont actifs ; prière de les désactiver avant de cliquer sur OK, sinon des résultats imprévisibles, voire nuisibles sont à craindre." J'ai désactivé Kaspersky, MAIS je ne sais absolument pas où se cache Norton dans l'ordinateur : pas d'icône sur le bureau, un dossier Symantec quasiment vide... Je préfère mettre tout ça en veille prolongée en attendant te conseils, de peur de commettre l'irréparable... -
[résolu] problème connexion, soupçon infection
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Bonjour, Falkra D'abord merci infiniment de me répondre, et je serais très heureux d'être orienté sur le bon forum si c'est nécessaire. Ensuite, j'ai tenté de suivre tes instructions, ce qui est un peu compliqué puisque justement l'ordinateur en examen ne se connecte pas à Internet. Donc je passe par le mien et je transfère les fichiers téléchargés par une clé USB. Donc voici d'abord log.txt : ========================================== Logfile of random's system information tool 1.05 (written by random/random) Run by alexandra at 2009-01-28 18:28:14 Microsoft® Windows Vista™ Йdition Familiale Premium System drive C: has 13 GB (39%) free of 33 GB Total RAM: 766 MB (34% free) HijackThis download failed ======Scheduled tasks folder====== C:\Windows\tasks\User_Feed_Synchronization-{CFFA675E-CF03-45CC-8E49-BCF05E1BD668}.job C:\Windows\tasks\Vйrifier les mises а jour de Windows Live Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}] XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\4324\toolbaru.dll [2006-12-25 701952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-06-03 1404928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-11-11 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}] ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2007-02-06 299008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-07-28 2436160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-06 151552] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenкtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\PROGRA~1\ICQTOO~1\4324\toolbaru.dll [2006-12-25 701952] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-07-28 2436160] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour"= [] "eRecoveryService"= [] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-10-07 1006264] "WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104] "Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /a /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll [] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704] "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-02-06 90191] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-02-06 81920] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-02-06 7770112] "LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-12-21 659456] "eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-02-06 464168] "Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-01-17 151552] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352] "ICQ"=C:\Program Files\ICQ6\ICQ.exe [2008-09-01 173304] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-07-28 171448] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-09 1232896] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440] "Device Detector"=DevDetect.exe -autorun [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll eNetHook.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\Windows\system32\klogon.dll [2008-11-11 218376] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e3d7844-90f7-11dc-9df3-0016d35b843a}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96e78210-109b-11dd-ab98-0016d35b843a}] shell\AutoRun\command - F:\EmDesk.exe shell\EmDesk\command - F:\EmDesk.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d900ae78-9286-11dc-9697-0016d35b843a}] shell\AutoRun\command - G:\LaunchU3.exe -a ======List of files/folders created in the last 1 months====== 2009-01-28 17:39:55 ----D---- C:\rsit 2009-01-28 17:39:55 ----D---- C:\Program Files\trend micro 2009-01-08 21:29:54 ----D---- C:\Windows\pss 2009-01-07 20:43:45 ----A---- C:\Windows\system32\mshtml.dll 2009-01-04 03:54:40 ----D---- C:\Windows\Minidump 2009-01-03 21:23:01 ----SHD---- C:\Config.Msi 2009-01-03 21:10:53 ----D---- C:\ProgramData\Kaspersky Lab Setup Files ======List of files/folders modified in the last 1 months====== 2009-01-28 18:28:10 ----D---- C:\Windows\Temp 2009-01-28 17:42:37 ----AD---- C:\Windows\System32 2009-01-28 17:42:27 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-01-28 17:41:24 ----D---- C:\Windows\inf 2009-01-28 17:39:55 ----RD---- C:\Program Files 2009-01-28 17:28:46 ----D---- C:\Windows\system32\catroot 2009-01-28 17:28:38 ----D---- C:\Windows\winsxs 2009-01-28 17:28:38 ----D---- C:\Program Files\Windows Mail 2009-01-28 17:28:27 ----AD---- C:\Windows\system32\drivers 2009-01-28 17:25:26 ----SHD---- C:\System Volume Information 2009-01-28 00:45:10 ----D---- C:\ProgramData\Kaspersky Lab 2009-01-28 00:43:54 ----D---- C:\Windows\system32\catroot2 2009-01-27 22:20:38 ----D---- C:\Windows\Prefetch 2009-01-11 21:00:45 ----AD---- C:\Windows 2009-01-11 20:56:20 ----SHD---- C:\Windows\Installer 2009-01-10 02:35:28 ----A---- C:\Windows\system32\mrt.exe 2009-01-08 21:47:14 ----D---- C:\Windows\system32\LogFiles 2009-01-08 09:50:33 ----D---- C:\Users\alexandra\AppData\Roaming\Skype 2009-01-08 09:50:23 ----D---- C:\Users\alexandra\AppData\Roaming\skypePM 2009-01-06 17:48:11 ----D---- C:\Program Files\Mozilla Firefox 2009-01-03 22:19:19 ----SD---- C:\ProgramData\Microsoft 2009-01-03 21:47:46 ----D---- C:\Program Files\Kaspersky Lab 2009-01-03 21:42:48 ----D---- C:\Program Files\Symantec 2009-01-03 21:36:12 ----D---- C:\Program Files\Common Files\Symantec Shared 2009-01-03 21:35:49 ----D---- C:\ProgramData\Symantec 2009-01-03 21:29:33 ----D---- C:\Windows\Tasks 2009-01-03 21:15:25 ----HD---- C:\ProgramData ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071220.001\IDSvix86.sys [2007-11-06 180272] R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872] R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-10-27 239632] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496] R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696] R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-10-30 191536] R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-01-02 76584] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 RMCAST;Pilote du protocole RMCAT PGMP; C:\Windows\system32\DRIVERS\RMCAST.sys [2008-05-10 113664] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 8192] R3 BCM43XX;Pilote pour carte rйseau Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 534016] R3 Cam5607;Acer OrbiCam; C:\Windows\System32\Drivers\BisonC07.sys [2005-11-29 792368] R3 CmBatt;Pilote pour Batterie а mйthode de contrфle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-15 14208] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-08 986624] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-08 206848] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-09 1647976] R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-03-27 6144] R3 NVENETFD;Pilote du contrфleur de rйseau NVIDIA nForce; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-02-06 4456320] R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 11520] R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-10-30 12848] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-12-12 123952] R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-10-30 145968] R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-10-30 39856] R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-10-30 37936] R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-10-30 27696] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896] R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-08 659968] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-11-15 11264] S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456] S3 BCM43XV;Pilote de la carte rйseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 534016] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071231.002\NAVENG.SYS [2007-11-14 81232] S3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071231.002\NAVEX15.SYS [2007-11-14 865904] S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544] S3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088] S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616] S3 usbvideo;Pйriphйrique vidйo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432] S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-06 457512] R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-12-22 24576] R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-03-22 131072] R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-01-31 53248] R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-02 24576] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440] R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247] R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 135168] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-05 386560] S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [] S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [] S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll [] S3 avp;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2008-11-11 206088] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-28 138168] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] -----------------EOF----------------- ========================================= Et maintenant voici info.txt =========================================== info.txt logfile of random's system information tool 1.05 2009-01-28 17:40:02 ======Uninstall list====== -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe" ACDSee for PENTAX 3.0-->MsiExec.exe /X{D8066430-C5E6-477F-ACED-30377E5D8D87} Acer Arcade Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x40c -removeonly Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x40c -removeonly Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x40c -removeonly Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x40c -removeonly Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x40c -removeonly Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly Acer OrbiCam -->C:\Program Files\InstallShield Installation Information\{DD1DED37-2486-4F56-8F89-56AA814003F5}\Setup.exe -runfromtemp -l0x040c -removeonly Acer OrbiCam-->Rundll32.exe BisonR07.dll,WinMainRmv Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Dйtecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976} Deutsch Platinum-->C:\Windows\uninst.exe -fd:\DeIsL1.isu -cd:\_ISREG32.DLL Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\HXFSETUP.EXE -U -IAcrZUn32z.inf ICQ Toolbar-->regsvr32 /u /s "C:\PROGRA~1\ICQTOO~1\4324\toolbaru.dll" ICQ6-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly Italiano Platinum-->C:\Windows\uninst.exe -f"C:\Program Files\MMT\Italiano\DeIsL1.isu" -c"C:\Program Files\MMT\Italiano\_ISREG32.DLL" Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A} Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A} Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C} Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34} NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7 NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74} PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall QIP 2005 Uninstall-->"C:\Program Files\QIP\unqip.exe" QuickTime 3.0-->C:\Windows\uninst.exe -f"C:\Program Files\QuickTime\DeIsL1.isu" -c"C:\Windows\system32\QTUninst.dll Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C6 ======================================== J'ai aussi un hijackthis.log si besoin est... A très bientôt -
[résolu] problème connexion, soupçon infection
michelba a posté un sujet dans Analyses et éradication malwares
Bonjour, On m'a confié un pc (avec Vista) qui a un problème de connexion Internet. Je communique donc sur ce forum par mon pc. Donc, j'ai branché le pc à examiner sur ma connexion (filaire) Internet chez moi, et la connexion ne s'établit pas. J'ai observé dans le centre de sécurité Vista que le pare-feu Windows est désactivé, et que le pare-feu Norton est activé. Mais, je n'ai pas pu trouver où se cache se pare-feu Norton pour éventuellement le désactiver! Bref, toute aide sera très appréciée! Merci d'avance! -
[résolu] Encore le virus google...
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Encore merci pour toutes ces procédures et conseils très clairement expliqués. Voici les deux derniers rapports demandés. WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jan 25 16:05:08 2009 Found and removed: C:\Program Files\Java\jre1.5.0_02 Found and removed: C:\Program Files\Java\jre1.5.0_06 Found and removed: C:\Program Files\Java\jre1.5.0_09 Found and removed: C:\Program Files\Java\jre1.5.0_10 Found and removed: C:\Program Files\Java\jre1.6.0_01 Found and removed: C:\Program Files\Java\jre1.6.0_02 Found and removed: C:\Program Files\Java\jre1.6.0_03 Found and removed: C:\Program Files\Java\jre1.6.0_05 Found and removed: C:\Program Files\Java\jre1.6.0_07 Found and removed: Software\JavaSoft\Java2D\1.5.0_02 Found and removed: Software\JavaSoft\Java2D\1.5.0_06 Found and removed: Software\JavaSoft\Java2D\1.5.0_09 Found and removed: Software\JavaSoft\Java2D\1.5.0_10 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510002 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510009 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510002 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510002 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510009 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Classes\JavaPlugin.150_02 Found and removed: SOFTWARE\Classes\JavaPlugin.150_06 Found and removed: SOFTWARE\Classes\JavaPlugin.150_09 Found and removed: SOFTWARE\Classes\JavaPlugin.150_10 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_02 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_02 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510009 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150020} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\JavaPlugin.160_01 Found and removed: SOFTWARE\Classes\JavaPlugin.160_02 Found and removed: SOFTWARE\Classes\JavaPlugin.160_03 Found and removed: SOFTWARE\Classes\JavaPlugin.160_05 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10 Found and removed: Software\Classes\JavaPlugin.160_01 Found and removed: Software\Classes\JavaPlugin.160_02 Found and removed: Software\Classes\JavaPlugin.160_03 Found and removed: Software\Classes\JavaPlugin.160_05 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05 Found and removed: Software\JavaSoft\Java2D\1.6.0_01 Found and removed: Software\JavaSoft\Java2D\1.6.0_02 Found and removed: Software\JavaSoft\Java2D\1.6.0_03 Found and removed: Software\JavaSoft\Java2D\1.6.0_05 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_02\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_09\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\ JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jan 25 16:07:11 2009 ------------------------------------ Finished reporting. -
[résolu] Encore le virus google...
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Et voilà, mon google est redevenu le gentil moteur de recherche que nous aimons tous! Plus de pub intempestive et de redirection vers des pages non souhaitées! Un grand merci à Thanos et bravo encore pour ce forum! Je reviendrai probablement bientôt, car une amie a des problèmes avec son PC... @+ -
[résolu] Encore le virus google...
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Voila le rapport de MBAM (désolé pour les й à la place des é, c'est parce que j'ai configuré les options régionales en cyrillique...) Malwarebytes' Anti-Malware 1.33 Version de la base de donnйes: 1691 Windows 5.1.2600 Service Pack 3 25/01/2009 12:47:26 mbam-log-2009-01-25 (12-47-26).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|) Elйments examinйs: 179968 Temps йcoulй: 1 hour(s), 57 minute(s), 0 second(s) Processus mйmoire infectй(s): 0 Module(s) mйmoire infectй(s): 0 Clй(s) du Registre infectйe(s): 0 Valeur(s) du Registre infectйe(s): 0 Elйment(s) de donnйes du Registre infectй(s): 0 Dossier(s) infectй(s): 0 Fichier(s) infectй(s): 8 Processus mйmoire infectй(s): (Aucun йlйment nuisible dйtectй) Module(s) mйmoire infectй(s): (Aucun йlйment nuisible dйtectй) Clй(s) du Registre infectйe(s): (Aucun йlйment nuisible dйtectй) Valeur(s) du Registre infectйe(s): (Aucun йlйment nuisible dйtectй) Elйment(s) de donnйes du Registre infectй(s): (Aucun йlйment nuisible dйtectй) Dossier(s) infectй(s): (Aucun йlйment nuisible dйtectй) Fichier(s) infectй(s): C:\Qoobox\Quarantine\C\WINDOWS\system32\UACduiuwktf.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\UACksdyhkjp.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\UACobwuhbbg.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\UACpyulvbdq.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6A758C5C-A46D-4D6C-B240-92233B56797F}\RP292\A0043134.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6A758C5C-A46D-4D6C-B240-92233B56797F}\RP292\A0043135.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6A758C5C-A46D-4D6C-B240-92233B56797F}\RP292\A0043136.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6A758C5C-A46D-4D6C-B240-92233B56797F}\RP292\A0043137.dll (Trojan.TDSS) -> Quarantined and deleted successfully. -
[résolu] Encore le virus google...
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Salut! Et voici le rapport ComboFix : ComboFix 09-01-21.04 - Michel Balazard 2009-01-24 23:44:08.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1251.7.1036.18.502.123 [GMT 1:00] Running from: c:\documents and settings\Michel Balazard\Bureau\michelba.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\UACqfqjrudu.sys c:\windows\system32\UACbvpbqwsr.log c:\windows\system32\UACduiuwktf.dll c:\windows\system32\UACfnruqhoo.log c:\windows\system32\UACksdyhkjp.dll c:\windows\system32\UACngqewmtt.log c:\windows\system32\UACobwuhbbg.dll c:\windows\system32\UACpyulvbdq.dll c:\windows\system32\UACvspxnrpq.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))))) . 2009-01-22 19:03 . 2009-01-22 19:10 <REP> d-------- c:\windows\BDOSCAN8 2009-01-22 13:28 . 2009-01-22 13:28 <REP> d-------- c:\documents and settings\Michel Balazard\Application Data\MSNInstaller 2009-01-22 10:39 . 2009-01-22 10:39 <REP> d-------- C:\rsit 2009-01-18 18:03 . 2009-01-18 18:03 <REP> d-------- c:\documents and settings\All Users\Menu Demarrer 2008-12-29 17:47 . 2008-12-29 17:47 <REP> d-------- c:\program files\Inventel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-24 21:22 --------- d-----w c:\program files\Mozilla Thunderbird 2009-01-22 15:03 --------- d-----w c:\program files\Fichiers communs\ReGet Shared 2009-01-21 21:28 --------- d-----w c:\program files\ICQToolbar 2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys 2008-11-29 07:47 --------- d-----w c:\program files\iddk 2008-11-24 20:42 --------- d-----w c:\documents and settings\Michel Balazard\Application Data\Image Zone Express 2008-02-03 20:59 26,952 -c--a-w c:\documents and settings\Michel Balazard\Application Data\GDIPFONTCACHEV1.DAT 2007-11-22 17:26 1,395 -c--a-w c:\documents and settings\Michel Balazard\Application Data\SAS7_000.DAT 2008-08-22 17:48 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082220080823\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "TypingSatellite"="c:\program files\TypingMaster\KBOOST.EXE" [2007-08-14 1243152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-22 126976] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-03 725082] "PSUtility"="c:\addon\Fujitsu\PSUtility\TrayManager.exe" [2005-09-15 151552] "LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2005-06-08 69632] "IndicatorUtility"="c:\addon\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-08-09 81920] "LoadFujitsuQuickTouch"="c:\addon\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 353792] "LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-05-18 188416] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320] "Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-23 49152] "WinampAgent"="c:\source logiciels\Winamp\winampa.exe" [2007-05-14 35328] "DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-01 259624] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-29 185872] "RTHDCPL"="RTHDCPL.EXE" [2005-07-13 c:\windows\RTHDCPL.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2005-07-01 c:\windows\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Maple 9.5\\bin.win\\mserver.exe"= "c:\\Program Files\\Maple 9.5\\jre\\bin\\java.exe"= "c:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\Mathematica.exe"= "c:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\MathKernel.exe"= "c:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\math.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "80:TCP"= 80:TCP:www "68:UDP"= 68:UDP:Pour FXTS2 "67:UDP"= 67:UDP:Pour FXTS2 "330:UDP"= 330:UDP:Pour FXTS2 "9319:TCP"= 9319:TCP:BitComet 9319 TCP "9319:UDP"= 9319:UDP:BitComet 9319 UDP R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-06-09 58048] R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [2006-01-30 5632] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2006-01-30 4864] S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [2006-09-11 40060] --- Other Services/Drivers In Memory --- *NewlyCreated* - ENTDRV51 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9850d907-ca07-11dd-bc76-000b5d96ba75}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe cradle_of_filth.vbe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbe11eee-edb9-11dc-bb64-000b5d96ba75}] \Shell\AutoRun\command - h6o0re.cmd \Shell\explore\Command - h6o0re.cmd \Shell\open\Command - h6o0re.cmd . Contents of the 'Scheduled Tasks' folder 2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] . - - - - ORPHANS REMOVED - - - - HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe ShellExecuteHooks-{16664848-0E00-11D2-8059-000000000000} - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://start.icq.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: &Traduire a partir de l'anglais - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Pages liees - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html IE: Pages similaires - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html IE: Recherche &Google - c:\program files\google\GoogleToolbar2.dll/cmsearch.html IE: Version de la page actuelle disponible dans le cache Google - c:\program files\google\GoogleToolbar2.dll/cmcache.html DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\Michel Balazard\Application Data\Mozilla\Firefox\Profiles\rcnzvuw8.default\ FF - prefs.js: browser.search.selectedEngine - Яндекс FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/reader/view/#overview-page FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - component: c:\documents and settings\Michel Balazard\Application Data\Mozilla\Firefox\Profiles\rcnzvuw8.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-24 23:49:49 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(792) c:\windows\system32\EntApi.dll . Completion time: 2009-01-24 23:54:18 ComboFix-quarantined-files.txt 2009-01-24 22:53:49 Pre-Run: 7,020,077,056 octets libres Post-Run: 7,099,449,344 octets libres 159 --- E O F --- 2009-01-14 23:12:30 -
[résolu] Encore le virus google...
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Compte rendu : j'ai bien téléchargé ComboFix.exe MAIS... il ne veut pas s'ouvrir! Quand je double-clique sur son icône, apparaît une boîte 'Fichier ouvert Avertissement de sécurité" me demandant "Voulez-vous éxécuter ce fichier?". Quand je clique sur "Exécuter", un petit sablier apparaît quelques secondes, puis plus rien... Que faire? -
[résolu] Encore le virus google...
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Cher Thanos, merci infiniment de me répondre ; ce forum est décidément remarquable. Avant de suivre tes instructions, je te signale qu'en attendant ta réponse, j'ai pas mal cogité et lu de la documentation sur ces sujets. Cela m'a conduit a deux actions : 1. j'ai fait une analyse VirusScan (mon antivirus) de mes supports amovibles (deux clés USB et un disque dur externe) et l'une des clés a été déclarée infectée (je ne me rappelle plus les noms des fichiers infectés, mais je les ai supprimés) ; 2. parmi les 47 ou 48 processus actifs au lancement de Windows XP, j'ai jugé bon de désactiver RemoteRegistry, qui m'a paru la porte ouverte à toutes sortes de manipulations malveillantes... Une question : j'ai aussi une carte dans mon appareil photo, que je branche parfois sur mon PC ; il faut que je la surveille aussi? Dans mon prochain post, je suis tes instructions. -
[résolu] Encore le virus google...
michelba a répondu à un(e) sujet de michelba dans Analyses et éradication malwares
Suite à mon post, et ayant lu la première réponse de Thanos, je vous poste les fichiers log.txt et info.txt engendrés par RSIT : log.txt ========= Logfile of random's system information tool 1.05 (written by random/random) Run by Michel Balazard at 2009-01-22 10:39:21 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 7 GB (12%) free of 57 GB Total RAM: 502 MB (15% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:39:34, on 22/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\AddOn\Fujitsu\PSUtility\TrayManager.exe C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Fingerprint Sensor\ATSwpNav.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Source Logiciels\Winamp\winampa.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\TypingMaster\KBOOST.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Documents and Settings\Michel Balazard\Bureau\RSIT.exe C:\Documents and Settings\Michel Balazard\Bureau\Michel Balazard.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Fichiers communs\ReGet Shared\Catcher.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PSUtility] C:\AddOn\Fujitsu\PSUtility\TrayManager.exe O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe O4 - HKLM\..\Run: [indicatorUtility] C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WinampAgent] C:\Source Logiciels\Winamp\winampa.exe O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [TypingSatellite] "C:\Program Files\TypingMaster\KBOOST.EXE" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing) -- End of file - 9106 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16664845-0E00-11D2-8059-000000000000}] ClickCatcher MSIE handler - C:\Program Files\Fichiers communs\ReGet Shared\Catcher.dll [2008-07-04 544768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-29 308832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll [2008-06-26 656696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2006-02-14 1204224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {17939A30-18E2-471E-9D3A-56DD725F1215} - ReGet Bar - C:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll [2008-07-04 225280] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-02-22 126976] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-07-13 14679552] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-03 725082] "PSUtility"=C:\AddOn\Fujitsu\PSUtility\TrayManager.exe [2005-09-15 151552] "LoadFUJ02E3"=C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [2005-06-08 69632] "IndicatorUtility"=C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2005-08-09 81920] "LoadFujitsuQuickTouch"=C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe [2005-07-21 353792] "LoadBtnHnd"=C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe [2005-07-21 61440] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-07-01 88201] "LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2005-05-18 188416] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "ATSwpNav"=C:\Program Files\Fingerprint Sensor\ATSwpNav -run [] "ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208] "McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320] "Network Associates Error Reporting Service"=C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-02-23 278528] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-09-23 49152] "WinampAgent"=C:\Source Logiciels\Winamp\winampa.exe [2007-05-14 35328] "DNS7reminder"=C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe [2007-03-01 259624] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-10-29 185872] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [] "MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe /background [] "TypingSatellite"=C:\Program Files\TypingMaster\KBOOST.EXE [2007-08-14 1243152] C:\Documents and Settings\All Users\Menu Demarrer\Programmes\Demarrage HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2005-02-22 348160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{16664848-0E00-11D2-8059-000000000000}"= [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Maple 9.5\bin.win\mserver.exe"="C:\Program Files\Maple 9.5\bin.win\mserver.exe:*:Enabled:mserver" "C:\Program Files\Maple 9.5\jre\bin\java.exe"="C:\Program Files\Maple 9.5\jre\bin\java.exe:*:Enabled:java" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Wolfram Research\Mathematica\5.2\Mathematica.exe"="C:\Program Files\Wolfram Research\Mathematica\5.2\Mathematica.exe:*:Enabled:Mathematica 5.2 for Students" "C:\Program Files\Wolfram Research\Mathematica\5.2\MathKernel.exe"="C:\Program Files\Wolfram Research\Mathematica\5.2\MathKernel.exe:*:Enabled:Mathematica 5.2 for Students Kernel" "C:\Program Files\Wolfram Research\Mathematica\5.2\math.exe"="C:\Program Files\Wolfram Research\Mathematica\5.2\math.exe:*:Enabled:math.exe" "C:\Program Files\CandleWorks\FXTS2\FXTSpp.exe"="C:\Program Files\CandleWorks\FXTS2\FXTSpp.exe:*:Enabled:FXCM Trading Station II" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9850d907-ca07-11dd-bc76-000b5d96ba75}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe cradle_of_filth.vbe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbe11eee-edb9-11dc-bb64-000b5d96ba75}] shell\AutoRun\command - h6o0re.cmd shell\explore\command - h6o0re.cmd shell\open\command - h6o0re.cmd ======List of files/folders created in the last 1 months====== 2009-01-22 10:39:21 ----D---- C:\rsit 2009-01-15 00:12:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2008-12-29 17:47:45 ----D---- C:\Program Files\Inventel ======List of files/folders modified in the last 1 months====== 2009-01-22 10:12:18 ----D---- C:\Program Files\Mozilla Thunderbird 2009-01-22 09:20:37 ----D---- C:\Program Files\Mozilla Firefox 2009-01-22 08:58:07 ----D---- C:\WINDOWS\Temp 2009-01-22 08:58:03 ----D---- C:\WINDOWS\system32 2009-01-22 01:16:26 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-01-21 22:28:10 ----D---- C:\WINDOWS\Prefetch 2009-01-21 20:02:51 ----D---- C:\WINDOWS 2009-01-21 18:03:03 ----D---- C:\WINDOWS\system32\CatRoot2 2009-01-21 17:55:02 ----D---- C:\Program Files\ICQToolbar 2009-01-20 19:24:06 ----D---- C:\WINDOWS\system32\Lang 2009-01-18 18:02:00 ----D---- C:\Downloads 2009-01-18 16:45:30 ----D---- C:\WINDOWS\system32\drivers 2009-01-18 16:44:37 ----D---- C:\quarantine 2009-01-15 00:12:29 ----HD---- C:\WINDOWS\inf 2009-01-15 00:12:21 ----RSHD---- C:\WINDOWS\system32\dllcache 2009-01-15 00:11:19 ----HD---- C:\WINDOWS\$hf_mig$ 2009-01-10 02:35:28 ----A---- C:\WINDOWS\system32\MRT.exe 2008-12-29 17:55:29 ----RD---- C:\Program Files ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-09-22 58048] R2 BtnHnd;BtnHnd; \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys [] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-08-03 1094853] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2005-03-29 116594] R3 CmBatt;Pilote pour Batterie a methode de controle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys [] R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-01 5248] R3 FUJ02E1;%FUJ02E1.DeviceDesc%; C:\WINDOWS\System32\Drivers\FUJ02E1.sys [2004-10-19 5632] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-17 4864] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-02-22 807742] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-07-13 3851264] R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2004-09-22 108256] R3 NIC1394;Pilote reseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 rtl8139;Realtek RTL8139/810x Family Fast Etnernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-10-14 46080] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-03 190080] R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2003-12-18 91392] R3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2003-12-16 48000] R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2003-12-03 53632] R3 usbehci;Pilote miniport de controleur d'hote ameliore Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de controleur hote universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S1 Tosrfcom;Tosrfcom; C:\WINDOWS\system32\drivers\Tosrfcom.sys [2003-12-05 62607] S3 CCDECODE;Decodeur sous-titre ferme; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-a-site de repartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/video Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-08-03 166912] S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] S3 SLIP;Detrameur decalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbccgp;Pilote parent generique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 Usblink;Usblink Driver; C:\WINDOWS\System32\Drivers\ulink.sys [2003-06-02 40060] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 usbvideo;Peripherique video USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 w29n51;Pilote de carte de connexion reseau Intel® PRO/Wireless 2915ABG pour Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 iaStor;Intel RAID Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2004-09-26 477952] S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 McAfeeFramework;Service Framework McAfee; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463] R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2004-09-22 221191] R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-09-22 28672] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584] S3 aspnet_state;Service d'etat ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [] S3 WMPNetworkSvc;Service Partage reseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] -----------------EOF----------------- Et maintenant info.txt : =============== info.txt logfile of random's system information tool 1.05 2009-01-22 10:39:42 ======Uninstall list====== -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe" Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.1.0 - Francais-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A71000000002} AFPL Ghostscript 8.53-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.53\uninstal.txt" AFPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt" Agere Systems HDA Modem-->agrsmdel Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} ApprentiClavier-->C:\WINDOWS\ApprentiClavier_uninstall.exe BitComet 1.03-->C:\Program Files\BitComet\uninst.exe Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Dragon NaturallySpeaking 9-->MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA} eMule-->"C:\Program Files\eMule\Uninstall.exe" eMusic - 50 Free MP3 offer-->"C:\Source Logiciels\Winamp\eMusic\Uninst-eMusic-promotion.exe" Fingerprint Sensor Minimum Install-->MsiExec.exe /I{E1D78C08-3477-470B-82B7-61BD4F63110B} Fujitsu Hotkey Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{805BDB3F-6803-45F7-B959-4FE5B921BC55}\setup.exe" Fujitsu System Extension Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04ECD699-9F3A-4F9C-A476-EEAA4E172079}\setup.exe" FXCM Trading Station II-->C:\PROGRA~1\CANDLE~1\FXTS2\uninstall.exe FXCM Trading Station II Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" GSview 4.8-->C:\Program Files\Ghostgum\ghostview\gsview\uninstgs.exe "C:\Program Files\Ghostgum\ghostview\gsview\uninstal.txt" HijackThis 2.0.2-->"C:\Documents and Settings\Michel Balazard\Bureau\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Appareils photos Photosmart 6.0-->C:\Program Files\HP\Digital Imaging\{FB172CE8-F5C0-4731-92FF-E93A0B075A7C}\setup\hpzscr01.exe -datfile hpiscr01.dat HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Essential-->MsiExec.exe /X{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE} HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93} HP Solution Center and Imaging Support Tools 6.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat ICQ Toolbar-->regsvr32 /u /s "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592 InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL iTunes-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1036 J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020} J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Lifebook Application Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{271274D2-92C6-4EEC-A0AD-9DA5272AD5C9}\setup.exe" LilyPond-->"C:\Program Files\LilyPond\uninstall.exe" Lizardtech DjVu Control-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x40c Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5 Maple 9.5-->"C:\Program Files\Maple 9.5\Uninstall_Maple 9.5\Uninstall Maple 9.5.exe" Mathematica 5.2 for Students-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{FC10C290-6E4D-4C6B-A8B3-33700C21F9E6} MathReader 5-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{F57052F4-9F33-4B2A-A99A-922EDF2655A4} McAfee VirusScan Enterprise-->MsiExec.exe /I{4DCA2739-9D16-4B55-808C-E72CD70A5BD3} Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office XP Standard-->MsiExec.exe /I{9012040C-6000-11D3-8CFE-0050048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} MiKTeX-->"C:\texmf\miktex\bin\copystart.exe" "C:\texmf\miktex\config\uninstall.dat" Mise a jour de securite pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise a jour de securite pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise a jour de securite pour Lecteur Windows Media 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Mise a jour de securite pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Mise a jour de securite pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Mise a jour de securite pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Mise a jour de securite pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Mise a jour de securite pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Mise a jour de securite pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Mise a jour de securite pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Mise a jour de securite pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise a jour de securite pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise a jour de securite pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise a jour de securite pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise a jour de securite pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise a jour de securite pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise a jour de securite pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise a jour de securite pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise a jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise a jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise а jour de sйcuritй pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise а jour de sйcuritй pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise а jour de sйcuritй pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise а jour de sйcuritй pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise а jour de sйcuritй pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise а jour de sйcuritй pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise а jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.19)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe PDFCreator-->C:\Program Files\PDFCreator\unins000.exe Power Saving Utility-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{79821CAD-999C-443D-B420-96F914C84E27} QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall TypeFaster Typing Tutor-->"C:\Program Files\TypeFaster\uninstall.exe" TypingMaster Pro-->"C:\Program Files\TypingMaster\unins000.exe" Winamp (remove only)-->"C:\Source Logiciels\Winamp\UninstWA.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinEdt-->"C:\Program Files\WinEdt Team\WinEdt\unins000.exe" Wolfram Notebook Indexer 1.1-->MsiExec.exe /I{E24A7D40-D12E-4A11-8DEC-7BB21BE4614D} =====HijackThis Backups===== R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll System event log Computer Name: FSC531220063001 Event Code: 4201 Message: Le systeme a detecte que la carte reseau \DEVICE\TCPIP_{E3E22E18-32B7-4BE8-ADB7-87C24C9470F7} etait connectee au reseau, et a lance une operation normale sur la carte reseau. Record Number: 103212 Source Name: Tcpip Time Written: 20081231130636.000000+060 Event Type: information User: Computer Name: FSC531220063001 Event Code: 4201 Message: Le systeme a detecte que la carte reseau \DEVICE\TCPIP_{E3E22E18-32B7-4BE8-ADB7-87C24C9470F7} etait connectee au reseau, et a lance une operation normale sur la carte reseau. Record Number: 103211 Source Name: Tcpip Time Written: 20081231130551.000000+060 Event Type: information User: Computer Name: FSC531220063001 Event Code: 4201 Message: Le systeme a detecte que la carte reseau \DEVICE\TCPIP_{E3E22E18-32B7-4BE8-ADB7-87C24C9470F7} etait connectee au reseau, et a lance une operation normale sur la carte reseau. Record Number: 103210 Source Name: Tcpip Time Written: 20081231130511.000000+060 Event Type: information User: Computer Name: FSC531220063001 Event Code: 4201 Message: Le systeme a detecte que la carte reseau \DEVICE\TCPIP_{E3E22E18-32B7-4BE8-ADB7-87C24C9470F7} etait connectee au reseau, et a lance une operation normale sur la carte reseau. Record Number: 103209 Source Name: Tcpip Time Written: 20081231130431.000000+060 Event Type: information User: Computer Name: FSC531220063001 Event Code: 4201 Message: Le systeme a detecte que la carte reseau \DEVICE\TCPIP_{E3E22E18-32B7-4BE8-ADB7-87C24C9470F7} etait connectee au reseau, et a lance une operation normale sur la carte reseau. Record Number: 103208 Source Name: Tcpip Time Written: 20081231130346.000000+060 Event Type: information User: Application event log Computer Name: FSC531220063001 Event Code: 1800 Message: Le service Centre de securite Windows a demarre. Record Number: 1448 Source Name: SecurityCenter Time Written: 20070830091614.000000+120 Event Type: information User: Computer Name: FSC531220063001 Event Code: 5000 Message: VirusScan Enterprise Le service McShield a demarre - Recherche de 316658 virus en cours. Version de moteur : 5.1.00 Version de .DAT : 5107 Nom d'EXTRA.DAT : Aucun Nombre de signatures de virus dans EXTRA.DAT : Aucun Noms des virus detectes par EXTRA.DAT : Aucun Record Number: 1447 Source Name: McLogEvent Time Written: 20070830091614.000000+120 Event Type: information User: AUTORITE NT\SYSTEM Computer Name: FSC531220063001 Event Code: 1800 Message: Le service Centre de securite Windows a demarre. Record Number: 1446 Source Name: SecurityCenter Time Written: 20070829213516.000000+120 Event Type: information User: Computer Name: FSC531220063001 Event Code: 5000 Message: VirusScan Enterprise Le service McShield a demarre - Recherche de 316658 virus en cours. Version de moteur : 5.1.00 Version de .DAT : 5107 Nom d'EXTRA.DAT : Aucun Nombre de signatures de virus dans EXTRA.DAT : Aucun Noms des virus detectes par EXTRA.DAT : Aucun Record Number: 1445 Source Name: McLogEvent Time Written: 20070829213516.000000+120 Event Type: information User: AUTORITE NT\SYSTEM Computer Name: FSC531220063001 Event Code: 1517 Message: Windows a sauvegarde le Registre utilisateur FSC531220063001\Michel Balazard alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La memoire utilisee par le Registre de l'utilisateur n'a pas ete liberee. le Registre sera decharge lorsqu'il ne sera plus utilise. Cela est souvent cause par des services s'executant en tant que compte d'utilisateur, essayez de configurer les services pour s'executer dans le compte service reseau ou service local. Record Number: 1444 Source Name: Userenv Time Written: 20070829185903.000000+120 Event Type: warning User: AUTORITE NT\SYSTEM ======Environment variables====== "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=1 "OS"=Windows_NT "Path"=C:\Program Files\emacs\bin;C:\Program Files\texmf\miktex\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\program files\ghostgum\ghostview\gsview\;c:\usr\local\bin;c:\program files\ghostgum\gs\gs8.51\lib;c:\program files\ghostgum\gs\gs8.51\bin;C:\Program Files\LilyPond\usr\bin;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.PY;.SCM;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=0d08 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "windir"=%SystemRoot% "CYGWIN"=tty "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip -----------------EOF----------------- Re-bonjour à tous, suite de mes mésaventures : J'ai ensuite téléchargé le programme Malwarebytes Anti-Malware, MAIS... il ne veut pas s'ouvrir! Quand je double-clique sur son icône, apparaît une boîte 'Fichier ouvert Avertissement de sécurité" me demandant "Voulez-vous éxécuter ce fichier?". Quand je clique sur "Exécuter", un petit sablier apparaît quelques secondes, puis plus rien... icon_confused.gif Merci d'avance pour toute aide!