Aller au contenu

Trem_r

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    6

  • Inscription

  • Dernière visite

Trem_r's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Trem_r
    Ok, merci encore pour tout ça !
  2. Trem_r
    Tout semble aller pour le mieux, plus de problèmes ni d'alertes. Merci beaucoup à vous pour votre aide et votre rapidité !
  3. Trem_r
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:54:37, on 24/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\NWTRAY.EXE C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\xcalle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\mirc\mirc.exe C:\Documents and Settings\xcalle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\xcalle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\xcalle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\xcalle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 7988 bytes
  4. Trem_r
    Dans le centre de sécurité, j'ai désactivé le firewall ainsi que l'alerte firewall (j'en ai un matériel) J'ai aussi mis windows update en custom pour qu'il me demande avant de télécharger / installer les mises à jour Voici le résultat copié-collé : Fichier uacinit.dll reçu le 2009.02.24 11:26:17 (CET) Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.93 2009.02.24 - AhnLab-V3 2009.2.24.0 2009.02.24 - AntiVir 7.9.0.88 2009.02.24 - Authentium 5.1.0.4 2009.02.24 - Avast 4.8.1335.0 2009.02.23 - AVG 8.0.0.237 2009.02.24 - BitDefender 7.2 2009.02.24 - CAT-QuickHeal 10.00 2009.02.22 - ClamAV 0.94.1 2009.02.24 - Comodo 983 2009.02.20 - DrWeb 4.44.0.09170 2009.02.24 - eSafe 7.0.17.0 2009.02.19 - eTrust-Vet 31.6.6369 2009.02.23 - F-Prot 4.4.4.56 2009.02.23 - F-Secure 8.0.14470.0 2009.02.24 - Fortinet 3.117.0.0 2009.02.24 - GData 19 2009.02.24 - Ikarus T3.1.1.45.0 2009.02.24 - K7AntiVirus 7.10.639 2009.02.21 - Kaspersky 7.0.0.125 2009.02.24 - McAfee 5534 2009.02.23 - McAfee+Artemis 5534 2009.02.23 - Microsoft 1.4306 2009.02.24 - NOD32 3884 2009.02.24 - Norman 6.00.06 2009.02.23 - nProtect 2009.1.8.0 2009.02.24 - Panda 10.0.0.10 2009.02.23 - PCTools 4.4.2.0 2009.02.23 - Prevx1 V2 2009.02.24 - Rising 21.18.11.00 2009.02.24 - SecureWeb-Gateway 6.7.6 2009.02.24 - Sophos 4.39.0 2009.02.24 - Sunbelt 3.2.1856.2 2009.02.24 - Symantec 10 2009.02.24 - TheHacker 6.3.2.5.264 2009.02.24 - TrendMicro 8.700.0.1004 2009.02.24 - VBA32 3.12.10.0 2009.02.24 - ViRobot 2009.2.24.1620 2009.02.24 - VirusBuster 4.5.11.0 2009.02.24 - Information additionnelle File size: 5182 bytes MD5...: a4dd5cf83253e358e50445ea059f20b9 SHA1..: 4043b4b3077e24b222f41847b45f4b426afb6438 SHA256: 67c43bba396e05218a99e23978606131d20ef0e41102d0572b337ec9014cd718 SHA512: 0898f97c2d7a237aef3cf12921504f9f88c829a0c0a75e8f4d15971a1546acdf<br>47d13e4b438438f3cff32fd33679199a2211fc21a6281a49b7d870987eb61962 ssdeep: 96:VdAZPnQ6VlTLdPzkeEMDA6p2GS0Uo+lqcQ4R5JUeSdoWk64TcFTX3SFHRpX/A<br>x:/AZ40nlz3MIPxcQ4HWtp4KTXCZnS<br> PEiD..: - TrID..: File type identification<br>Unknown! PEInfo: -
  5. Trem_r
    Il semble que combofix a fait son oeuvre : ComboFix 09-02-21.01 - xcalle 2009-02-24 10:29:34.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1100 [GMT 1:00] Lancé depuis: c:\documents and settings\xcalle\Desktop\plop.exe AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\UACmoyotqsm.sys c:\windows\system32\mdm.exe c:\windows\system32\UACalmlkxej.dll c:\windows\system32\UACblgslesu.log c:\windows\system32\UACbodtvcvv.dat c:\windows\system32\UACjdvbayvt.dll c:\windows\system32\UACkuoxcpxb.dll c:\windows\system32\UACnievbfrr.dll c:\windows\system32\UACouyrvvbw.log c:\windows\system32\UACypqowgyv.log . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-24 au 2009-02-24 )))))))))))))))))))))))))))))))))))) . 2009-02-23 19:25 . 2009-02-23 19:25 26,488 --a------ c:\windows\system32\AAWService_2009_02_23_19_25_12.dmp 2009-02-23 17:47 . 2009-02-23 17:47 26,478 --a------ c:\windows\system32\AAWService_2009_02_23_17_47_47.dmp 2009-02-23 17:45 . 2009-02-24 10:18 <DIR> d-------- c:\program files\Spyware Doctor 2009-02-23 17:45 . 2009-02-23 17:45 <DIR> d-------- c:\documents and settings\xcalle\Application Data\PC Tools 2009-02-23 17:45 . 2009-02-24 10:18 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-02-23 17:45 . 2009-02-23 17:58 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys 2009-02-23 17:45 . 2009-02-23 17:58 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys 2009-02-23 17:45 . 2009-02-23 17:58 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys 2009-02-23 17:45 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys 2009-02-23 17:43 . 2009-02-23 17:43 <DIR> d-------- c:\program files\Picasa2 2009-02-23 17:42 . 2009-02-23 18:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater 2009-02-23 15:53 . 2009-02-23 15:53 <DIR> d-------- c:\program files\JRE 2009-02-23 12:30 . 2009-02-23 12:18 15,688 --a------ c:\windows\system32\lsdelete.exe 2009-02-23 12:18 . 2009-02-23 12:18 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-02-23 12:16 . 2009-02-23 12:16 <DIR> d-------- c:\program files\Lavasoft 2009-02-23 12:16 . 2009-02-23 12:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-02-23 12:16 . 2009-02-23 12:16 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-02-20 12:16 . 2009-02-23 12:05 5,182 --a------ c:\windows\system32\uacinit.dll 2009-01-27 09:52 . 2009-01-27 09:52 <DIR> d-------- c:\program files\Apple Software Update . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-24 09:37 --------- d-----w c:\program files\Mozilla Thunderbird 2009-02-23 16:43 --------- d-----w c:\program files\Google 2009-02-23 16:06 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition classic 2009-02-23 14:53 --------- d-----w c:\program files\OpenOffice.org 3 2009-02-23 14:48 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-23 14:47 --------- d-----w c:\documents and settings\xcalle\Application Data\id Software 2009-02-23 14:43 --------- d-----w c:\program files\M3 GAME Manager 2009-02-23 13:56 --------- d-----w c:\program files\Common Files\Apple 2009-02-20 11:33 --------- d-----w c:\program files\Hotspot Shield 2009-02-20 11:31 --------- d-----w c:\program files\eMule 2009-02-19 15:44 --------- d-----w c:\documents and settings\xcalle\Application Data\Spotify 2009-02-16 15:19 --------- d-----w c:\program files\Safari 2009-02-06 15:18 --------- d-----w c:\program files\QuickTime 2009-01-27 14:44 --------- d-----w c:\program files\EvilLyrics 2009-01-27 10:45 --------- d-----w c:\documents and settings\xcalle\Application Data\gtk-2.0 2009-01-27 09:22 --------- d-----w c:\program files\Bonjour 2009-01-27 09:11 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-01-20 14:16 --------- d-----w c:\program files\Spotify 2009-01-19 17:27 --------- d-----w c:\program files\IKEA HomePlanner 2009-01-14 17:15 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-13 11:26 --------- d-----w c:\program files\Dia 2008-10-02 13:06 22,328 ----a-w c:\documents and settings\xcalle\Application Data\PnkBstrK.sys 2008-12-17 21:59 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-12-17 21:59 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-17 21:59 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-12-17 21:59 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-12-17 21:59 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 1999-07-07 00:00 6 --sh--r c:\windows\@@desktop.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN] @="{30351346-7B7D-4FCC-81B4-1E394CA267EB}" [HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}] 2008-02-16 12:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN] @="{30351347-7B7D-4FCC-81B4-1E394CA267EB}" [HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}] 2008-02-16 12:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN] @="{30351348-7B7D-4FCC-81B4-1E394CA267EB}" [HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}] 2008-02-16 12:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN] @="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}" [HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}] 2008-02-16 12:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN] @="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}" [HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}] 2008-02-16 12:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN] @="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}" [HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}] 2008-02-16 12:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN] @="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}" [HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}] 2008-02-16 12:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-08-19 266497] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-23 509784] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984] "SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE] "PtiuPbmd"="ptipbm.dll" [2003-01-15 c:\windows\system32\ptipbm.dll] "NWTRAY"="NWTRAY.EXE" [2002-03-12 c:\windows\system32\nwtray.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Mozilla Thunderbird.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2005-11-08 8504936] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "CompatibleRUPSecurity"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lancement rapide d'Adobe Acrobat.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lancement rapide d'Adobe Acrobat.lnk backup=c:\windows\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk backup=c:\windows\pss\TabUserW.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^xcalle^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\xcalle\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2004-08-22 17:05 81920 c:\program files\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] --a------ 2003-08-26 04:58 196608 c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a------ 2004-08-04 02:07 208952 c:\windows\ime\IMJP8_1\imjpmig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 01:41 8523776 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 01:41 81920 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a------ 2004-08-04 02:07 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a------ 2004-08-04 02:07 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-12-02 11:02 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-05-15 09:38 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray] --a------ 2008-05-15 23:51 55856 c:\program files\VMware\VMware Workstation\hqtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray] --a------ 2008-05-15 23:51 72240 c:\program files\VMware\VMware Workstation\vmware-tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY] --a------ 2002-03-12 10:37 28672 c:\windows\system32\nwtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RemoteRegistry"=2 (0x2) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "iPodService"=3 (0x3) "TabletService"=2 (0x2) "VMware NAT Service"=2 (0x2) "VMnetDHCP"=2 (0x2) "vmount2"=2 (0x2) "VMAuthdService"=2 (0x2) "ufad-ws60"=2 (0x2) "IDriverT"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "PnkBstrB"=2 (0x2) "PnkBstrA"=2 (0x2) "NVSvc"=2 (0x2) "WZCSVC"=2 (0x2) "Ati HotKey Poller"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2006-02-01 22336] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-23 64160] R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2005-11-08 77312] R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2006-02-01 45376] R2 NWCMDH;Novell IPX Compatibility Helper;c:\windows\system32\drivers\nwcmd2.sys [2001-10-23 4016] R3 axsaki;axsaki;c:\windows\system32\drivers\axsaki.sys [2003-03-30 102624] R3 axskbus;axskbus;c:\windows\system32\drivers\axskbus.sys [2003-03-28 8640] R3 NWCMD03;Novell CMD03 Driver;c:\windows\system32\drivers\nwcmd.sys [2003-09-03 50048] R3 NWCMD04;Novell CMD04 Driver;c:\windows\system32\drivers\nwcmd4.sys [2002-05-13 2704] R3 NWCMD05;Novell CMD05 Driver;c:\windows\system32\drivers\nwcmd5.sys [2002-05-13 2704] R3 NWCMD06;Novell CMD06 Driver;c:\windows\system32\drivers\nwcmd6.sys [2002-05-13 2704] R3 NWCMD07;Novell CMD07 Driver;c:\windows\system32\drivers\nwcmd7.sys [2002-05-13 2704] R3 NWCMD08;Novell CMD08 Driver;c:\windows\system32\drivers\nwcmd8.sys [2002-05-13 2704] R3 NWCMD09;Novell CMD09 Driver;c:\windows\system32\drivers\nwcmd9.sys [2002-05-13 2704] R3 NWCMD10;Novell CMD10 Driver;c:\windows\system32\drivers\nwcmd10.sys [2002-05-13 2704] R3 NWCMD11;Novell CMD11 Driver;c:\windows\system32\drivers\nwcmd11.sys [2002-05-13 2704] R3 NWCMD12;Novell CMD12 Driver;c:\windows\system32\drivers\nwcmd12.sys [2002-05-13 2704] R3 NWCMD13;Novell CMD13 Driver;c:\windows\system32\drivers\nwcmd13.sys [2002-05-13 2704] R3 NWCMD14;Novell CMD14 Driver;c:\windows\system32\drivers\nwcmd14.sys [2002-05-13 2704] R3 NWCMD15;Novell CMD15 Driver;c:\windows\system32\drivers\nwcmd15.sys [2002-05-13 2704] R3 NWCMD16;Novell CMD16 Driver;c:\windows\system32\drivers\nwcmd16.sys [2002-05-13 2704] R3 NWCMD17;Novell CMD17 Driver;c:\windows\system32\drivers\nwcmd17.sys [2002-05-13 2704] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096] S2 NWCMD;Novell IPX Compatibility Mode;c:\windows\system32\drivers\nwcmd.sys [2003-09-03 50048] S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2006-04-22 32512] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-23 356920] S4 Ipnmssnwasv;Ipnmssnwasv;c:\windows\system32\fc.exe [2004-08-04 14848] . Contenu du dossier 'Tâches planifiées' 2009-02-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-23 12:18] 2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-24 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-23 17:42] 2009-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1123561945-682003330-1003.job - c:\documents and settings\xcalle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Google Update - c:\documents and settings\xcalle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe MSConfigStartUp-Cameno - c:\program files\Cameno\Cameno.exe MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-MS AntiSpyware 2009 - c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = *.local IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html FF - ProfilePath - c:\documents and settings\xcalle\Application Data\Mozilla\Firefox\Profiles\bwlwcxmg.default\ FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-24 10:41:49 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-57989841-1123561945-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1AABE453-536C-5988-8EDF-2F33F5E08C68}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oabkhakfefbgmbinjdjnnnkfmjapii"=hex:6a,61,66,6c,67,66,61,6c,62,69,66,69,6c,6d, 6d,65,70,64,65,68,00,00 "nalinocakndlbgdlnagedheifoni"=hex:6a,61,66,6c,67,66,61,6c,62,69,66,69,6c,6d, 6d,65,70,64,65,68,00,00 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(908) c:\windows\system32\Ati2evxx.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\AntiVir PersonalEdition Classic\sched.exe c:\program files\AntiVir PersonalEdition Classic\avguard.exe c:\windows\system32\wscntfy.exe c:\program files\TortoiseSVN\bin\TSVNCache.exe c:\program files\Windows Live\Messenger\usnsvc.exe . ************************************************************************** . Heure de fin: 2009-02-24 10:45:27 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-24 09:45:18 Avant-CF: 79,922,487,296 bytes free Après-CF: 79,980,855,296 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 308 --- E O F --- 2009-02-11 17:07:19
  6. Trem_r
    Bonjour à tous, Depuis vendredi dernier, j'ai quelques problèmes avec Firefox et Google, mes résultats étaient une page blanche, ma seule autre perturbation provenait de googleupdate.exe qui ne fonctionnait pas, en cherchant, j'ai installé ad-aware (rien) puis Spyware Doctor qui m'a trouvé Rootkit.TDSS!sd6 qui tente de se lancer avec chaque logiciel que j'utilise, via un dll UACJDVBAYVT.dll Evidemment ce dll m'est invisible (même avec l'option fichiers cachés et systèmes désactivée) et je ne peux pas m'en débarasser. Je n'avais pas HiJackThis, et il ne s'installe pas du tout à cause de ce fameux dll, du coup j'ai utilisé quelque chose qui s'appelle DDS et qui fournit un rapport équivalent, j'éspère que cela suffira et que vous pourrez m'aider : Note : j'utilise comme navigateurs Chrome et Firefox, je ne télécharge rien via P2P et mon logiciel de mail est Thunderbird, mon antivirus est Antivir (à jour) et n'a rien détecté. Voici le rapport DDS : DDS (Ver_09-02-01.01) - NTFSx86 Run by xcalle at 18:39:47,98 on 23/02/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10 Microsoft Windows XP Professional 5.1.2600.3.1252.33.1033.18.1535.585 [GMT 1:00] AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k eapsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k dot3svc C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\NWTRAY.EXE C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Spyware Doctor\pctsGui.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\xcalle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\xcalle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\xcalle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe C:\Documents and Settings\xcalle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\xcalle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\xcalle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\xcalle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\xcalle\My Documents\Downloads\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [Google Update] "c:\documents and settings\xcalle\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [soundMan] SOUNDMAN.EXE mRun: [avgnt] "c:\program files\antivir personaledition classic\avgnt.exe" /min mRun: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack mRun: [NWTRAY] NWTRAY.EXE mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [iSTray] "c:\program files\spyware doctor\pctsTray.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozill~1.lnk - c:\program files\mozilla thunderbird\thunderbird.exe mPolicies-system: CompatibleRUPSecurity = 1 (0x1) IE: Convertir en Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir en un fichier PDF existant - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la cible du lien en Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la sélection en Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la sélection en un fichier PDF existant - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 nwv1_0 ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\xcalle\applic~1\mozilla\firefox\profiles\bwlwcxmg.default\ FF - plugin: c:\documents and settings\xcalle\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll ============= SERVICES / DRIVERS =============== R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2006-2-1 22336] R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-23 40840] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-23 64160] R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2005-11-8 77312] R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2006-2-1 45376] R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-23 66952] R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-23 81288] R2 AntiVirScheduler;AntiVir Scheduler;c:\program files\antivir personaledition classic\sched.exe [2006-2-1 68865] R2 AntiVirService;AntiVir PersonalEdition Classic Service;c:\program files\antivir personaledition classic\avguard.exe [2006-2-1 151297] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096] R2 NWCMDH;Novell IPX Compatibility Helper;c:\windows\system32\drivers\nwcmd2.sys [2001-10-23 4016] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-23 356920] R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-23 1079176] R3 axsaki;axsaki;c:\windows\system32\drivers\axsaki.sys [2003-3-30 102624] R3 axskbus;axskbus;c:\windows\system32\drivers\axskbus.sys [2003-3-28 8640] R3 NWCMD03;Novell CMD03 Driver;c:\windows\system32\drivers\nwcmd.sys [2003-9-3 50048] R3 NWCMD04;Novell CMD04 Driver;c:\windows\system32\drivers\nwcmd4.sys [2002-5-13 2704] R3 NWCMD05;Novell CMD05 Driver;c:\windows\system32\drivers\nwcmd5.sys [2002-5-13 2704] R3 NWCMD06;Novell CMD06 Driver;c:\windows\system32\drivers\nwcmd6.sys [2002-5-13 2704] R3 NWCMD07;Novell CMD07 Driver;c:\windows\system32\drivers\nwcmd7.sys [2002-5-13 2704] R3 NWCMD08;Novell CMD08 Driver;c:\windows\system32\drivers\nwcmd8.sys [2002-5-13 2704] R3 NWCMD09;Novell CMD09 Driver;c:\windows\system32\drivers\nwcmd9.sys [2002-5-13 2704] R3 NWCMD10;Novell CMD10 Driver;c:\windows\system32\drivers\nwcmd10.sys [2002-5-13 2704] R3 NWCMD11;Novell CMD11 Driver;c:\windows\system32\drivers\nwcmd11.sys [2002-5-13 2704] R3 NWCMD12;Novell CMD12 Driver;c:\windows\system32\drivers\nwcmd12.sys [2002-5-13 2704] R3 NWCMD13;Novell CMD13 Driver;c:\windows\system32\drivers\nwcmd13.sys [2002-5-13 2704] R3 NWCMD14;Novell CMD14 Driver;c:\windows\system32\drivers\nwcmd14.sys [2002-5-13 2704] R3 NWCMD15;Novell CMD15 Driver;c:\windows\system32\drivers\nwcmd15.sys [2002-5-13 2704] R3 NWCMD16;Novell CMD16 Driver;c:\windows\system32\drivers\nwcmd16.sys [2002-5-13 2704] R3 NWCMD17;Novell CMD17 Driver;c:\windows\system32\drivers\nwcmd17.sys [2002-5-13 2704] S2 NWCMD;Novell IPX Compatibility Mode;c:\windows\system32\drivers\nwcmd.sys [2003-9-3 50048] S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2006-4-22 32512] S4 Ipnmssnwasv;Ipnmssnwasv;c:\windows\system32\fc.exe [2004-8-4 14848] =============== Created Last 30 ================ 2009-02-23 17:47 26,478 a------- c:\windows\system32\AAWService_2009_02_23_17_47_47.dmp 2009-02-23 17:45 81,288 a------- c:\windows\system32\drivers\iksyssec.sys 2009-02-23 17:45 66,952 a------- c:\windows\system32\drivers\iksysflt.sys 2009-02-23 17:45 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys 2009-02-23 17:45 29,576 a------- c:\windows\system32\drivers\kcom.sys 2009-02-23 17:45 <DIR> --d----- c:\program files\Spyware Doctor 2009-02-23 17:45 <DIR> --d----- c:\docume~1\xcalle\applic~1\PC Tools 2009-02-23 17:43 <DIR> --d----- c:\program files\Picasa2 2009-02-23 15:53 <DIR> --d----- c:\program files\JRE 2009-02-23 12:30 15,688 a------- c:\windows\system32\lsdelete.exe 2009-02-23 12:18 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-02-23 12:16 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-02-23 12:16 <DIR> --d----- c:\program files\Lavasoft ==================== Find3M ==================== 2009-01-13 16:01 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2008-12-21 00:15 826,368 a------- c:\windows\system32\wininet.dll 2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe 2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll 2008-12-02 11:02 410,976 a------- c:\windows\system32\deploytk.dll 2008-10-02 14:06 22,328 a------- c:\docume~1\xcalle\applic~1\PnkBstrK.sys 1999-07-07 01:00 6 ---shr-- c:\windows\@@desktop.dat ============= FINISH: 18:42:00,01 =============== Merci de votre aide
×
×
  • Créer...