Aller au contenu

LaGroO

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    6

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par LaGroO

  1. LaGroO
    Bon, ça a l'air d'aller maintenant. Merci beaucoup en tout cas pour l'aide !
  2. LaGroO
    Voici le rapport HiJackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:49:20, on 16/03/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Users\Phil\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Users\Phil\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Users\Phil\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://hotline.eclair.ec-lyon.fr/proxy.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Phil\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe O4 - Startup: QuickSet.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing) O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio.exe (file missing) -- End of file - 8335 bytes
  3. LaGroO
    Rapport Kaspersky : -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, March 16, 2009 Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, March 15, 2009 20:37:55 Records in database: 1909826 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 268347 Threat name: 1 Infected objects: 3 Suspicious objects: 0 Duration of the scan: 02:42:11 File name / Threat name / Threats count C:\Qoobox\Quarantine\C\Windows\System32\senekapcidthxi.dll.vir Infected: Packed.Win32.Tdss.c 1 C:\Qoobox\Quarantine\C\Windows\System32\senekapttirvnn.dll.vir Infected: Packed.Win32.Tdss.c 1 C:\Qoobox\Quarantine\C\Windows\System32\senekauvecncdc.dll.vir Infected: Packed.Win32.Tdss.c 1 The selected area was scanned.
  4. LaGroO
    Voici le rapport : ComboFix 09-03-12.01 - Phil 2009-03-14 19:50:33.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2045.1267 [GMT 1:00] Lancé depuis: c:\users\Phil\Desktop\Bibitte.exe Commutateurs utilisés :: c:\users\Phil\Desktop\CFScript.txt AV: avast! antivirus 4.8.1229 [VPS 090103-1] *On-access scanning enabled* (Updated) * Un nouveau point de restauration a été créé FILE :: c:\program files\Bonjour\mDNSResponder.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Bonjour c:\program files\Bonjour\About Bonjour.rtf c:\program files\Bonjour\mdnsNSP.dll c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\drivers\seneka.sys c:\windows\system32\drivers\senekariajaquq.sys c:\windows\system32\senekapop.dll c:\windows\system32\senekasmruqhbw.dat . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_seneka ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-14 au 2009-03-14 )))))))))))))))))))))))))))))))))))) . 2009-03-11 19:03 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-03-11 19:03 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-11 19:03 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-03-11 19:03 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-03-11 19:03 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-03-11 19:03 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-03-10 08:50 . 2009-03-10 08:50 <REP> d-------- c:\users\Phil\AppData\Roaming\Borland 2009-03-10 08:40 . 2009-03-10 08:41 <REP> d-------- c:\program files\Common Files\CodeGear Shared 2009-03-10 08:40 . 2009-03-10 08:40 <REP> d-------- c:\program files\Common Files\Borland Shared 2009-03-10 08:40 . 2009-03-10 08:40 <REP> d-------- c:\program files\CodeGear 2009-03-10 08:32 . 2009-03-10 08:51 <REP> d-------- c:\users\All Users\CodeGear 2009-03-10 08:32 . 2009-03-10 08:51 <REP> d-------- c:\programdata\CodeGear 2009-03-10 08:31 . 2009-03-10 09:08 <REP> d-------- c:\users\All Users\{AB3EC276-D261-4943-A921-1CC1C6799AED} 2009-03-10 08:31 . 2009-03-10 09:08 <REP> d-------- c:\programdata\{AB3EC276-D261-4943-A921-1CC1C6799AED} 2009-03-07 18:46 . 2009-03-07 18:46 <REP> d-------- c:\users\Phil\AppData\Roaming\Auslogics 2009-03-07 18:46 . 2009-03-07 18:46 <REP> d-------- c:\program files\Auslogics 2009-02-27 21:11 . 2009-02-27 21:11 <REP> d----c--- c:\windows\System32\DRVSTORE 2009-02-27 21:11 . 2009-02-27 21:11 <REP> d-------- c:\users\Phil\AppData\Roaming\Apple Computer 2009-02-27 21:11 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll 2009-02-27 21:11 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys 2009-02-27 21:10 . 2009-02-27 21:11 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-02-27 21:10 . 2009-02-27 21:11 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-02-27 21:10 . 2009-02-27 21:11 <REP> d-------- c:\program files\iTunes 2009-02-27 21:10 . 2009-02-27 21:10 <REP> d-------- c:\program files\iPod 2009-02-27 21:07 . 2009-02-27 21:07 <REP> d-------- c:\program files\Apple Software Update 2009-02-27 21:06 . 2009-02-27 21:10 <REP> d-------- c:\program files\Common Files\Apple 2009-02-24 17:31 . 2009-02-24 17:31 <REP> d-------- c:\users\Phil\Bluetooth Software . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-14 18:56 0 ----a-w c:\users\All Users\nvModes.dat 2009-03-14 18:56 0 ----a-w c:\programdata\nvModes.dat 2009-03-13 20:11 --------- d-----w c:\program files\DC++ 2009-03-12 08:46 --------- d-----w c:\program files\Windows Mail 2009-03-12 08:44 --------- d-----w c:\programdata\Microsoft Help 2009-03-01 21:04 --------- d-----w c:\program files\Mp3TagToolsv12 2009-02-27 20:10 --------- d-----w c:\programdata\Apple Computer 2009-02-27 20:09 --------- d-----w c:\program files\QuickTime Alternative 2009-02-07 16:20 --------- d-----w c:\program files\EA Games 2009-02-07 16:17 --------- d-----w c:\program files\AGEIA Technologies 2009-02-07 16:16 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys 2009-01-23 16:00 --------- d-----w c:\users\Phil\AppData\Roaming\fretsonfire 2009-01-23 16:00 --------- d-----w c:\program files\Frets on Fire 2009-01-19 17:50 --------- d-----w c:\program files\Audacity 2009-01-19 17:46 --------- d-----w c:\programdata\NCH Swift Sound 2008-04-28 19:45 22,328 ----a-w c:\users\Phil\AppData\Roaming\PnkBstrK.sys 2008-04-12 13:33 132,264 ----a-w c:\users\Phil\AppData\Roaming\nvModes.dat 2008-03-26 11:01 174 --sha-w c:\program files\desktop.ini 2007-10-13 12:00 0 ----a-w c:\users\Phil\AppData\Roaming\wklnhst.dat 2007-10-08 14:54 76 --sh--r c:\windows\CT4CET.bin 2008-04-03 20:08 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-04-03 20:08 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-04-03 20:08 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-03-13_13.45.51.66 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE - 2009-03-13 12:40:06 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-03-14 18:56:10 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT - 2009-03-13 12:40:06 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-03-14 18:56:13 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-03-14 18:56:13 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2009-03-13 11:37:32 105,752 ----a-w c:\windows\System32\perfc009.dat + 2009-03-13 17:10:33 105,752 ----a-w c:\windows\System32\perfc009.dat - 2009-03-13 11:37:33 123,556 ----a-w c:\windows\System32\perfc00C.dat + 2009-03-13 17:10:33 123,556 ----a-w c:\windows\System32\perfc00C.dat - 2009-03-13 11:37:33 591,872 ----a-w c:\windows\System32\perfh009.dat + 2009-03-13 17:10:33 591,872 ----a-w c:\windows\System32\perfh009.dat - 2009-03-13 11:37:33 669,566 ----a-w c:\windows\System32\perfh00C.dat + 2009-03-13 17:10:33 669,566 ----a-w c:\windows\System32\perfh00C.dat - 2009-03-13 12:42:03 11,928 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3575546740-1429275205-405926686-1000_UserData.bin + 2009-03-14 18:02:34 11,952 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3575546740-1429275205-405926686-1000_UserData.bin - 2009-03-13 12:42:03 147,308 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-03-14 18:02:34 147,470 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-03-13 12:41:58 55,360 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-03-14 18:02:30 55,360 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-03-11 11:43:09 438,198 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-03-13 17:05:13 439,974 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-08 1862144] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-22 166432] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13515296] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 92704] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-02-22 92704] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] c:\users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Outil de notification Live Search.lnk - c:\users\Phil\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-12-18 143360] QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut1_53A01CC614B04512A2E710D39BF83DC4.exe [2007-10-08 45056] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-08 50688] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3575546740-1429275205-405926686-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{9954A64F-1E70-4155-98F0-64237BC05CD1}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema "{BF2871F4-2C49-4A15-BB2A-1EDD39A29A8A}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{AF467CDD-3008-4EBF-898D-BCEEEE7BAEA6}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{B82B8783-0E81-48D2-A01C-8458D28923AD}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "TCP Query User{72E39133-118D-4824-A43E-A620DDBA87A7}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player "UDP Query User{13C937C9-E569-46D5-B2DC-D05474E15FE8}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player "{AAC8510A-7818-47A7-93F9-184889DB07EC}"= UDP:c:\program files\Google\Google Desktop Search\GoogleDesktop.exe:Google Desktop "{88753D6A-E037-404A-BA3C-AE91064C2F41}"= TCP:c:\program files\Google\Google Desktop Search\GoogleDesktop.exe:Google Desktop "{D06AA9A2-0C1F-4D14-968B-5876C42E9605}"= UDP:4664:Google Desktop port "{ABB5D8BF-0C94-4176-A315-A47CDA263734}"= UDP:9339:Texas Hold'em Facebook "TCP Query User{4D0F6753-1054-4E00-BFE1-301D3DC40A78}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++ "UDP Query User{525D7231-338B-4F37-9481-27829A028882}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++ "{11D7757C-B834-442F-85E6-BF39A4D8C9EF}"= UDP:1240:Hotmail "{578B2432-6F19-4A03-BFE8-7F39952425AA}"= TCP:1240:Hotmail(2) "{6DFB30DB-DD78-4E9B-BCEB-E73522260144}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008 "{8A909ED0-A3D9-400E-9B1F-96DDFAA6EED9}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008 "TCP Query User{5EEDE0E5-D701-4AF0-BF4D-FE8F67A3AEC1}c:\\users\\phil\\downloads\\splinter cell pandora tomorrow\\pandora.exe"= UDP:c:\users\phil\downloads\splinter cell pandora tomorrow\pandora.exe:pandora "UDP Query User{CCB905B7-6445-4648-9601-C32CFC6467B8}c:\\users\\phil\\downloads\\splinter cell pandora tomorrow\\pandora.exe"= TCP:c:\users\phil\downloads\splinter cell pandora tomorrow\pandora.exe:pandora "TCP Query User{E38C7B3B-AB14-456B-9432-75C50F891DDB}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{2422B691-45F7-4E47-9A5B-6648BDE66192}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "{26AB5E42-216E-4367-A398-D74B0F55CF99}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{9696C176-9C47-4AC5-9FD6-96D9DCFD947E}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{A3AEAA5A-B344-47ED-B3CF-85BA8A0A09D1}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III "{BFD40A5C-B9F2-44E8-A669-BDD01C62F2E9}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{663598C2-541E-4F39-A7C1-6D667667CB48}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{9873A928-B14B-44A4-9391-4BCEA4A29ACD}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{95D4BBCE-0587-4E69-A060-6335723F055D}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{97CC75DC-958C-4523-AE46-17E6CBD3BBC5}c:\\counter-strike source lan edition\\hl2.exe"= UDP:c:\counter-strike source lan edition\hl2.exe:hl2 "UDP Query User{87726A6C-562A-461B-BD54-61A64317F674}c:\\counter-strike source lan edition\\hl2.exe"= TCP:c:\counter-strike source lan edition\hl2.exe:hl2 "TCP Query User{24416B44-7109-4E48-A747-84DC881C14C5}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{48B3741D-0231-4183-B1D2-61D13A3AF16C}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{B94EFE7C-9C60-498D-86D7-A2970D626C3B}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{284707D9-1E49-45A3-A8B7-A2ECBC72AF33}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{278FD0AF-C8D7-4DBE-AC2D-5EF59C0C34A8}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{20C3E9F6-50C1-4D81-8681-91867C261047}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "{9CF9B6D2-1226-4516-AA93-E6CC71082B4C}"= UDP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™ "{634DF36A-21F7-47FB-9997-FEB3AC12C5F4}"= TCP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™ "{CD374017-CDC6-47D7-A7E8-85E2B5A90D38}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{247C446D-9843-4F58-954F-FE76BDB84F84}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-04-11 114768] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2007-10-13 73728] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-04-11 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2007-10-15 51792] R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2007-10-08 235584] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2007-10-08 7424] S3 hid8101;hid8101;c:\windows\System32\drivers\hid8101.sys [2007-12-27 31899] S4 msvsmon80;Débogueur distant Visual Studio 2005;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-14 2808664] --- Autres Services/Pilotes en mémoire --- *Deregistered* - sptd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \shell\AutoRun\command - WDSetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37677d84-c6dd-11dd-bcbf-001c239499f1}] \shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0681f1b-8a25-11dd-a2b5-001c239499f1}] \shell\AutoRun\command - WDSetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef8f9328-2d56-11dd-80c8-001c239499f1}] \shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3899e0a-7e8a-11dc-9811-001c26f27048}] \shell\AutoRun\command - G:\win32/setup.exe . Contenu du dossier 'Tâches planifiées' 2009-03-14 c:\windows\Tasks\User_Feed_Synchronization-{180818B5-1487-4F2D-8BC1-FAF9E4CD9599}.job - c:\windows\system32\msfeedssync.exe [2008-01-18 23:33] . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\na8abr4s.default\ FF - prefs.js: browser.search.selectedEngine - Facebook FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-14 19:56:23 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\System32\wlanext.exe c:\windows\System32\conime.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\System32\PnkBstrA.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\windows\ehome\ehmsas.exe c:\users\Phil\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe c:\windows\System32\stacsv.exe c:\windows\System32\msiexec.exe c:\program files\iPod\bin\iPodService.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\System32\wermgr.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\System32\dllhost.exe . ************************************************************************** . Heure de fin: 2009-03-14 20:02:18 - La machine a redémarré ComboFix-quarantined-files.txt 2009-03-14 19:02:12 ComboFix2.txt 2009-03-13 12:47:18 Avant-CF: 17 102 467 072 octets libres Après-CF: 16,446,394,368 octets libres 279 --- E O F --- 2009-03-12 08:45:28
  5. LaGroO
    Voilà ce que m'a donnée Combofix : ComboFix 09-03-12.01 - Phil 2009-03-13 13:29:32.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2045.1102 [GMT 1:00] Lancé depuis: c:\users\Phil\Desktop\Bibitte.exe AV: avast! antivirus 4.8.1229 [VPS 090103-1] *On-access scanning enabled* (Updated) * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\senekauxcivpkj.sys c:\windows\system32\senekapcidthxi.dll c:\windows\system32\senekapstbddxr.dat c:\windows\system32\senekapttirvnn.dll c:\windows\system32\senekauvecncdc.dll c:\windows\system32\senekavxbucsmr.dat . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SENEKA ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-13 au 2009-03-13 )))))))))))))))))))))))))))))))))))) . 2009-03-13 13:37 . 2009-03-13 13:37 0 --a------ c:\windows\System32\senekapop.dll 2009-03-13 13:37 . 2009-03-13 13:37 0 --a------ c:\windows\System32\drivers\seneka.sys 2009-03-13 13:33 . 2009-03-13 13:35 1,436 --a------ c:\windows\System32\senekasmruqhbw.dat 2009-03-11 19:03 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-03-11 19:03 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-11 19:03 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-03-11 19:03 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-03-11 19:03 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-03-11 19:03 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-03-10 08:50 . 2009-03-10 08:50 <REP> d-------- c:\users\Phil\AppData\Roaming\Borland 2009-03-10 08:40 . 2009-03-10 08:41 <REP> d-------- c:\program files\Common Files\CodeGear Shared 2009-03-10 08:40 . 2009-03-10 08:40 <REP> d-------- c:\program files\Common Files\Borland Shared 2009-03-10 08:40 . 2009-03-10 08:40 <REP> d-------- c:\program files\CodeGear 2009-03-10 08:32 . 2009-03-10 08:51 <REP> d-------- c:\users\All Users\CodeGear 2009-03-10 08:32 . 2009-03-10 08:51 <REP> d-------- c:\programdata\CodeGear 2009-03-10 08:31 . 2009-03-10 09:08 <REP> d-------- c:\users\All Users\{AB3EC276-D261-4943-A921-1CC1C6799AED} 2009-03-10 08:31 . 2009-03-10 09:08 <REP> d-------- c:\programdata\{AB3EC276-D261-4943-A921-1CC1C6799AED} 2009-03-07 18:46 . 2009-03-07 18:46 <REP> d-------- c:\users\Phil\AppData\Roaming\Auslogics 2009-03-07 18:46 . 2009-03-07 18:46 <REP> d-------- c:\program files\Auslogics 2009-03-05 15:06 . 2009-03-05 15:06 0 --a------ c:\windows\System32\drivers\senekariajaquq.sys 2009-02-27 21:11 . 2009-02-27 21:11 <REP> d----c--- c:\windows\System32\DRVSTORE 2009-02-27 21:11 . 2009-02-27 21:11 <REP> d-------- c:\users\Phil\AppData\Roaming\Apple Computer 2009-02-27 21:11 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll 2009-02-27 21:11 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys 2009-02-27 21:10 . 2009-02-27 21:11 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-02-27 21:10 . 2009-02-27 21:11 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-02-27 21:10 . 2009-02-27 21:11 <REP> d-------- c:\program files\iTunes 2009-02-27 21:10 . 2009-02-27 21:10 <REP> d-------- c:\program files\iPod 2009-02-27 21:10 . 2009-02-27 21:10 <REP> d-------- c:\program files\Bonjour 2009-02-27 21:07 . 2009-02-27 21:07 <REP> d-------- c:\program files\Apple Software Update 2009-02-27 21:06 . 2009-02-27 21:10 <REP> d-------- c:\program files\Common Files\Apple 2009-02-24 17:31 . 2009-02-24 17:31 <REP> d-------- c:\users\Phil\Bluetooth Software . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-13 12:40 227,388 ----a-w c:\users\All Users\nvModes.dat 2009-03-13 12:40 227,388 ----a-w c:\programdata\nvModes.dat 2009-03-12 08:46 --------- d-----w c:\program files\Windows Mail 2009-03-12 08:44 --------- d-----w c:\programdata\Microsoft Help 2009-03-11 22:40 --------- d-----w c:\program files\DC++ 2009-03-01 21:04 --------- d-----w c:\program files\Mp3TagToolsv12 2009-02-27 20:10 --------- d-----w c:\programdata\Apple Computer 2009-02-27 20:09 --------- d-----w c:\program files\QuickTime Alternative 2009-02-07 16:20 --------- d-----w c:\program files\EA Games 2009-02-07 16:17 --------- d-----w c:\program files\AGEIA Technologies 2009-02-07 16:16 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys 2009-01-23 16:00 --------- d-----w c:\users\Phil\AppData\Roaming\fretsonfire 2009-01-23 16:00 --------- d-----w c:\program files\Frets on Fire 2009-01-19 17:50 --------- d-----w c:\program files\Audacity 2009-01-19 17:46 --------- d-----w c:\programdata\NCH Swift Sound 2009-01-13 07:14 --------- d-----w c:\program files\ECL 2008-04-28 19:45 22,328 ----a-w c:\users\Phil\AppData\Roaming\PnkBstrK.sys 2008-04-12 13:33 132,264 ----a-w c:\users\Phil\AppData\Roaming\nvModes.dat 2008-03-26 11:01 174 --sha-w c:\program files\desktop.ini 2007-10-13 12:00 0 ----a-w c:\users\Phil\AppData\Roaming\wklnhst.dat 2007-10-08 14:54 76 --sh--r c:\windows\CT4CET.bin 2008-04-03 20:08 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-04-03 20:08 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-04-03 20:08 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-08 1862144] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-22 166432] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13515296] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 92704] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-02-22 92704] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] c:\users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Outil de notification Live Search.lnk - c:\users\Phil\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-12-18 143360] QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut1_53A01CC614B04512A2E710D39BF83DC4.exe [2007-10-08 45056] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-08 50688] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3575546740-1429275205-405926686-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{9954A64F-1E70-4155-98F0-64237BC05CD1}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema "{BF2871F4-2C49-4A15-BB2A-1EDD39A29A8A}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{AF467CDD-3008-4EBF-898D-BCEEEE7BAEA6}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{B82B8783-0E81-48D2-A01C-8458D28923AD}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "TCP Query User{72E39133-118D-4824-A43E-A620DDBA87A7}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player "UDP Query User{13C937C9-E569-46D5-B2DC-D05474E15FE8}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player "{AAC8510A-7818-47A7-93F9-184889DB07EC}"= UDP:c:\program files\Google\Google Desktop Search\GoogleDesktop.exe:Google Desktop "{88753D6A-E037-404A-BA3C-AE91064C2F41}"= TCP:c:\program files\Google\Google Desktop Search\GoogleDesktop.exe:Google Desktop "{D06AA9A2-0C1F-4D14-968B-5876C42E9605}"= UDP:4664:Google Desktop port "{ABB5D8BF-0C94-4176-A315-A47CDA263734}"= UDP:9339:Texas Hold'em Facebook "TCP Query User{4D0F6753-1054-4E00-BFE1-301D3DC40A78}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++ "UDP Query User{525D7231-338B-4F37-9481-27829A028882}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++ "{11D7757C-B834-442F-85E6-BF39A4D8C9EF}"= UDP:1240:Hotmail "{578B2432-6F19-4A03-BFE8-7F39952425AA}"= TCP:1240:Hotmail(2) "{6DFB30DB-DD78-4E9B-BCEB-E73522260144}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008 "{8A909ED0-A3D9-400E-9B1F-96DDFAA6EED9}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008 "TCP Query User{5EEDE0E5-D701-4AF0-BF4D-FE8F67A3AEC1}c:\\users\\phil\\downloads\\splinter cell pandora tomorrow\\pandora.exe"= UDP:c:\users\phil\downloads\splinter cell pandora tomorrow\pandora.exe:pandora "UDP Query User{CCB905B7-6445-4648-9601-C32CFC6467B8}c:\\users\\phil\\downloads\\splinter cell pandora tomorrow\\pandora.exe"= TCP:c:\users\phil\downloads\splinter cell pandora tomorrow\pandora.exe:pandora "TCP Query User{E38C7B3B-AB14-456B-9432-75C50F891DDB}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{2422B691-45F7-4E47-9A5B-6648BDE66192}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "{26AB5E42-216E-4367-A398-D74B0F55CF99}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{9696C176-9C47-4AC5-9FD6-96D9DCFD947E}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{A3AEAA5A-B344-47ED-B3CF-85BA8A0A09D1}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III "{BFD40A5C-B9F2-44E8-A669-BDD01C62F2E9}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{663598C2-541E-4F39-A7C1-6D667667CB48}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{9873A928-B14B-44A4-9391-4BCEA4A29ACD}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{95D4BBCE-0587-4E69-A060-6335723F055D}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{97CC75DC-958C-4523-AE46-17E6CBD3BBC5}c:\\counter-strike source lan edition\\hl2.exe"= UDP:c:\counter-strike source lan edition\hl2.exe:hl2 "UDP Query User{87726A6C-562A-461B-BD54-61A64317F674}c:\\counter-strike source lan edition\\hl2.exe"= TCP:c:\counter-strike source lan edition\hl2.exe:hl2 "TCP Query User{24416B44-7109-4E48-A747-84DC881C14C5}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{48B3741D-0231-4183-B1D2-61D13A3AF16C}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{B94EFE7C-9C60-498D-86D7-A2970D626C3B}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{284707D9-1E49-45A3-A8B7-A2ECBC72AF33}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{278FD0AF-C8D7-4DBE-AC2D-5EF59C0C34A8}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{20C3E9F6-50C1-4D81-8681-91867C261047}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "{9CF9B6D2-1226-4516-AA93-E6CC71082B4C}"= UDP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™ "{634DF36A-21F7-47FB-9997-FEB3AC12C5F4}"= TCP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™ "{41F864BC-0058-4552-8C06-9E6034D413FA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{C4F2F244-04E1-4EA3-B1D6-C060EA29E913}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{CD374017-CDC6-47D7-A7E8-85E2B5A90D38}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{247C446D-9843-4F58-954F-FE76BDB84F84}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-04-11 114768] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2007-10-13 73728] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-04-11 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2007-10-15 51792] R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2007-10-08 235584] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2007-10-08 7424] S3 hid8101;hid8101;c:\windows\System32\drivers\hid8101.sys [2007-12-27 31899] S4 msvsmon80;Débogueur distant Visual Studio 2005;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-14 2808664] --- Autres Services/Pilotes en mémoire --- *Deregistered* - sptd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \shell\AutoRun\command - WDSetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37677d84-c6dd-11dd-bcbf-001c239499f1}] \shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0681f1b-8a25-11dd-a2b5-001c239499f1}] \shell\AutoRun\command - WDSetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef8f9328-2d56-11dd-80c8-001c239499f1}] \shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3899e0a-7e8a-11dc-9811-001c26f27048}] \shell\AutoRun\command - G:\win32/setup.exe . Contenu du dossier 'Tâches planifiées' 2009-03-13 c:\windows\Tasks\User_Feed_Synchronization-{180818B5-1487-4F2D-8BC1-FAF9E4CD9599}.job - c:\windows\system32\msfeedssync.exe [2008-01-18 23:33] . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\na8abr4s.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-13 13:40:28 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\System32\wlanext.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\windows\ehome\ehmsas.exe c:\users\Phil\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\System32\PnkBstrA.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe c:\windows\System32\stacsv.exe c:\windows\System32\msiexec.exe c:\program files\iPod\bin\iPodService.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\System32\wermgr.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe c:\windows\System32\conime.exe c:\windows\System32\dllhost.exe . ************************************************************************** . Heure de fin: 2009-03-13 13:47:17 - La machine a redémarré ComboFix-quarantined-files.txt 2009-03-13 12:47:14 Avant-CF: 19,768,340,480 octets libres Après-CF: 19,756,691,456 octets libres 256 --- E O F --- 2009-03-12 08:45:28
  6. LaGroO
    Bonjour, j'ai actuellement le même problème que dans ce topic, avec les mêmes symptômes. D'après Avast, le trojan est situé dans un fichier "senekapcidthxi.dll" du dossier System32. Pouvez-vous m'aider à résoudre ce problème ? Merci d'avance. Voici mon rapport HiJackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:50:10, on 09/03/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Users\Phil\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\ehome\ehmsas.exe C:\Users\Phil\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Users\Phil\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://hotline.eclair.ec-lyon.fr/proxy.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Phil\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe O4 - Startup: QuickSet.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio.exe (file missing) -- End of file - 9092 bytes
×
×
  • Créer...