Aller au contenu

edouar

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    7

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par edouar

  1. edouar
    Non non, juste un merci m'sieur Gof. J'ai appris grâce à cette expérience l'existence d'outils (rsit, mbam) que j'ignorais jusqu'alors. En général je me soigne moi-même ^^
  2. edouar
    Oui monsieur Gof.
  3. edouar
    Ba oui et non. En fait, il n'y avait pas vraiment de soucis. Mis à part qu'un programme, je ne sais pas trop lequel (peut être hijackthis) a associé son url avec l'adresse de loopback. Du coup, j'ai pensé que FF se connectait à ce site alors que non. Il discute juste en local. Maintenant je saurais. Pour le fichier de log; le voici : Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1856 Windows 5.1.2600 Service Pack 2 17/03/2009 00:26:59 mbam-log-2009-03-17 (00-26-56).txt Type de recherche: Examen rapide Eléments examinés: 71657 Temps écoulé: 3 minute(s), 52 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  4. edouar
    Ok, donc je viens de me faire peur tout seul et de me rendre compte que pour fonctionner, Firefox s'ouvre des connexions... Merci pour ton aide Gof.
  5. edouar
    Merci de votre aide, Concernant les éléments infectieux, le seul truc que j'ai touché est "v6msn.exe" qui me posait problème lors de l'accès à ma clef et mon lecteur de carte USB. J'ai supprimé le malpropre en utilisant le mode sans échec. Et c'est étrange par ce que dans mon fichier c:\windows\system32\drivers\etc\hosts il n'y avait rien d'inscrit. Enfin, voici le log.txt : Logfile of random's system information tool 1.05 (written by random/random) Run by edouar at 2009-03-16 23:42:33 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 971 MB (5%) free of 20 GB Total RAM: 511 MB (40% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:42:37, on 16/03/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe D:\hyperion\deployed\common\DBMS\mysql\4.0.12\bin\mysqld-max-nt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Opera\opera.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Notepad++\notepad++.exe C:\Documents and Settings\edouar\Bureau\RSIT.exe C:\Program Files\trend micro\edouar.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [url="http://www.zebulon.fr/outils/antivirus/kavwebscan_unicode.cab"]http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab[/url] O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url="http://www.zebulon.fr/scan8/oscan8.cab"]http://www.zebulon.fr/scan8/oscan8.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{FD832E59-E923-498F-945E-77B7DAD582C6}: NameServer = 212.27.53.252,212.27.54.252 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Hyperion-mysql-4.0.12 - Unknown owner - D:\hyperion\deployed\common\DBMS\mysql\4.0.12\bin\mysqld-max-nt.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 3745 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952] "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168] "NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-11-21 3297280] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe C:\Documents and Settings\edouar\Menu Démarrer\Programmes\Démarrage OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\LeechFTP\Leechftp.exe"="C:\Program Files\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP" "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe"="C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic" "C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe"="C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe:192.168.0.1/255.255.255.255:Enabled:Acrobat Reader 5.0" "C:\Program Files\EditPlus 2\editplus.exe"="C:\Program Files\EditPlus 2\editplus.exe:*:Enabled:EditPlus" "C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus" "D:\HYPERION\deployed\server\bin\essbase.exe"="D:\HYPERION\deployed\server\bin\essbase.exe:*:Enabled:Essbase Agent" "D:\HYPERION\deployed\server\bin\esssvr.exe"="D:\HYPERION\deployed\server\bin\esssvr.exe:*:Enabled:Essbase support module" "D:\HYPERION\OpenLDAP\slapd.exe"="D:\HYPERION\OpenLDAP\slapd.exe:*:Enabled:slapd" "D:\HYPERION\deployed\common\JDK\Sun\1.4.2\bin\java.exe"="D:\HYPERION\deployed\common\JDK\Sun\1.4.2\bin\java.exe:*:Enabled:java" "D:\HYPERION\deployed\AdminServices\server\bin\adminsvr.exe"="D:\HYPERION\deployed\AdminServices\server\bin\adminsvr.exe:*:Enabled:LaunchAnywhere Console" "C:\Program Files\travail\eclipse\eclipse.exe"="C:\Program Files\travail\eclipse\eclipse.exe:*:Enabled:eclipse" "C:\Program Files\Java\jre1.6.0_04\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_04\bin\javaw.exe:*:Enabled:Java(tm) Platform SE binary" "\\edouarpc\D\M2\travail\eclipse\eclipse.exe"="\\edouarpc\D\M2\travail\eclipse\eclipse.exe:*:Enabled:eclipse" "\\edouarpc\D\M2\travail\jdk1.6.0_07\jre\bin\javaw.exe"="\\edouarpc\D\M2\travail\jdk1.6.0_07\jre\bin\javaw.exe:*:Enabled:Java(tm) Platform SE binary" "C:\Program Files\Java\jdk1.6.0_10\bin\java.exe"="C:\Program Files\Java\jdk1.6.0_10\bin\java.exe:*:Enabled:Java(tm) Platform SE binary" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(tm) Platform SE binary" "C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(tm) Platform SE binary" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d20c1fc-db53-11dd-b378-000c6eb42260}] shell\AutoRun\command - G:\WD_Windows_Tools\Setup.exe ======List of files/folders created in the last 1 months====== 2009-03-16 23:35:24 ----D---- C:\WINDOWS\system32\Kaspersky Lab 2009-03-16 23:15:59 ----D---- C:\Program Files\trend micro 2009-03-16 23:15:58 ----D---- C:\rsit 2009-03-16 19:57:55 ----D---- C:\WINDOWS\BDOSCAN8 2009-03-16 19:57:52 ----D---- C:\WINDOWS\LastGood 2009-03-16 19:23:21 ----D---- C:\Documents and Settings\edouar\Application Data\Mozilla 2009-03-15 09:24:48 ----A---- C:\WINDOWS\ModemLog_SoftV90 Data Fax Voice Modem.txt 2009-03-06 09:56:56 ----A---- C:\WINDOWS\ntbtlog.txt 2009-02-25 21:50:48 ----D---- C:\Documents and Settings\edouar\Application Data\Opera 2009-02-25 21:50:24 ----D---- C:\Program Files\Opera 2009-02-21 18:24:38 ----D---- C:\Documents and Settings\edouar\Application Data\gtk-2.0 ======List of files/folders modified in the last 1 months====== 2009-03-16 23:42:05 ----D---- C:\WINDOWS\Prefetch 2009-03-16 23:35:24 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-03-16 23:35:24 ----HD---- C:\WINDOWS\inf 2009-03-16 23:35:24 ----D---- C:\WINDOWS\system32 2009-03-16 23:15:59 ----RD---- C:\Program Files 2009-03-16 21:54:29 ----D---- C:\Program Files\Mozilla Firefox 2009-03-16 21:09:51 ----D---- C:\Documents and Settings\edouar\Application Data\OpenOffice.org2 2009-03-16 20:16:02 ----D---- C:\WINDOWS 2009-03-16 19:57:52 ----D---- C:\WINDOWS\system32\CatRoot2 2009-03-16 18:20:21 ----D---- C:\WINDOWS\Temp 2009-03-16 18:14:53 ----D---- C:\WINDOWS\system32\drivers 2009-03-16 11:56:04 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-03-15 23:20:06 ----D---- C:\Documents and Settings\edouar\Application Data\Azureus 2009-03-15 09:19:00 ----D---- C:\Program Files\Microsoft Silverlight 2009-03-14 10:12:33 ----SHD---- C:\WINDOWS\Installer 2009-03-08 11:26:50 ----D---- C:\Program Files\Vuze 2009-03-06 09:57:24 ----D---- C:\Documents and Settings 2009-03-04 08:14:52 ----D---- C:\WINDOWS\Help 2009-03-04 08:13:59 ----D---- C:\Program Files\Windows Media Player 2009-02-23 17:42:57 ----D---- C:\Program Files\travail ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-19 40320] R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887] R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807] R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868] R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711] R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751] R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608] R3 EL2000;3Com 3C2000x EtherLink XL Adapter; C:\WINDOWS\System32\DRIVERS\EL2K_XP.sys [2003-07-17 147328] R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032] R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056] S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167] S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879] S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2006-05-03 413696] R2 Hyperion-mysql-4.0.12;Hyperion-mysql-4.0.12; D:\hyperion\deployed\common\DBMS\mysql\4.0.12\bin\mysqld-max-nt.exe [2007-05-02 2437120] R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-23 152984] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF-----------------
  6. edouar
    Voici log.txt : info.txt : info.txt logfile of random's system information tool 1.05 2009-03-16 23:16:02 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ACDSee 5.0 PowerPack-->MsiExec.exe /I{5058B085-AA79-41E5-A726-681B4C4B846E} Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop 7.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log AFPL Ghostscript 7.03-->c:\program files\gs\uninstgs.exe "c:\program files\gs\gs7.03\uninstal.txt" AFPL Ghostscript Fonts-->c:\program files\gs\uninstgs.exe "c:\program files\gs\fonts\uninstal.txt" Ahead Nero 6 Demo-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Dia (supprimer uniquement)-->C:\Program Files\Dia\dia-0.96.1-2-uninstall.exe doPDF 6.1 printer-->"C:\Program Files\Softland\doPDF 6\unins000.exe" EasyPHP 2.0b1-->"C:\Program Files\EasyPHP 2.0b1\unins000.exe" EditPlus 2-->C:\Program Files\EditPlus 2\remove.exe eMule-->"C:\Program Files\eMule\Uninstall.exe" Essbase Administration Services 9.2.1.0-->D:\hyperion\deployed\AdminServices\uninstall\uninstall.exe Essbase Server 9.2.1.0-->D:\hyperion\deployed\server\UninstallServer\uninstall.exe Flock 1.2-->C:\Program Files\Flock\uninst.exe Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe" GSview 4.1-->c:\program files\gs\Ghostgum\gsview\uninstgs.exe "c:\program files\gs\Ghostgum\gsview\uninstal.txt" GTK+ 2.10.6-1 runtime environment-->"C:\Program Files\Fichiers communs\GTK\2.0\setup\unins000.exe" HijackThis 2.0.2-->"C:\Documents and Settings\edouar\Bureau\HijackThis.exe" /uninstall Hyperion System 9 BI+ Analytic Services 9.2.0 documentation-->C:\WINDOWS\IsUninst.exe -fd:\hyperion\deployed\documentation\Essdocs.isu -cd:\hyperion\deployed\documentation\EssUnins.dll --EssDocs Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38} Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040} Java(TM) SE Development Kit 6 Update 10-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160100} JUDE Community 5.4.1-->"C:\Program Files\JUDE-Community\unins000.exe" LeechFTP -->C:\WINDOWS\eraser.exe KILL "C:\Program Files\LeechFTP\uninstall.uif" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE} Microsoft Office Visio Professional 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL Microsoft Office Visio Professional 2007-->MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Notepad++-->C:\Program Files\Notepad++\uninstall.exe OpenOffice.org 2.4-->MsiExec.exe /I{A122962F-331A-4C2E-93DB-AD92D8A4FB14} Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143} Radio Media Player-->C:\Program Files\Windows Media Player\Plugins\Radios Media Player\uninst.exe Real Alternative 1.8.4-->"C:\Program Files\Real Alternative\unins000.exe" Satsuki Decoder Pack 4000-->C:\Program Files\Satsuki Decoder Pack\Uninstall.exe SIW version 2008-09-03-->"C:\Program Files\SIW\unins000.exe" Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} StarUML 5.0.2.1570-->"C:\Program Files\StarUML\unins000.exe" TeLL me More CJ-->"C:\PROGRAM FILES\TELL ME MORE CJ\BIN\unsetup.exe" -file "C:\PROGRAM FILES\TELL ME MORE CJ\unsetup.aui" TortoiseSVN 1.5.7.15182 (32 bit)-->MsiExec.exe /X{27968397-2FC3-4D79-BD5D-E6AC44A263FE} VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe Vuze-->C:\Program Files\Vuze\uninstall.exe Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe =====HijackThis Backups===== O4 - HKLM\..\Run: [MSN6.1 Auto-Updater] v6msn.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe ======Hosts File====== 127.0.0.1 www.Merijn.org 127.0.0.1 www.spywareinfo.com 127.0.0.1 www.spybot.info 127.0.0.1 www.viruslist.com 127.0.0.1 www.hijackthis.de 127.0.0.1 www.f-secure.com 127.0.0.1 www.majorgeeks.com 127.0.0.1 www.avp.com 127.0.0.1 www.virustotal.com 127.0.0.1 www.sophos.com System event log Computer Name: edouarPC Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI. Record Number: 8288 Source Name: Service Control Manager Time Written: 20090205071606.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: edouarPC Event Code: 7036 Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution. Record Number: 8287 Source Name: Service Control Manager Time Written: 20090205071606.000000+060 Event Type: Informations User: Computer Name: edouarPC Event Code: 7036 Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution. Record Number: 8286 Source Name: Service Control Manager Time Written: 20090205071606.000000+060 Event Type: Informations User: Computer Name: edouarPC Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness). Record Number: 8285 Source Name: Service Control Manager Time Written: 20090205071606.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: edouarPC Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI. Record Number: 8284 Source Name: Service Control Manager Time Written: 20090205071606.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Application event log Computer Name: edouarPC Event Code: 102 Message: MsnMsgr (1128) \\.\C:\Documents and Settings\edouar\Local Settings\Application Data\Microsoft\Messenger\edouar@hotmail.com\SharingMetadata\Working\database_2CB4_EB97_B4EB_61B6\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0). Record Number: 2164 Source Name: ESENT Time Written: 20090108201230.000000+060 Event Type: Informations User: Computer Name: edouarPC Event Code: 100 Message: MsnMsgr (1128) Le moteur de base de données 5.01.2600.2180 est démarré. Record Number: 2163 Source Name: ESENT Time Written: 20090108201230.000000+060 Event Type: Informations User: Computer Name: edouarPC Event Code: 12001 Message: The Messenger Sharing USN Journal Reader service started successfully. Record Number: 2162 Source Name: usnjsvc Time Written: 20090108201228.000000+060 Event Type: User: Computer Name: edouarPC Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 2161 Source Name: SecurityCenter Time Written: 20090108200943.000000+060 Event Type: Informations User: Computer Name: edouarPC Event Code: 302 Message: MsnMsgr (604) \\.\C:\Documents and Settings\edouar\Local Settings\Application Data\Microsoft\Messenger\edouar@hotmail.com\SharingMetadata\Working\database_2CB4_EB97_B4EB_61B6\dfsr.db: Le moteur de base de données a exécuté la procédure de récupération avec succès. Record Number: 2160 Source Name: ESENT Time Written: 20090108002540.000000+060 Event Type: Informations User: ======Environment variables====== "ARBORPATH"=D:\hyperion\deployed\server "ComSpec"=%SystemRoot%\system32\cmd.exe "EASPATH"=D:\hyperion\deployed\AdminServices "ESSLANG"=French_France.ISO-8859-15@Default "FP_NO_HOST_CHECK"=NO "HYPERION_HOME"=D:\hyperion\deployed "JAVA_HOME"=C:\Program Files\Java\jdk1.6.0_10 "NUMBER_OF_PROCESSORS"=2 "OS"=Windows_NT "Path"=D:\hyperion\deployed\common\SAP\bin;D:\hyperion\deployed\common\SAP\lib;D:\hyperion\deployed\server\bin;%HYPERION_HOME%\common\CSS\9.2.1\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%XMLBEANS_HOME%\bin;%JAVA_HOME%;%HYPERION_HOME%\common\ODBC\Merant\5.2\Drivers;%JAVA_HOME%\bin;C:\Program Files\Fichiers communs\GTK\2.0\bin;C:\Program Files\TortoiseSVN\bin "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel "PROCESSOR_LEVEL"=15 "PROCESSOR_REVISION"=0209 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "windir"=%SystemRoot% "XMLBEANS_HOME"=C:\Program Files\travail\xmlbeans-2.4.0 -----------------EOF-----------------
  7. edouar
    Bonjour, je n'ai point trouvé de sujet en parlant ni de réponse c'est pourquoi je me permet de poster ici. Mon problème est le suivant : Lors du démarrage de Firefox, celui-ci lance des connexions vers le site www.merijn.org. Ma page internet par défaut est about:blank. Donc je trouve le comportement suspect et je suppose que je dois servir pour un D.o.S. vers ce site. J'ai lancé un coup d'Hijackthis et rien de spécial. Pour info : C:\Documents and Settings\edouar>netstat Connexions actives Proto Adresse locale Adresse distante Etat TCP edouarpc:1064 www.Merijn.org:1065 ESTABLISHED TCP edouarpc:1065 www.Merijn.org:1064 ESTABLISHED TCP edouarpc:1067 www.Merijn.org:1068 ESTABLISHED TCP edouarpc:1068 www.Merijn.org:1067 ESTABLISHED Merci pour tout élément de réponse que vous pourrez m'apporter. @+ Edouar
×
×
  • Créer...