Aller au contenu

sophienantes

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    8

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par sophienantes

  1. sophienantes
    C bon, j'ai désinstallé avast et installé antivir et tout à l'air de très bien fonctionner... c super, je te remercie beaucoup pour ton aide Falkra. J'ai lancé un controle du système avec antivir. Je n'ai plus qu'à faire une bonne leçon de moral à mes enfants pour qu'ils ne téléchargent pas tout et n'importe quoi !!! Merci encore. Sophie
  2. sophienantes
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:10:21, on 16/04/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\Windows Live\Family Safety\fsui.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\InstantTimeZone\InstantTimeZone.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Nogues\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user') O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4B565FC8-4023-49DB-B4F4-65F6A2430ED3}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7004 bytes
  3. sophienantes
    Ce que tu appelles le rapport hijackthis c'est le premier que j'ai fait hier ou le second de tout à l'heure ?
  4. sophienantes
    Bonjour, Voici le rapport : ComboFix 09-04-15.08 - Nogues 16/04/2009 16:41.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.685 [GMT 2:00] Lancé depuis: c:\documents and settings\Nogues\Bureau\tralala.exe Commutateurs utilisés :: c:\documents and settings\Nogues\Bureau\CFscript.txt * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASWFSBLK -------\Legacy_ASWSP -------\Service_aswFsBlk -------\Service_aswSP ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-16 au 2009-04-16 )))))))))))))))))))))))))))))))))))) . 2009-04-15 21:56 . 2009-04-15 21:56 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-04-15 20:53 . 2009-04-15 20:53 -------- d-----w c:\windows\system32\Kaspersky Lab 2009-04-15 19:59 . 2009-04-15 20:06 -------- d-----w C:\FindyKill 2009-04-15 19:19 . 2009-04-15 19:19 360580 ----a-w c:\windows\eSellerateEngine.dll 2009-03-18 16:40 . 2009-03-25 21:01 -------- d-----w c:\documents and settings\Nogues\Application Data\Nero 2009-03-18 16:22 . 2009-03-18 16:22 4767 ----a-w c:\windows\Irremote.ini 2009-03-18 15:47 . 2009-04-16 14:43 -------- d-----w c:\documents and settings\Nogues\Tracing 2009-03-18 15:47 . 2009-02-06 16:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys 2009-03-17 19:31 . 2009-03-17 19:31 -------- d-----w c:\documents and settings\Nogues\Application Data\Babylon 2009-03-17 19:31 . 2009-03-17 19:31 -------- d-----w c:\documents and settings\All Users\Application Data\Babylon . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-16 14:32 . 2009-01-14 09:11 -------- d-----w c:\documents and settings\Nogues\Application Data\Skype 2009-04-15 21:04 . 2009-04-15 21:04 -------- d-----w c:\program files\ToniArts 2009-04-15 21:04 . 2008-09-24 16:32 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-15 21:04 . 2009-04-15 21:04 2951802 ----a-w c:\program files\easycleaner_easycleaner_2.0.6.381_francais_11170.exe 2009-04-15 21:01 . 2009-04-15 21:01 1346784 ----a-w c:\program files\EClea2_0.zip 2009-04-15 21:00 . 2009-04-15 21:00 -------- d-----w c:\program files\CCleaner 2009-04-15 21:00 . 2009-04-15 21:00 3190688 ----a-w c:\program files\ccsetup218.exe 2009-04-15 20:26 . 2009-04-15 20:26 904048 ----a-w c:\program files\fsbl.exe 2009-04-15 20:07 . 2001-08-24 12:00 81148 ----a-w c:\windows\system32\perfc00C.dat 2009-04-15 20:07 . 2001-08-24 12:00 501226 ----a-w c:\windows\system32\perfh00C.dat 2009-04-15 19:59 . 2009-04-15 19:59 1699447 ----a-w c:\program files\FindyKill.exe 2009-04-15 19:49 . 2008-09-24 14:30 65312 ----a-w c:\documents and settings\Nogues\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-15 19:44 . 2009-04-15 19:44 1161576 ----a-w c:\program files\wlsetup-custom.exe 2009-04-15 19:43 . 2009-04-15 19:43 128280 ----a-w c:\program files\install_wlsetup-web(2).exe 2009-04-15 19:38 . 2009-04-15 19:36 32911528 ----a-w c:\program files\setupfre.exe 2009-04-15 19:35 . 2008-09-24 18:10 -------- d-----w c:\program files\eMule 2009-04-15 19:15 . 2009-04-15 19:15 -------- d-----w c:\program files\MSNContentPlus 2009-04-15 19:14 . 2009-04-15 19:13 4227899 ----a-w c:\program files\WinksSetup.exe 2009-04-15 17:35 . 2009-04-15 17:35 -------- d-----w c:\program files\MSN BackUp 2009-04-15 17:34 . 2009-04-15 17:34 3301375 ----a-w c:\program files\mcoinstaller.zip 2009-04-15 17:33 . 2009-04-15 17:33 22903 ----a-w c:\program files\AddEmoticons47w.zip 2009-04-15 17:27 . 2009-04-15 17:27 42823 ----a-w c:\program files\23.MCO 2009-04-15 17:27 . 2009-04-15 17:27 107321 ----a-w c:\program files\44.MCO 2009-04-15 17:27 . 2009-04-15 17:27 50264 ----a-w c:\program files\67.MCO 2009-04-15 17:27 . 2009-04-15 17:27 96345 ----a-w c:\program files\64.MCO 2009-04-15 17:27 . 2009-04-15 17:27 21915 ----a-w c:\program files\60.MCO 2009-04-15 17:27 . 2009-04-15 17:27 58916 ----a-w c:\program files\66.MCO 2009-04-15 17:27 . 2009-04-15 17:27 15554 ----a-w c:\program files\29.MCO 2009-04-15 17:25 . 2009-04-15 17:25 38645 ----a-w c:\program files\18.MCO 2009-04-15 17:18 . 2009-04-15 17:18 89760 ----a-w c:\program files\121.mco 2009-04-15 17:08 . 2009-04-15 17:08 26115 ----a-w c:\program files\123.mco 2009-04-15 17:06 . 2009-04-15 17:06 93791 ----a-w c:\program files\474.exe 2009-04-15 17:05 . 2009-04-15 17:05 72660 ----a-w c:\program files\amour011.MCO 2009-04-15 17:05 . 2009-04-15 17:05 132826 ----a-w c:\program files\amour010.MCO 2009-04-15 17:05 . 2009-04-15 17:05 160618 ----a-w c:\program files\amour014.MCO 2009-04-15 17:05 . 2009-04-15 17:05 106750 ----a-w c:\program files\amour016.MCO 2009-04-15 17:04 . 2009-04-15 17:04 156759 ----a-w c:\program files\amour013.MCO 2009-04-15 16:57 . 2009-04-15 16:57 105571 ----a-w c:\program files\a078.MCO 2009-04-15 16:57 . 2009-04-15 16:57 40224 ----a-w c:\program files\a072.MCO 2009-04-15 16:57 . 2009-04-15 16:57 66648 ----a-w c:\program files\a064.MCO 2009-04-15 16:56 . 2009-04-15 16:56 19758 ----a-w c:\program files\a061.MCO 2009-04-15 16:56 . 2009-04-15 16:56 37632 ----a-w c:\program files\a059.MCO 2009-04-15 16:56 . 2009-04-15 16:56 54297 ----a-w c:\program files\a058.MCO 2009-04-15 16:56 . 2009-04-15 16:56 32732 ----a-w c:\program files\a051.MCO 2009-04-15 16:56 . 2009-04-15 16:56 98610 ----a-w c:\program files\a050.MCO 2009-04-15 16:56 . 2009-04-15 16:56 8581 ----a-w c:\program files\a048.MCO 2009-04-15 16:55 . 2009-04-15 16:55 9777 ----a-w c:\program files\a042.MCO 2009-04-15 16:55 . 2009-04-15 16:55 10012 ----a-w c:\program files\a041.MCO 2009-04-15 14:37 . 2009-04-15 14:37 72011 ----a-w c:\program files\a007.MCO 2009-04-15 14:36 . 2009-04-15 14:36 48304 ----a-w c:\program files\385.MCO 2009-04-15 14:35 . 2009-04-15 14:35 178377 ----a-w c:\program files\343.MCO 2009-04-15 14:35 . 2009-04-15 14:35 162822 ----a-w c:\program files\337.MCO 2009-04-15 14:35 . 2009-04-15 14:35 142099 ----a-w c:\program files\336.MCO 2009-04-15 14:34 . 2009-04-15 14:34 152316 ----a-w c:\program files\297.MCO 2009-04-15 14:33 . 2009-04-15 14:33 149946 ----a-w c:\program files\287.MCO 2009-04-15 14:33 . 2009-04-15 14:33 138693 ----a-w c:\program files\286.MCO 2009-04-15 14:33 . 2009-04-15 14:33 134139 ----a-w c:\program files\285.MCO 2009-04-15 14:33 . 2009-04-15 14:33 111769 ----a-w c:\program files\283.MCO 2009-04-15 14:33 . 2009-04-15 14:33 106383 ----a-w c:\program files\281.MCO 2009-04-15 14:33 . 2009-04-15 14:33 89553 ----a-w c:\program files\280.MCO 2009-04-15 14:32 . 2009-04-15 14:32 98795 ----a-w c:\program files\255.MCO 2009-04-15 14:32 . 2009-04-15 14:32 184364 ----a-w c:\program files\256.MCO 2009-04-15 14:32 . 2009-04-15 14:32 92370 ----a-w c:\program files\258.MCO 2009-04-15 14:32 . 2009-04-15 14:32 57730 ----a-w c:\program files\191.MCO 2009-04-15 14:29 . 2009-04-15 14:29 62148 ----a-w c:\program files\168.MCO 2009-04-15 14:29 . 2009-04-15 14:29 36035 ----a-w c:\program files\179.MCO 2009-04-15 14:29 . 2009-04-15 14:29 180464 ----a-w c:\program files\175.MCO 2009-04-15 14:29 . 2009-04-15 14:29 59266 ----a-w c:\program files\173.MCO 2009-04-15 14:29 . 2009-04-15 14:29 75581 ----a-w c:\program files\167.MCO 2009-04-15 14:29 . 2009-04-15 14:29 25669 ----a-w c:\program files\169.MCO 2009-04-15 14:28 . 2009-04-15 14:28 37167 ----a-w c:\program files\165.MCO 2009-04-15 14:28 . 2009-04-15 14:28 67235 ----a-w c:\program files\147.MCO 2009-04-15 14:28 . 2009-04-15 14:28 34826 ----a-w c:\program files\145.MCO 2009-04-15 14:28 . 2009-04-15 14:28 45198 ----a-w c:\program files\136.MCO 2009-04-15 14:28 . 2009-04-15 14:28 41448 ----a-w c:\program files\127.MCO 2009-04-15 14:27 . 2009-04-15 14:27 89424 ----a-w c:\program files\128.MCO 2009-04-15 14:27 . 2009-04-15 14:27 29127 ----a-w c:\program files\129.MCO 2009-04-15 14:27 . 2009-04-15 14:27 125430 ----a-w c:\program files\114.MCO 2009-04-15 14:27 . 2009-04-15 14:27 62992 ----a-w c:\program files\120.MCO 2009-04-15 14:27 . 2009-04-15 14:27 75996 ----a-w c:\program files\112.MCO 2009-04-15 14:26 . 2009-04-15 14:26 31249 ----a-w c:\program files\073.MCO 2009-04-15 14:26 . 2009-04-15 14:26 179892 ----a-w c:\program files\068.MCO 2009-04-15 14:26 . 2009-04-15 14:26 30264 ----a-w c:\program files\066.MCO 2009-04-15 14:25 . 2009-04-15 14:25 22639 ----a-w c:\program files\054.MCO 2009-04-15 14:24 . 2009-04-15 14:24 42957 ----a-w c:\program files\039.MCO 2009-04-15 14:21 . 2009-04-15 14:21 181888 ----a-w c:\program files\336.exe 2009-04-15 14:20 . 2009-04-15 14:20 202611 ----a-w c:\program files\337.exe 2009-04-15 14:19 . 2009-04-15 14:19 111434 ----a-w c:\program files\404.exe 2009-04-15 14:17 . 2009-04-15 14:17 132182 ----a-w c:\program files\clin258.exe 2009-04-15 14:16 . 2009-04-15 14:16 65466 ----a-w c:\program files\clin169.exe 2009-04-15 14:15 . 2009-04-15 14:15 124019 ----a-w c:\program files\clin123.exe 2009-04-15 14:13 . 2009-04-15 14:14 77260 ----a-w c:\program files\clin0051.exe 2009-04-15 14:13 . 2009-04-15 14:13 77260 ----a-w c:\program files\clin005.exe 2009-04-15 14:13 . 2009-04-15 14:13 136157 ----a-w c:\program files\clin028.exe 2009-04-15 13:49 . 2009-04-15 13:49 233127 ----a-w c:\program files\content11.mco 2009-04-15 13:49 . 2009-04-15 13:49 50011 ----a-w c:\program files\content10.mco 2009-04-15 13:49 . 2009-04-15 13:49 209819 ----a-w c:\program files\content9.mco 2009-04-15 13:48 . 2009-04-15 13:48 209819 ----a-w c:\program files\content8.mco 2009-04-15 13:48 . 2009-04-15 13:48 26633 ----a-w c:\program files\content7.mco 2009-04-15 13:48 . 2009-04-15 13:48 61795 ----a-w c:\program files\content6.mco 2009-04-15 19:2008-09-24 18:08 25:40 . c:\program files\mozilla firefox\components\jar50.dll 2009-04-15 19:2008-09-24 18:08 25:41 . c:\program files\mozilla firefox\components\jsd3250.dll 2009-04-15 19:2008-09-24 18:08 25:41 . c:\program files\mozilla firefox\components\myspell.dll 2009-04-15 19:2008-09-24 18:08 25:42 . c:\program files\mozilla firefox\components\spellchk.dll 2009-04-15 19:2008-09-24 18:08 25:42 . c:\program files\mozilla firefox\components\xpinstal.dll . ------- Sigcheck ------- [-] 2006-03-09 08:25 578048 0DF75FB73F705B011630159A43D7C354 c:\windows\system32\user32.dll [-] 2006-04-12 18:13 667648 241DBC4C2714B2F39AFDED49459ED420 c:\windows\system32\wininet.dll [-] 2006-02-14 19:56 359808 667192A11DB19F36624119C0DD4DE4F2 c:\windows\system32\drivers\tcpip.sys [-] 2006-05-09 08:11 2017280 50B3A210B6FA8D3089A36A32E7D8B21F c:\windows\system32\ntkrnlpa.exe [-] 2006-03-09 08:25 2137600 E75F7AA5A33479F29C636FD0890F5762 c:\windows\system32\ntoskrnl.exe [-] 2006-03-09 08:25 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe . ((((((((((((((((((((((((((((( SnapShot@2009-04-15_21.59.51 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-16 14:42 . 2005-10-20 18:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE + 2009-04-15 22:32 . 2009-04-15 22:32 634880 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\542de0d1b6e269c35169bb0ebe60158e\WindowsLiveLocal.WriterPlugin.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 634880 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\542de0d1b6e269c35169bb0ebe60158e\WindowsLiveLocal.WriterPlugin.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 139264 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f7763f69f454e8d98998951f805eed06\WindowsLive.Writer.FileDestinations.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 139264 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f7763f69f454e8d98998951f805eed06\WindowsLive.Writer.FileDestinations.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 348160 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e606ee5c083456b61f01863dca1a33ed\WindowsLive.Writer.Interop.SHDocVw.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 348160 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e606ee5c083456b61f01863dca1a33ed\WindowsLive.Writer.Interop.SHDocVw.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 131072 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e2ba25e018ed3ecdac82978053eae744\WindowsLive.Writer.Passport.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 131072 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e2ba25e018ed3ecdac82978053eae744\WindowsLive.Writer.Passport.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\df877561c9bfcef447d163451d1e9faf\WindowsLive.Writer.Instrumentation.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\df877561c9bfcef447d163451d1e9faf\WindowsLive.Writer.Instrumentation.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 376832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d5a8a22065837bde5abaddca1bd1210e\WindowsLive.Writer.SpellChecker.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 376832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d5a8a22065837bde5abaddca1bd1210e\WindowsLive.Writer.SpellChecker.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 335872 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c25e8c74456a5b7340589a5457c22e35\WindowsLive.Writer.Interop.Mshtml.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 335872 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c25e8c74456a5b7340589a5457c22e35\WindowsLive.Writer.Interop.Mshtml.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 200704 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b3217fa87ed1f8e3d8c5da5971eb51ed\WindowsLive.Writer.BrowserControl.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 200704 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b3217fa87ed1f8e3d8c5da5971eb51ed\WindowsLive.Writer.BrowserControl.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 335872 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\acc3759bf6558b7b3f1f07960b9db27d\WindowsLive.Writer.Interop.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 335872 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\acc3759bf6558b7b3f1f07960b9db27d\WindowsLive.Writer.Interop.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 143360 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a82a16758b71291ebf35c64216f1546b\WindowsLive.Writer.Extensibility.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 143360 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a82a16758b71291ebf35c64216f1546b\WindowsLive.Writer.Extensibility.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 475136 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8af8a8ba37744d09a028566829f9e964\WindowsLive.Writer.Localization.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 475136 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8af8a8ba37744d09a028566829f9e964\WindowsLive.Writer.Localization.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 282624 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\70714e6d0c656df3792d9c44c214adaf\WindowsLive.Writer.Mshtml.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 282624 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\70714e6d0c656df3792d9c44c214adaf\WindowsLive.Writer.Mshtml.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 176128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\43bc7d79650bc43f9a143dfeeebf4549\WindowsLive.Writer.HtmlParser.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 176128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\43bc7d79650bc43f9a143dfeeebf4549\WindowsLive.Writer.HtmlParser.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 114688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3f11652952fd2f51b7506879343f7289\WindowsLive.Writer.Api.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 114688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3f11652952fd2f51b7506879343f7289\WindowsLive.Writer.Api.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 921600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3b2a6aa0a2758d21b155fea5a498d9c3\WindowsLive.Writer.BlogClient.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 921600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3b2a6aa0a2758d21b155fea5a498d9c3\WindowsLive.Writer.BlogClient.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 634880 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\30e26e6fc391e51fcf4ad24d0097aebb\WindowsLive.Writer.HtmlEditor.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 634880 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\30e26e6fc391e51fcf4ad24d0097aebb\WindowsLive.Writer.HtmlEditor.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 868352 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\21bf88d832fad106823d5e3fb7715cdb\WindowsLive.Writer.Controls.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 868352 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\21bf88d832fad106823d5e3fb7715cdb\WindowsLive.Writer.Controls.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\0024607ccdb9930d0e82f4289d386489\WindowsLive.Client.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\0024607ccdb9930d0e82f4289d386489\WindowsLive.Client.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 2080768 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a39ca3f05b95dfca526e39353ba86c48\WindowsLive.Writer.CoreServices.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 2080768 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a39ca3f05b95dfca526e39353ba86c48\WindowsLive.Writer.CoreServices.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 1155072 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\25879a16bea29a61420a05639017bd3e\WindowsLive.Writer.ApplicationFramework.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 1155072 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\25879a16bea29a61420a05639017bd3e\WindowsLive.Writer.ApplicationFramework.ni.dll + 2009-04-15 22:32 . 2009-04-15 22:32 6492160 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0d92e2974417f7e8a81827e43479f0dd\WindowsLive.Writer.PostEditor.ni.dll - 2009-03-18 17:11 . 2009-03-18 17:11 6492160 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0d92e2974417f7e8a81827e43479f0dd\WindowsLive.Writer.PostEditor.ni.dll . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 86016] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-04-15 81000] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-08-01 1630208] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-09 16851968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "Config"="c:\windows\system32\run.cmd" [2006-02-14 248] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-11 323646] InstantTimeZone.lnk - c:\program files\InstantTimeZone\InstantTimeZone.exe [2008-12-27 1687738] officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-11 147456] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoStrCmpLogical"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "SecondLevelDataCache"=dword:00000200 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [2006-07-31 580992] R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2008-08-04 33808] S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152] S2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] . Contenu du dossier 'Tâches planifiées' 2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-04-07 c:\windows\Tasks\FRU Task 2002-06-11 17:56ewlett-Packard2002-06-11 17:56p psc 2100 series0873DBB30DAF953F7DCEA1BDCC4F78BFDB130745231344240.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 09:56] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {4B565FC8-4023-49DB-B4F4-65F6A2430ED3} = 192.168.1.1 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Nogues\Application Data\Mozilla\Firefox\Profiles\oszksumd.default\ FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-16 16:43 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2948) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe c:\windows\system32\HPZipm12.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe . ************************************************************************** . Heure de fin: 2009-04-16 16:44 - La machine a redémarré ComboFix-quarantined-files.txt 2009-04-16 14:44 ComboFix2.txt 2009-04-15 22:00 Avant-CF: 100 649 484 288 octets libres Après-CF: 100 594 147 328 octets libres 317
  5. sophienantes
    Mes enfants ont en effet installé des winks pour msn.... Quand à la mémoire virtuelle... je suis un peu larguée là.... suis vraiment pas une pro de l'informatique....
  6. sophienantes
    Voici le rapport : ComboFix 09-04-15.08 - Nogues 15/04/2009 23:58.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.647 [GMT 2:00] Lancé depuis: c:\documents and settings\Nogues\Bureau\tralala.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\msnimport.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-15 au 2009-04-15 )))))))))))))))))))))))))))))))))))) . 2009-04-15 21:56 . 2009-04-15 21:56 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-04-15 20:53 . 2009-04-15 20:53 -------- d-----w c:\windows\system32\Kaspersky Lab 2009-04-15 20:53 . 2009-04-15 20:53 -------- d-----w c:\windows\LastGood 2009-04-15 19:59 . 2009-04-15 20:06 -------- d-----w C:\FindyKill 2009-04-15 19:19 . 2009-04-15 19:19 360580 ----a-w c:\windows\eSellerateEngine.dll 2009-03-18 16:40 . 2009-03-25 21:01 -------- d-----w c:\documents and settings\Nogues\Application Data\Nero 2009-03-18 16:22 . 2009-03-18 16:22 4767 ----a-w c:\windows\Irremote.ini 2009-03-18 15:47 . 2009-04-15 20:17 -------- d-----w c:\documents and settings\Nogues\Tracing 2009-03-18 15:47 . 2009-02-06 16:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys 2009-03-17 19:31 . 2009-03-17 19:31 -------- d-----w c:\documents and settings\Nogues\Application Data\Babylon 2009-03-17 19:31 . 2009-03-17 19:31 -------- d-----w c:\documents and settings\All Users\Application Data\Babylon . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-15 21:04 . 2009-04-15 21:04 -------- d-----w c:\program files\ToniArts 2009-04-15 21:04 . 2008-09-24 16:32 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-15 21:04 . 2009-04-15 21:04 2951802 ----a-w c:\program files\easycleaner_easycleaner_2.0.6.381_francais_11170.exe 2009-04-15 21:01 . 2009-04-15 21:01 1346784 ----a-w c:\program files\EClea2_0.zip 2009-04-15 21:00 . 2009-04-15 21:00 -------- d-----w c:\program files\CCleaner 2009-04-15 21:00 . 2009-04-15 21:00 3190688 ----a-w c:\program files\ccsetup218.exe 2009-04-15 20:26 . 2009-04-15 20:26 904048 ----a-w c:\program files\fsbl.exe 2009-04-15 20:17 . 2009-01-14 09:11 -------- d-----w c:\documents and settings\Nogues\Application Data\Skype 2009-04-15 20:07 . 2001-08-24 12:00 81148 ----a-w c:\windows\system32\perfc00C.dat 2009-04-15 20:07 . 2001-08-24 12:00 501226 ----a-w c:\windows\system32\perfh00C.dat 2009-04-15 19:59 . 2009-04-15 19:59 1699447 ----a-w c:\program files\FindyKill.exe 2009-04-15 19:49 . 2008-09-24 14:30 65312 ----a-w c:\documents and settings\Nogues\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-15 19:44 . 2009-04-15 19:44 1161576 ----a-w c:\program files\wlsetup-custom.exe 2009-04-15 19:43 . 2009-04-15 19:43 128280 ----a-w c:\program files\install_wlsetup-web(2).exe 2009-04-15 19:38 . 2009-04-15 19:36 32911528 ----a-w c:\program files\setupfre.exe 2009-04-15 19:35 . 2008-09-24 18:10 -------- d-----w c:\program files\eMule 2009-04-15 19:15 . 2009-04-15 19:15 -------- d-----w c:\program files\MSNContentPlus 2009-04-15 19:14 . 2009-04-15 19:13 4227899 ----a-w c:\program files\WinksSetup.exe 2009-04-15 17:35 . 2009-04-15 17:35 -------- d-----w c:\program files\MSN BackUp 2009-04-15 17:34 . 2009-04-15 17:34 3301375 ----a-w c:\program files\mcoinstaller.zip 2009-04-15 17:33 . 2009-04-15 17:33 22903 ----a-w c:\program files\AddEmoticons47w.zip 2009-04-15 17:27 . 2009-04-15 17:27 42823 ----a-w c:\program files\23.MCO 2009-04-15 17:27 . 2009-04-15 17:27 107321 ----a-w c:\program files\44.MCO 2009-04-15 17:27 . 2009-04-15 17:27 50264 ----a-w c:\program files\67.MCO 2009-04-15 17:27 . 2009-04-15 17:27 96345 ----a-w c:\program files\64.MCO 2009-04-15 17:27 . 2009-04-15 17:27 21915 ----a-w c:\program files\60.MCO 2009-04-15 17:27 . 2009-04-15 17:27 58916 ----a-w c:\program files\66.MCO 2009-04-15 17:27 . 2009-04-15 17:27 15554 ----a-w c:\program files\29.MCO 2009-04-15 17:25 . 2009-04-15 17:25 38645 ----a-w c:\program files\18.MCO 2009-04-15 17:18 . 2009-04-15 17:18 89760 ----a-w c:\program files\121.mco 2009-04-15 17:08 . 2009-04-15 17:08 26115 ----a-w c:\program files\123.mco 2009-04-15 17:06 . 2009-04-15 17:06 93791 ----a-w c:\program files\474.exe 2009-04-15 17:05 . 2009-04-15 17:05 72660 ----a-w c:\program files\amour011.MCO 2009-04-15 17:05 . 2009-04-15 17:05 132826 ----a-w c:\program files\amour010.MCO 2009-04-15 17:05 . 2009-04-15 17:05 160618 ----a-w c:\program files\amour014.MCO 2009-04-15 17:05 . 2009-04-15 17:05 106750 ----a-w c:\program files\amour016.MCO 2009-04-15 17:04 . 2009-04-15 17:04 156759 ----a-w c:\program files\amour013.MCO 2009-04-15 16:57 . 2009-04-15 16:57 105571 ----a-w c:\program files\a078.MCO 2009-04-15 16:57 . 2009-04-15 16:57 40224 ----a-w c:\program files\a072.MCO 2009-04-15 16:57 . 2009-04-15 16:57 66648 ----a-w c:\program files\a064.MCO 2009-04-15 16:56 . 2009-04-15 16:56 19758 ----a-w c:\program files\a061.MCO 2009-04-15 16:56 . 2009-04-15 16:56 37632 ----a-w c:\program files\a059.MCO 2009-04-15 16:56 . 2009-04-15 16:56 54297 ----a-w c:\program files\a058.MCO 2009-04-15 16:56 . 2009-04-15 16:56 32732 ----a-w c:\program files\a051.MCO 2009-04-15 16:56 . 2009-04-15 16:56 98610 ----a-w c:\program files\a050.MCO 2009-04-15 16:56 . 2009-04-15 16:56 8581 ----a-w c:\program files\a048.MCO 2009-04-15 16:55 . 2009-04-15 16:55 9777 ----a-w c:\program files\a042.MCO 2009-04-15 16:55 . 2009-04-15 16:55 10012 ----a-w c:\program files\a041.MCO 2009-04-15 14:37 . 2009-04-15 14:37 72011 ----a-w c:\program files\a007.MCO 2009-04-15 14:36 . 2009-04-15 14:36 48304 ----a-w c:\program files\385.MCO 2009-04-15 14:35 . 2009-04-15 14:35 178377 ----a-w c:\program files\343.MCO 2009-04-15 14:35 . 2009-04-15 14:35 162822 ----a-w c:\program files\337.MCO 2009-04-15 14:35 . 2009-04-15 14:35 142099 ----a-w c:\program files\336.MCO 2009-04-15 14:34 . 2009-04-15 14:34 152316 ----a-w c:\program files\297.MCO 2009-04-15 14:33 . 2009-04-15 14:33 149946 ----a-w c:\program files\287.MCO 2009-04-15 14:33 . 2009-04-15 14:33 138693 ----a-w c:\program files\286.MCO 2009-04-15 14:33 . 2009-04-15 14:33 134139 ----a-w c:\program files\285.MCO 2009-04-15 14:33 . 2009-04-15 14:33 111769 ----a-w c:\program files\283.MCO 2009-04-15 14:33 . 2009-04-15 14:33 106383 ----a-w c:\program files\281.MCO 2009-04-15 14:33 . 2009-04-15 14:33 89553 ----a-w c:\program files\280.MCO 2009-04-15 14:32 . 2009-04-15 14:32 98795 ----a-w c:\program files\255.MCO 2009-04-15 14:32 . 2009-04-15 14:32 184364 ----a-w c:\program files\256.MCO 2009-04-15 14:32 . 2009-04-15 14:32 92370 ----a-w c:\program files\258.MCO 2009-04-15 14:32 . 2009-04-15 14:32 57730 ----a-w c:\program files\191.MCO 2009-04-15 14:29 . 2009-04-15 14:29 62148 ----a-w c:\program files\168.MCO 2009-04-15 14:29 . 2009-04-15 14:29 36035 ----a-w c:\program files\179.MCO 2009-04-15 14:29 . 2009-04-15 14:29 180464 ----a-w c:\program files\175.MCO 2009-04-15 14:29 . 2009-04-15 14:29 59266 ----a-w c:\program files\173.MCO 2009-04-15 14:29 . 2009-04-15 14:29 75581 ----a-w c:\program files\167.MCO 2009-04-15 14:29 . 2009-04-15 14:29 25669 ----a-w c:\program files\169.MCO 2009-04-15 14:28 . 2009-04-15 14:28 37167 ----a-w c:\program files\165.MCO 2009-04-15 14:28 . 2009-04-15 14:28 67235 ----a-w c:\program files\147.MCO 2009-04-15 14:28 . 2009-04-15 14:28 34826 ----a-w c:\program files\145.MCO 2009-04-15 14:28 . 2009-04-15 14:28 45198 ----a-w c:\program files\136.MCO 2009-04-15 14:28 . 2009-04-15 14:28 41448 ----a-w c:\program files\127.MCO 2009-04-15 14:27 . 2009-04-15 14:27 89424 ----a-w c:\program files\128.MCO 2009-04-15 14:27 . 2009-04-15 14:27 29127 ----a-w c:\program files\129.MCO 2009-04-15 14:27 . 2009-04-15 14:27 125430 ----a-w c:\program files\114.MCO 2009-04-15 14:27 . 2009-04-15 14:27 62992 ----a-w c:\program files\120.MCO 2009-04-15 14:27 . 2009-04-15 14:27 75996 ----a-w c:\program files\112.MCO 2009-04-15 14:26 . 2009-04-15 14:26 31249 ----a-w c:\program files\073.MCO 2009-04-15 14:26 . 2009-04-15 14:26 179892 ----a-w c:\program files\068.MCO 2009-04-15 14:26 . 2009-04-15 14:26 30264 ----a-w c:\program files\066.MCO 2009-04-15 14:25 . 2009-04-15 14:25 22639 ----a-w c:\program files\054.MCO 2009-04-15 14:24 . 2009-04-15 14:24 42957 ----a-w c:\program files\039.MCO 2009-04-15 14:21 . 2009-04-15 14:21 181888 ----a-w c:\program files\336.exe 2009-04-15 14:20 . 2009-04-15 14:20 202611 ----a-w c:\program files\337.exe 2009-04-15 14:19 . 2009-04-15 14:19 111434 ----a-w c:\program files\404.exe 2009-04-15 14:17 . 2009-04-15 14:17 132182 ----a-w c:\program files\clin258.exe 2009-04-15 14:16 . 2009-04-15 14:16 65466 ----a-w c:\program files\clin169.exe 2009-04-15 14:15 . 2009-04-15 14:15 124019 ----a-w c:\program files\clin123.exe 2009-04-15 14:13 . 2009-04-15 14:14 77260 ----a-w c:\program files\clin0051.exe 2009-04-15 14:13 . 2009-04-15 14:13 77260 ----a-w c:\program files\clin005.exe 2009-04-15 14:13 . 2009-04-15 14:13 136157 ----a-w c:\program files\clin028.exe 2009-04-15 13:49 . 2009-04-15 13:49 233127 ----a-w c:\program files\content11.mco 2009-04-15 13:49 . 2009-04-15 13:49 50011 ----a-w c:\program files\content10.mco 2009-04-15 13:49 . 2009-04-15 13:49 209819 ----a-w c:\program files\content9.mco 2009-04-15 13:48 . 2009-04-15 13:48 209819 ----a-w c:\program files\content8.mco 2009-04-15 13:48 . 2009-04-15 13:48 26633 ----a-w c:\program files\content7.mco 2009-04-15 13:48 . 2009-04-15 13:48 61795 ----a-w c:\program files\content6.mco 2009-04-15 19:2008-09-24 18:08 25:40 . c:\program files\mozilla firefox\components\jar50.dll 2009-04-15 19:2008-09-24 18:08 25:41 . c:\program files\mozilla firefox\components\jsd3250.dll 2009-04-15 19:2008-09-24 18:08 25:41 . c:\program files\mozilla firefox\components\myspell.dll 2009-04-15 19:2008-09-24 18:08 25:42 . c:\program files\mozilla firefox\components\spellchk.dll 2009-04-15 19:2008-09-24 18:08 25:42 . c:\program files\mozilla firefox\components\xpinstal.dll . ------- Sigcheck ------- [-] 2006-03-09 08:25 578048 0DF75FB73F705B011630159A43D7C354 c:\windows\system32\user32.dll [-] 2006-04-12 18:13 667648 241DBC4C2714B2F39AFDED49459ED420 c:\windows\system32\wininet.dll [-] 2006-02-14 19:56 359808 667192A11DB19F36624119C0DD4DE4F2 c:\windows\system32\drivers\tcpip.sys [-] 2006-05-09 08:11 2017280 50B3A210B6FA8D3089A36A32E7D8B21F c:\windows\system32\ntkrnlpa.exe [-] 2006-03-09 08:25 2137600 E75F7AA5A33479F29C636FD0890F5762 c:\windows\system32\ntoskrnl.exe [-] 2006-03-09 08:25 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 86016] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-04-15 81000] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-08-01 1630208] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-09 16851968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "Config"="c:\windows\system32\run.cmd" [2006-02-14 248] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-11 323646] InstantTimeZone.lnk - c:\program files\InstantTimeZone\InstantTimeZone.exe [2008-12-27 1687738] officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-11 147456] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoStrCmpLogical"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "DisablePagingExecutive"=dword:00000001 "SecondLevelDataCache"=dword:00000200 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 aswSP;avast! Self Protection; [x] R2 aswFsBlk;aswFsBlk; [x] R3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [2006-07-31 580992] R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2008-08-04 33808] S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152] S2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] . Contenu du dossier 'Tâches planifiées' 2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-04-07 c:\windows\Tasks\FRU Task 2002-06-11 17:56ewlett-Packard2002-06-11 17:56p psc 2100 series0873DBB30DAF953F7DCEA1BDCC4F78BFDB130745231344240.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 09:56] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {4B565FC8-4023-49DB-B4F4-65F6A2430ED3} = 192.168.1.1 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Nogues\Application Data\Mozilla\Firefox\Profiles\oszksumd.default\ FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-15 23:59 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2009-04-15 0:00 ComboFix-quarantined-files.txt 2009-04-15 22:00 Avant-CF: 100 603 146 240 octets libres Après-CF: 100 627 603 456 octets libres 242
  7. sophienantes
    En fait, je n'ai plus le petit logo avast dans la barre de taches en bas de l'écran et si je fais "ouvrir" avast antivirus j'ai ce message : C:\Program Files\Alwil Software\Avast4\ashAvast.exe n'est pas une application Win32 valide.
  8. sophienantes
    Bonsoir, voici mon problème : J'ai chopé une saloperie qui bloque avast.. je ne suis pas experte en informatique, c pour cette raison que je vous demande votre aide... Merci par avance pour vos précieux conseils... Sophie
×
×
  • Créer...