Aller au contenu

Eric_Eva88

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    15

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    Français

Eric_Eva88's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Eric_Eva88
    Bon j'ai été dans tools, choisi "Repair permissions" comme le popup au début me l'a indiqué, et maintenant il indique dans le bas du programe : "Stopping CRYPTSVC"
  2. Eric_Eva88
    Bonjour, merci Falkra et désolé pour le retard... Apparement il reste bloqué sur "Empty System32\Catroot2 ca fait quelques minutes maintenant
  3. Eric_Eva88
    Bonjour et merci beaucoup Thorgal. En suivant la procédure décrite, je ne trouve pas de section "Cryptography". Impossible donc de supprimer les clefs. Et concernant le changement de lettre du lecteur, il y a des lignes et des valeurs, mais ne sont pas vraiment compréhensibles...
  4. Eric_Eva88
    Bonjour à tous. J'ai un problème avec le site https://update.microsoft.com/windowsupdate/...ault.aspx?ln=fr Je lui demande de faire une mise à jour rapide mais le voyou me donne une erreur 0x80070002 ; Merci pour votre aide et votre considération. Eric.
  5. Eric_Eva88
    Bonjour! Voila le dernier hijackthis. l'ordi va beaucoup mieux. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:55:16, on 1/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Java\jre6\bin\javaw.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.be/"]http://www.google.be/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Chrome copyright - {aff01325-0fc2-4749-8914-fbf0565ad9cc} - jbnmck.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: SparkAngels.lnk = ? O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url="http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab"]http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab[/url] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url] O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 7566 bytes Merci beaucoup !
  6. Eric_Eva88
    Voili voilou ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== C:\tj.vbs moved successfully. File/Folder c:\autorun.inf not found. File/Folder d:\autorun.inf not found. ========== SERVICES/DRIVERS ========== Service\Driver 712fcc4 deleted successfully. Service\Driver ovfsthxebkjfidh not found. Service\Driver key ovfsthxebkjfidh deleted successfully. ========== COMMANDS ========== Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05312009_011747
  7. Eric_Eva88
    De 2 : info.txt logfile of random's system information tool 1.06 2009-05-31 00:25:56 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001} Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF} h-base-->C:\WINDOWS\st6unst.exe -n "C:\HBSwin02\ST6UNST.LOG" HijackThis 2.0.2-->"C:\Documents and Settings\Propriétaire\Bureau\hijackthis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Extended Capabilities 4.7-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC} HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB} Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D} Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582 Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Access 2002 Runtime-->MsiExec.exe /I{901C040C-6000-11D3-8CFE-0050048383C9} Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E} Microsoft Corporation-->MsiExec.exe /I{7B08D306-7266-4647-A926-2F78817ED1E0} Microsoft LifeCam-->MsiExec.exe /X{6BCB7EAA-598C-4836-B7EA-3642E41AA222} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe mongrossiste-->C:\WINDOWS\st6unst.exe -n "C:\HBSwin02\ST6UNST.LOG" Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08} OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{25E98ECB-5727-408E-B30A-2CAF86F5B310} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung\SSCDUninstall.exe Samsung Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung\SSM_Uninstall.exe Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly Samsung PC Studio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Services Off-line de Home'Bank 4.53-->"C:\Program Files\ING\Off-line\unins000.exe" SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004} ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657} Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C} Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E} Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" YesMessenger 2.2.40-->"C:\Program Files\YesMessenger\unins000.exe" ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe ======Security center information====== AV: AntiVir Desktop FW: ZoneAlarm Firewall ======System event log====== Computer Name: 0800-226C95D05D Event Code: 59 Message: Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système. . Record Number: 11990 Source Name: SideBySide Time Written: 20090518094117.000000+120 Event Type: error User: Computer Name: 0800-226C95D05D Event Code: 32 Message: L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé. La dernière erreur était L'assemblage référencé n'est pas installé sur votre système. Record Number: 11989 Source Name: SideBySide Time Written: 20090518094117.000000+120 Event Type: error User: Computer Name: 0800-226C95D05D Event Code: 59 Message: Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\MFC80.DLL. Message d'erreur de référence : Opération réussie. . Record Number: 11898 Source Name: SideBySide Time Written: 20090518084117.000000+120 Event Type: error User: Computer Name: 0800-226C95D05D Event Code: 59 Message: Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système. . Record Number: 11897 Source Name: SideBySide Time Written: 20090518084117.000000+120 Event Type: error User: Computer Name: 0800-226C95D05D Event Code: 32 Message: L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé. La dernière erreur était L'assemblage référencé n'est pas installé sur votre système. Record Number: 11896 Source Name: SideBySide Time Written: 20090518084117.000000+120 Event Type: error User: =====Application event log===== Computer Name: 0800-226C95D05D Event Code: 1001 Message: Détecteur d'erreurs 1015682910. Record Number: 485 Source Name: Application Hang Time Written: 20081215104451.000000+060 Event Type: error User: Computer Name: 0800-226C95D05D Event Code: 1002 Message: Application bloquée iexplore.exe, version 7.0.6000.16762, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Record Number: 484 Source Name: Application Hang Time Written: 20081215104449.000000+060 Event Type: error User: Computer Name: 0800-226C95D05D Event Code: 1002 Message: Application bloquée iexplore.exe, version 7.0.6000.16762, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Record Number: 483 Source Name: Application Hang Time Written: 20081215104448.000000+060 Event Type: error User: Computer Name: 0800-226C95D05D Event Code: 5000 Message: Record Number: 479 Source Name: Windows Live Messenger Beta Time Written: 20081210235032.000000+060 Event Type: error User: Computer Name: 0800-226C95D05D Event Code: 1002 Message: Application bloquée msnmsgr.exe, version 14.0.5027.908, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Record Number: 478 Source Name: Application Hang Time Written: 20081210135558.000000+060 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Bitvise Tunnelier "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel "PROCESSOR_REVISION"=0401 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "tvdumpflags"=8 -----------------EOF-----------------
  8. Eric_Eva88
    De 1 Logfile of random's system information tool 1.06 (written by random/random) Run by Propriétaire at 2009-05-31 00:25:45 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 25 GB (66%) free of 38 GB Total RAM: 1014 MB (53% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0:25:53, on 31/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Propriétaire\Bureau\RSIT.exe C:\Program Files\trend micro\Propriétaire.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Chrome copyright - {aff01325-0fc2-4749-8914-fbf0565ad9cc} - jbnmck.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: SparkAngels.lnk = ? O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 7491 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aff01325-0fc2-4749-8914-fbf0565ad9cc}] Chrome copyright - C:\WINDOWS\system32\jbnmck.dll [2009-05-30 29696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-02-07 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-02-07 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-02-07 118784] "LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2008-08-04 160800] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408] "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-26 1211176] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Démarrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage SparkAngels.lnk - C:\WINDOWS\system32\javaws.exe YesMessenger.lnk - C:\Program Files\YesMessenger\YesMessenger.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2006-02-07 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2008-06-30 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe" "C:\Program Files\Microsoft LifeCam\LifeEnC2.exe"="C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe" "C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe" "C:\Program Files\Microsoft LifeCam\LifeTray.exe"="C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor" "C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App" "C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" ======List of files/folders created in the last 1 months====== 2023-04-03 16:06:00 ----A---- C:\WINDOWS\system32\vbSendMail.dll 2009-05-31 00:25:45 ----D---- C:\rsit 2009-05-31 00:25:45 ----D---- C:\Program Files\trend micro 2009-05-30 22:06:29 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier 2009-05-30 22:06:18 ----A---- C:\WINDOWS\zllsputility_loc040c.dll 2009-05-30 22:06:18 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll 2009-05-30 22:06:18 ----A---- C:\WINDOWS\system32\imslsp_install_loc040c.dll 2009-05-30 22:06:18 ----A---- C:\WINDOWS\system32\imsinstall_loc040c.dll 2009-05-30 22:06:15 ----A---- C:\WINDOWS\zllsputility.exe 2009-05-30 22:06:14 ----A---- C:\WINDOWS\system32\SpOrder.dll 2009-05-30 22:05:55 ----A---- C:\WINDOWS\system32\vsregexp.dll 2009-05-30 22:05:55 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll 2009-05-30 22:05:54 ----A---- C:\WINDOWS\system32\zlcommdb.dll 2009-05-30 22:05:54 ----A---- C:\WINDOWS\system32\zlcomm.dll 2009-05-30 22:05:50 ----A---- C:\WINDOWS\system32\zpeng24.dll 2009-05-30 22:05:50 ----A---- C:\WINDOWS\system32\vswmi.dll 2009-05-30 22:05:49 ----D---- C:\WINDOWS\system32\ZoneLabs 2009-05-30 22:05:49 ----D---- C:\Program Files\Zone Labs 2009-05-30 22:05:49 ----A---- C:\WINDOWS\system32\vsxml.dll 2009-05-30 22:05:49 ----A---- C:\WINDOWS\system32\vspubapi.dll 2009-05-30 22:05:49 ----A---- C:\WINDOWS\system32\vsmonapi.dll 2009-05-30 22:04:23 ----D---- C:\WINDOWS\Internet Logs 2009-05-30 22:04:23 ----A---- C:\WINDOWS\system32\vsutil.dll 2009-05-30 22:04:23 ----A---- C:\WINDOWS\system32\vsinit.dll 2009-05-30 22:04:23 ----A---- C:\WINDOWS\system32\vsdata.dll 2009-05-30 21:46:39 ----D---- C:\WINDOWS\temp 2009-05-30 21:46:38 ----A---- C:\ComboFix.txt 2009-05-30 21:43:09 ----SD---- C:\pouet 2009-05-30 19:44:31 ----D---- C:\Documents and Settings\Propriétaire\Application Data\U3 2009-05-30 18:50:29 ----D---- C:\WINDOWS\pss 2009-05-30 15:45:40 ----D---- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes 2009-05-30 15:45:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-05-30 15:45:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-05-30 14:30:47 ----A---- C:\Boot.bak 2009-05-30 14:30:43 ----RASHD---- C:\cmdcons 2009-05-30 14:29:32 ----A---- C:\WINDOWS\zip.exe 2009-05-30 14:29:32 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-05-30 14:29:32 ----A---- C:\WINDOWS\SWSC.exe 2009-05-30 14:29:32 ----A---- C:\WINDOWS\SWREG.exe 2009-05-30 14:29:32 ----A---- C:\WINDOWS\sed.exe 2009-05-30 14:29:32 ----A---- C:\WINDOWS\PEV.exe 2009-05-30 14:29:32 ----A---- C:\WINDOWS\NIRCMD.exe 2009-05-30 14:29:32 ----A---- C:\WINDOWS\grep.exe 2009-05-30 14:29:25 ----D---- C:\WINDOWS\ERDNT 2009-05-30 14:29:24 ----SD---- C:\ComboFix 2009-05-30 14:29:08 ----D---- C:\Qoobox 2009-05-30 13:55:17 ----A---- C:\WINDOWS\system32\jbnmck.dll 2009-05-27 18:30:31 ----A---- C:\tj.vbs 2009-05-13 17:37:11 ----D---- C:\Program Files\Prime95 2009-05-10 16:47:27 ----A---- C:\WINDOWS\ntbtlog.txt 2009-05-10 16:40:05 ----D---- C:\Program Files\Avira 2009-05-10 16:40:05 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-05-10 10:34:39 ----D---- C:\WINDOWS\Minidump ======List of files/folders modified in the last 1 months====== 2009-05-31 00:25:53 ----D---- C:\WINDOWS\Prefetch 2009-05-31 00:25:45 ----RD---- C:\Program Files 2009-05-30 23:33:31 ----D---- C:\Program Files\Mozilla Firefox 2009-05-30 23:19:28 ----D---- C:\WINDOWS\Network Diagnostic 2009-05-30 22:56:06 ----D---- C:\WINDOWS 2009-05-30 22:55:44 ----D---- C:\WINDOWS\system32\CatRoot2 2009-05-30 22:34:15 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-30 22:09:02 ----D---- C:\WINDOWS\system32\drivers 2009-05-30 22:06:26 ----D---- C:\WINDOWS\system32 2009-05-30 22:06:11 ----HD---- C:\WINDOWS\inf 2009-05-30 21:45:32 ----A---- C:\WINDOWS\system.ini 2009-05-30 21:44:54 ----D---- C:\WINDOWS\AppPatch 2009-05-30 21:44:54 ----D---- C:\Program Files\Fichiers communs 2009-05-30 19:50:46 ----D---- C:\GRT 2009-05-30 19:27:24 ----D---- C:\Program Files\Internet Explorer 2009-05-30 19:06:15 ----D---- C:\WINDOWS\system32\config 2009-05-30 19:02:21 ----D---- C:\WINDOWS\system 2009-05-30 14:30:47 ----RASH---- C:\boot.ini 2009-05-30 13:53:46 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-05-29 18:33:44 ----D---- C:\ADCD 2009-05-28 21:12:17 ----D---- C:\NOHAU 2009-05-22 18:15:12 ----SHD---- C:\System Volume Information 2009-05-22 18:15:12 ----D---- C:\WINDOWS\system32\Restore 2009-05-10 19:14:15 ----HD---- C:\Config.Msi 2009-05-10 19:14:12 ----SHD---- C:\WINDOWS\Installer 2009-05-10 17:27:40 ----D---- C:\Documents and Settings 2009-05-10 16:38:20 ----D---- C:\WINDOWS\WinSxS ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 klif;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-02-07 1399615] R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2008-08-08 23720] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992] R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 712fcc4;712fcc4; C:\WINDOWS\System32\drivers\712fcc4.sys [] S1 ovfsthxebkjfidh;ovfsthxebkjfidh; C:\WINDOWS\system32\drivers\ovfsthxwjcoobia.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver; C:\WINDOWS\System32\Drivers\nx6000.sys [2008-08-04 33808] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-04-10 104576] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-06-30 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-06-30 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089] R2 Autodata Limited License Service;Autodata Limited License Service; C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe [2008-11-17 68608] R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2008-08-08 41248] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984] R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2008-08-04 164896] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304] S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
  9. Eric_Eva88
    Voila les rapports, désolé pour le délai Malwarebytes' Anti-Malware 1.37 Database version: 2197 Windows 5.1.2600 Service Pack 3 30/05/2009 19:27:24 mbam-log-2009-05-30 (19-27-24).txt Scan type: Quick Scan Objects scanned: 84350 Time elapsed: 2 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 4 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Program Files\Mozilla Firefox\setupapi.dll (Trojan.Agent) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\fe345.fe345mgr (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\fe345.fe345mgr.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\y537.y537mgr (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\y537.y537mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Mozilla Firefox\setupapi.dll (Trojan.Agent) -> Delete on reboot. C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> Quarantined and deleted successfully. c:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vic_setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.37 Database version: 2197 Windows 5.1.2600 Service Pack 3 30/05/2009 19:34:15 mbam-log-2009-05-30 (19-34-15).txt Scan type: Quick Scan Objects scanned: 84206 Time elapsed: 2 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Malwarebytes' Anti-Malware 1.37 Database version: 2197 Windows 5.1.2600 Service Pack 3 30/05/2009 20:57:59 mbam-log-2009-05-30 (20-57-59).txt Scan type: Quick Scan Objects scanned: 84361 Time elapsed: 2 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  10. Eric_Eva88
    Effectivement en MSE ca fonctionne mieux heureusement. Le rapport : ComboFix 09-05-30.01 - Propriétaire 30/05/2009 19:02.1 - NTFSx86 NETWORK Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.1014.812 [GMT 2:00] Lancé depuis: c:\documents and settings\Propriétaire\Bureau\pouet.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\-1796975923 c:\program files\Internet Explorer\setupapi.dll c:\program files\ThunMail c:\program files\ThunMail\testabd.exe c:\windows\f23567.dat c:\windows\msmark2.dat c:\windows\system\oeminfo.ini c:\windows\system32\__c003D1C8.dat c:\windows\system32\199638 c:\windows\system32\ajelunin.ini c:\windows\system32\avast!Antivirus.exe c:\windows\system32\awibewuw.ini c:\windows\system32\drivers\buyxsofp.sys c:\windows\system32\drivers\ovfsthxwjcoobia.sys c:\windows\system32\drivers\ztdaffzq.sys c:\windows\system32\ewigasur.ini c:\windows\system32\eyobapik.ini c:\windows\system32\glsetup.exe c:\windows\system32\hkyxnpl.dll c:\windows\system32\ibimakuk.ini c:\windows\system32\idaviwem.ini c:\windows\system32\ifazires.ini c:\windows\system32\imagasap.ini c:\windows\system32\jhxm32.dll c:\windows\system32\kazaabackupfiles c:\windows\system32\ohozihaj.ini c:\windows\system32\olusrnh.dll c:\windows\system32\ovfsthxbadpadmn.dll c:\windows\system32\ovfsthxdytdsuky.dll c:\windows\system32\ovfsthxgifawohg.dat c:\windows\system32\ovfsthxkfwluqkx.dat c:\windows\system32\ovfsthxqpvboasq.dll c:\windows\system32\service-466.exe c:\windows\system32\sft.res c:\windows\system32\ukimayej.ini c:\windows\system32\uworubih.ini c:\windows\system32\winglsetup.exe c:\windows\system32\yarpdgef.dll c:\windows\t55ft2668f44.dat c:\windows\t55ft2692f44.dat c:\windows\t55ft2695f44.dat c:\windows\t55ft3097f44.dat . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AVAST!ANTIVIRUS -------\Legacy_BUYXSOFP -------\Legacy_QMSNPGFR -------\Service_avast!Antivirus -------\Service_buyxsofp -------\Service_qmsnpgfr ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-30 )))))))))))))))))))))))))))))))))))) . 2023-04-03 14:06 . 2023-04-03 14:06 135168 ----a-w c:\windows\system32\vbSendMail.dll 2009-05-30 13:45 . 2009-05-26 11:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-30 13:45 . 2009-05-30 13:45 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-30 13:45 . 2009-05-26 11:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-30 13:45 . 2009-05-30 13:45 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-30 12:29 . 2009-05-30 17:01 -------- d-s---w C:\ComboFix 2009-05-30 11:55 . 2009-05-30 11:55 29696 ----a-w c:\windows\system32\jbnmck.dll 2009-05-30 11:53 . 2009-05-30 15:45 0 ----a-w c:\windows\system32\drivers\712fcc4.sys 2009-05-27 16:48 . 2009-05-30 17:08 99422 ----a-w c:\windows\system32\drivers\8586b717.sys 2009-05-27 16:30 . 2009-05-26 02:18 105 ----a-w C:\tj.vbs 2009-05-27 16:30 . 2009-05-27 16:30 107155 ----a-w c:\windows\system32\vic_setup.exe 2009-05-22 15:42 . 2001-08-23 15:04 12288 -c--a-w c:\windows\system32\dllcache\mouhid.sys 2009-05-22 15:42 . 2001-08-23 15:04 12288 ----a-w c:\windows\system32\drivers\mouhid.sys 2009-05-22 15:42 . 2008-04-13 09:45 10368 -c--a-w c:\windows\system32\dllcache\hidusb.sys 2009-05-22 15:42 . 2008-04-13 09:45 10368 ----a-w c:\windows\system32\drivers\hidusb.sys 2009-05-13 15:37 . 2009-05-14 15:50 -------- d-----w c:\program files\Prime95 2009-05-10 14:40 . 2009-03-30 08:33 96104 ----a-w c:\windows\system32\drivers\avipbb.sys 2009-05-10 14:40 . 2009-03-24 14:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-05-10 14:40 . 2009-02-13 10:29 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys 2009-05-10 14:40 . 2009-02-13 10:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys 2009-05-10 14:40 . 2009-05-10 14:40 -------- d-----w c:\program files\Avira 2009-05-10 14:40 . 2009-05-10 14:40 -------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-05-09 20:36 . 2009-05-09 20:36 2 ----a-w c:\windows\z45ft5992f44.dat 2009-05-06 06:49 . 2009-05-06 06:49 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-29 07:37 . 2008-10-24 14:57 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-28 20:36 . 2009-04-28 20:36 -------- d-----w c:\program files\Samsung 2009-04-15 09:20 . 2006-03-02 12:00 85404 ----a-w c:\windows\system32\perfc00C.dat 2009-04-15 09:20 . 2006-03-02 12:00 513080 ----a-w c:\windows\system32\perfh00C.dat 2009-04-10 23:31 . 2009-02-06 09:50 -------- d-----w c:\program files\Java 2009-04-10 23:26 . 2008-11-13 21:53 -------- d-----w c:\program files\Fichiers communs\Adobe 2009-03-09 03:19 . 2009-02-11 08:40 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-06 14:20 . 2008-04-13 17:33 286720 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:13 . 2008-06-30 13:50 826368 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{aff01325-0fc2-4749-8914-fbf0565ad9cc}] 2009-05-30 11:55 29696 ----a-w c:\windows\system32\jbnmck.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928] c:\documents and settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ SparkAngels.lnk - c:\windows\system32\javaws.exe [2009-4-11 148888] YesMessenger.lnk - c:\program files\YesMessenger\YesMessenger.exe [2008-12-18 2772992] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Taskman"="c:\recycler\S-1-5-21-5108673119-4077787322-559514723-8618\nissan.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\winver.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/05/2009 16:40 108289] S1 712fcc4;712fcc4;c:\windows\system32\drivers\712fcc4.sys [30/05/2009 13:53 0] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?] S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [13/11/2008 23:16 33808] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - BUYXSOFP *Deregistered* - buyxsofp . - - - - ORPHELINS SUPPRIMES - - - - BHO-{0CE2C945-F61F-4970-95F7-1D83FF02EED4} - c:\windows\system32\yarpdgef.dll BHO-{2c10ba74-988f-402a-aa77-22100910eabb} - c:\windows\system32\pehuraba.dll HKCU-Run-bpjjvuou - c:\windows\system32\yeubee.exe HKLM-Run-karugolane - c:\windows\system32\wutilowu.dll HKLM-Run-sysfbtray - c:\windows\freddy42.exe HKLM-Run-94e45262 - c:\windows\system32\ninuleja.dll HKLM-Run-CPM97d761fe - c:\windows\system32\butebujo.dll HKLM-Run-bpjjvuou - c:\windows\system32\yeubee.exe HKU-Default-Run-svc - c:\program files\ThunMail\testabd.exe Notify-__c003D1C8 - c:\windows\system32\__c003D1C8.dat Notify-winubg32 - winubg32.dll SafeBoot-procexp90.sys . ------- Examen supplémentaire ------- . uStart Page = hxxp://247livesearch.com/cat/4/0/Computers-and-The-Internet.html uInternet Settings,ProxyServer = http=localhost:80 uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\682cekyl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-30 19:07 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver] "ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\8586b717] "ImagePath"="\SystemRoot\System32\drivers\8586b717.sys" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2484) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\windows\system32\HPZipm12.exe c:\program files\Microsoft ActiveSync\rapimgr.exe c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\program files\Java\jre6\bin\javaw.exe c:\windows\system32\HPZinw12.exe . ************************************************************************** . Heure de fin: 2009-05-30 19:10 - La machine a redémarré ComboFix-quarantined-files.txt 2009-05-30 17:10 Avant-CF: 26.107.920.384 octets libres Après-CF: 26.404.638.720 octets libres Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4 231 --- E O F --- 2009-04-30 01:01 Et un coup de Malwarebyte's : Malwarebytes' Anti-Malware 1.37 Database version: 2197 Windows 5.1.2600 Service Pack 3 30/05/2009 19:17:13 mbam-log-2009-05-30 (19-16-56).txt Scan type: Quick Scan Objects scanned: 84350 Time elapsed: 2 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 4 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Program Files\Mozilla Firefox\setupapi.dll (Trojan.Agent) -> No action taken. Registry Keys Infected: HKEY_CLASSES_ROOT\fe345.fe345mgr (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\fe345.fe345mgr.1 (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\y537.y537mgr (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\y537.y537mgr.1 (Trojan.BHO) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Mozilla Firefox\setupapi.dll (Trojan.Agent) -> No action taken. C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> No action taken. c:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> No action taken. C:\WINDOWS\system32\vic_setup.exe (Trojan.Downloader) -> No action taken.
  11. Eric_Eva88
    Le souci c'est que je suis obligé de fermer l'ancien combofix qui se lance au démarrage... :s Et le nouveau ne se lance pas Oo Je n'ai même pas accès au ctrl alt del
  12. Eric_Eva88
    Hmm il se lance mais ne télécharge pas les MAJ visiblement, ca dure ... Non ca passe pas :-/
  13. Eric_Eva88
    Ca n'a pas l'air de vouloir réagir des masses quand je lance le nouveau (sur le bureau) :s
  14. Eric_Eva88
    Bonjour et merci pour l'intervention rapide J'ai exécuté ComboFix comme tu me l'as conseillé mais problème ; au redémarrage de la machine je suis resté bloqué sur un bureau sans barres, avec la fenêtre de Combofix avec écrit dedans : Ca durait alors j'ai fermé la fenêtre, mais... En cherchant après le log de ComboFix, j'ai su ouvrir l'explorateur de fichiers mais le poste de travail ne répond pas
  15. Eric_Eva88
    Bonjour! Mon PC souffre de divers symptômes, notament ce faux anti-crasses qu'est Malware Doctor. Voici le log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:00:22, on 30/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\WINDOWS\System32\avast!Antivirus.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Documents and Settings\LocalService\Application Data\691447002.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Propriétaire\Bureau\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://247livesearch.com/cat/4/0/Computers-and-The-Internet.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=Explorer.exe ulpr.exe O1 - Hosts: 82.98.231.89 url.adtrgt.com O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net O2 - BHO: (no name) - {0CE2C945-F61F-4970-95F7-1D83FF02EED4} - C:\WINDOWS\system32\yarpdgef.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {2c10ba74-988f-402a-aa77-22100910eabb} - C:\WINDOWS\system32\pehuraba.dll (file missing) O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: 199638 helper - {65768B48-B004-4B26-9BAC-A3BAC39643D1} - C:\WINDOWS\system32\199638\199638.dll (file missing) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Chrome copyright - {aff01325-0fc2-4749-8914-fbf0565ad9cc} - jbnmck.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: 796525 helper - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\WINDOWS\system32\796525\796525.dll (file missing) O2 - BHO: (no name) - {F032685F-998A-4F12-A6FC-F43ED7E2855F} - c:\windows\system32\hkyxnpl.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [karugolane] Rundll32.exe "C:\WINDOWS\system32\wutilowu.dll",s O4 - HKLM\..\Run: [sysldtray] C:\windows\ld08.exe O4 - HKLM\..\Run: [pp] C:\windows\pp06.exe O4 - HKLM\..\Run: [sysmstray] C:\windows\mstre18.exe O4 - HKLM\..\Run: [sysfbtray] C:\windows\freddy42.exe O4 - HKLM\..\Run: [94e45262] rundll32.exe "C:\WINDOWS\system32\ninuleja.dll",b O4 - HKLM\..\Run: [CPM97d761fe] Rundll32.exe "c:\windows\system32\butebujo.dll",a O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [bpjjvuou] C:\WINDOWS\system32\yeubee.exe O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\691447002.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL O4 - HKCU\..\Run: [bpjjvuou] C:\WINDOWS\system32\yeubee.exe O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\691447002.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [A00F4140317.exe] C:\WINDOWS\TEMP\_A00F4140317.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: SparkAngels.lnk = ? O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\vavanoho.dll c:\windows\system32\butebujo.dll,c:\progra~1\ThunMail\testabd.dll O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing) O20 - Winlogon Notify: wsmsmlwg - C:\WINDOWS\SYSTEM32\hkyxnpl.dll O20 - Winlogon Notify: __c003D1C8 - C:\WINDOWS\system32\__c003D1C8.dat O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\butebujo.dll (file missing) O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\butebujo.dll (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: avast!Antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 9852 bytes Merci pour votre aide.
×
×
  • Créer...