Aller au contenu

damdam

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    9

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par damdam

  1. damdam
    EH bien GOF, je te remercie !!!! pour ton efficacité, la rapidité de tes réponses et bien sûr leurs qualités! J'ai suivi tes consignes et ça a fonctionné!!! J'ai fait 1 grosse MAJ d'après ce que tu m'as recommandé! HEUREUSEMENT qu'il existe des gens comme toi pour des utilisateurs comme moi!!!
  2. damdam
    Bonjour, Oui, il y a du mieux depuis que "nous"/ tu as travaillé!!! je n'ai plus mon antivirus qui détecte des "attaques" systématiques et la navigation internet est plus rapide. En a - t on fini ou vois tu d'autres choses à checker? MERCI!
  3. damdam
    Malwarebytes' Anti-Malware 1.37 Version de la base de données: 2276 Windows 5.1.2600 Service Pack 1 14/06/2009 20:49:30 mbam-log-2009-06-14 (20-49-30).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 183636 Temps écoulé: 1 hour(s), 6 minute(s), 5 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\Interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} (Adware.NetOptimizer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} (Adware.NetOptimizer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\salm (Adware.180Solutions) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\Qoobox\quarantine\C\WINDOWS\system32\drivers\acpi32.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\system32\drivers\fips32cup.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully. --------------------------------------------------------------------------------------------------------------------- log.txt Logfile of random's system information tool 1.06 (written by random/random) Run by Damien at 2009-06-14 20:52:33 Microsoft Windows XP Édition familiale Service Pack 1 System drive C: has 1 GB (8%) free of 15 GB Total RAM: 702 MB (29% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:52:51, on 14/06/2009 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\WINDOWS\TEMP\TZD6E7.EXE C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Damien\Bureau\RSIT.exe C:\Documents and Settings\Damien\Bureau\Damien.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101677&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing) O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: WiFi Station.lnk = ? O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Scan en temps réel d'OfficeScanNT (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Service d'écoute d'OfficeScan NT (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: Pare-feu d'OfficeScan NT (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- End of file - 8009 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1148232061.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 50376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-09-18 848144] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456] {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"=Alaunch [] "VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2003-05-07 36864] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-05-14 55296] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-04-01 88267] "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2002-11-15 126976] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2002-11-18 561152] "LManager"=C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE [2003-08-22 282624] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2004-12-20 33792] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-02-25 98304] "LVCOMSX"=C:\WINDOWS\System32\LVCOMSX.EXE [2004-10-08 221184] "LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-01-18 458752] "LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-01-18 217088] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2006-01-29 180269] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "OfficeScanNT Monitor"=C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [2008-04-30 705904] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-05-26 414480] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2003-04-24 13312] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-11-15 1670144] "LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-01-18 196608] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WifiStation.exe NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 3 months====== 2009-06-14 20:52:33 ----D---- C:\rsit 2009-06-14 19:39:22 ----D---- C:\Documents and Settings\Damien\Application Data\Malwarebytes 2009-06-14 19:39:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-06-14 19:39:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-06-14 19:03:49 ----A---- C:\ComboFix.txt 2009-06-14 18:56:09 ----D---- C:\WINDOWS\temp 2009-06-14 17:56:30 ----A---- C:\WINDOWS\NIRCMD.exe 2009-06-14 17:56:29 ----A---- C:\WINDOWS\zip.exe 2009-06-14 17:56:29 ----A---- C:\WINDOWS\SWREG.exe 2009-06-14 17:56:29 ----A---- C:\WINDOWS\PEV.exe 2009-06-14 17:56:28 ----A---- C:\WINDOWS\sed.exe 2009-06-14 17:56:28 ----A---- C:\WINDOWS\grep.exe 2009-06-14 17:56:27 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-06-14 17:56:27 ----A---- C:\WINDOWS\SWSC.exe 2009-06-14 17:55:25 ----D---- C:\WINDOWS\ERDNT 2009-06-14 17:54:25 ----D---- C:\Qoobox 2009-06-14 16:13:56 ----D---- C:\Program Files\Trend Micro 2009-06-14 16:13:38 ----A---- C:\tmuninst.ini 2009-05-25 17:43:56 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-05-25 17:37:56 ----A---- C:\WINDOWS\nigzss.txt 2009-04-03 23:51:31 ----D---- C:\Program Files\Pro100Demo 2009-04-02 23:09:05 ----A---- C:\WINDOWS\DcmLtbox-WS.ini ======List of files/folders modified in the last 3 months====== 2009-06-14 18:59:38 ----N---- C:\WINDOWS\system.ini 2009-06-14 18:58:40 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt 2009-06-14 18:51:14 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-06-14 18:15:12 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI 2009-05-25 20:33:22 ----A---- C:\WINDOWS\winamp.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-01-21 41792] R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2008-03-04 79424] R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-03-09 77184] R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [2008-04-30 73288] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2008-02-27 21035] R2 irda;Protocole IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2001-08-17 55296] R2 tmcomm;tmcomm; \??\C:\WINDOWS\System32\drivers\tmcomm.sys [] R2 TmFilter;Trend Micro Filter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [] R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [] R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-04-01 1170464] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-05-14 740044] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2003-04-24 57344] R3 catchme;catchme; \??\C:\DOCUME~1\Damien\LOCALS~1\Temp\catchme.sys [] R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2002-08-29 13184] R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2003-01-16 16256] R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-01-15 41984] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\System32\drivers\mbamswissarmy.sys [] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2003-04-24 57984] R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2003-09-01 6912] R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2002-11-18 263536] R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\System32\DRIVERS\TM_CFW.sys [2008-04-30 307984] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-07-03 25216] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-07-03 53120] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2003-07-03 19328] R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-08-11 265344] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2003-04-24 14080] S3 Bridge;Pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2003-04-24 68864] S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2003-04-24 68864] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2003-04-08 51208] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2003-02-17 16384] S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-04-24 9600] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-03-09 51024] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-03-09 16080] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-03-09 21456] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-31 22016] S3 marlbus;NEC WMC USB_AD1 Composite Device driver (WDM); C:\WINDOWS\System32\DRIVERS\marlbus.sys [2005-04-29 52480] S3 marlmdfl;NEC WMC USB_AD1 Modem Filter; C:\WINDOWS\System32\DRIVERS\marlmdfl.sys [2005-04-29 6000] S3 marlmdm;NEC WMC USB_AD1 Modem Drivers; C:\WINDOWS\System32\DRIVERS\marlmdm.sys [2005-04-29 86496] S3 marlobex;NEC WMC USB_AD1 OBEX Interface Drivers (WDM); C:\WINDOWS\System32\DRIVERS\marlobex.sys [2005-04-29 76256] S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2003-02-17 83968] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2003-02-17 10112] S3 NSCIRDA;Pilote de périphérique infrarouge NSC; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2001-08-17 23552] S3 NTSIM;NTSIM; \??\C:\WINDOWS\System32\ntsim.sys [] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS [] S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\System32\DRIVERS\LV561AV.SYS [2005-01-31 211712] S3 PRISM_A02;802.11g USB 2.0 adapter; C:\WINDOWS\System32\DRIVERS\PRISMA02.sys [2005-02-01 348640] S3 RT2500USB;Hercules Wireless USB Dongle Driver; C:\WINDOWS\System32\DRIVERS\rt2500usb.sys [2004-07-16 140416] S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8180.SYS [2003-08-15 173184] S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\WINDOWS\System32\DRIVERS\wg111v3.sys [2007-04-23 224896] S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver; C:\WINDOWS\System32\DRIVERS\sis163u.sys [2005-06-20 215040] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2003-02-17 10880] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2003-02-17 14976] S3 USB_RNDIS;Inventel Gateway; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2003-04-24 11136] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2002-08-29 56832] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2003-07-03 28160] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2003-04-24 21760] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2003-02-17 18688] S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 ntrtscan;Scan en temps réel d'OfficeScanNT; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2008-04-30 771440] R2 tmlisten;Service d'écoute d'OfficeScan NT; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2008-04-30 800112] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-10-11 38912] R3 TmPfw;Pare-feu d'OfficeScan NT; C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe [2008-04-30 943696] S2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-03-07 68865] S2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-03-26 147201] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2003-04-24 251392] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-01-11 68096] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2003-03-09 65795] S3 TmProxy;OfficeScan NT Proxy Service; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [2008-04-30 575064] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] -----------------EOF----------------- info.txt info.txt logfile of random's system information tool 1.06 2009-06-14 20:52:56 ======Uninstall list====== -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer French Guide Link\Uninst.isu" -->RunDll32 "C:\Program Files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe" -->RunDll32 "C:\Program Files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe" -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0DAEA5-826C-4A76-B176-56959B99D3F0}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 802.11 USB Wireless LAN Adapter-->C:\WINDOWS\System32\unwlsdrv.exe SiS163u Ad-Aware SE Personal-->C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Acrobat 6.0 Professional - English, Français, Deutsch-->MsiExec.exe /I{AC76BA86-1033-F400-7760-000000000001} Adobe Creative Suite-->C:\PROGRA~1\INSTAL~1\{D52EC~1\setup.exe /Relaunched=yes /Uninstall /Relaunched=yes Adobe Flash Player Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop 7.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001} Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log Agere Systems AC'97 Modem-->agrsmdel Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe" Aspire 1350-->C:\Program Files\Aspire 1350\uninstall.exe Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]-->C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe Correctif Windows XP - KB822603-->C:\WINDOWS\$NtUninstallKB822603$\spuninst\spuninst.exe Correctif Windows XP - KB823182-->C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe Correctif Windows XP - KB824105-->C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe Correctif Windows XP - KB825119-->C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe Correctif Windows XP - KB826939-->C:\WINDOWS\$NtUninstallKB826939$\spuninst\spuninst.exe Correctif Windows XP - KB828035-->C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe Correctif Windows XP - KB828741-->C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe Correctif Windows XP - KB833407-->C:\WINDOWS\$NtUninstallKB833407$\spuninst\spuninst.exe Correctif Windows XP - KB833987-->C:\WINDOWS\$NtUninstallKB833987$\spuninst\spuninst.exe Correctif Windows XP - KB835732-->C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe Correctif Windows XP - KB837001-->C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe Correctif Windows XP - KB839643-->C:\WINDOWS\$NtUninstallKB839643$\spuninst\spuninst.exe Correctif Windows XP - KB839645-->C:\WINDOWS\$NtUninstallKB839645$\spuninst\spuninst.exe Correctif Windows XP - KB840315-->C:\WINDOWS\$NtUninstallKB840315$\spuninst\spuninst.exe Correctif Windows XP - KB840374-->C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe Correctif Windows XP - KB840987-->C:\WINDOWS\$NtUninstallKB840987$\spuninst\spuninst.exe Correctif Windows XP - KB841356-->C:\WINDOWS\$NtUninstallKB841356$\spuninst\spuninst.exe Correctif Windows XP - KB841533-->C:\WINDOWS\$NtUninstallKB841533$\spuninst\spuninst.exe Correctif Windows XP - KB841873-->C:\WINDOWS\$NtUninstallKB841873$\spuninst\spuninst.exe Correctif Windows XP - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe Correctif Windows XP - KB867282-->C:\WINDOWS\$NtUninstallKB867282-IE6SP1-20050127.163319$\spuninst\spuninst.exe Correctif Windows XP - KB871250-->C:\WINDOWS\$NtUninstallKB871250$\spuninst\spuninst.exe Correctif Windows XP - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Correctif Windows XP - KB873376-->C:\WINDOWS\$NtUninstallKB873376$\spuninst\spuninst.exe Correctif Windows XP - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Correctif Windows XP - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Correctif Windows XP - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe Correctif Windows XP - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Correctif Windows XP - KB891711-->C:\WINDOWS\$NtUninstallKB891711$\spuninst\spuninst.exe Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Correctif Windows XP - KB897715-->"C:\WINDOWS\$NtUninstallKB897715-OE6SP1-20050503.210336$\spuninst\spuninst.exe" Correctif Windows XP - KB905915-->"C:\WINDOWS\$NtUninstallKB905915-IE6SP1-20051122.175908$\spuninst\spuninst.exe" Correctif Windows XP (SP2) Q819696-->C:\WINDOWS\$NtUninstallQ819696$\spuninst\spuninst.exe Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\System32\OggDSuninst.exe" FrostWire 4.17.2-->C:\Program Files\FrostWire\Uninstall.exe Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Guitar Pro 5.0-->"C:\Program Files\Guitar Pro 5\unins000.exe" Haali Media Splitter-->"C:\Program Files\Matroska Pack\haali\uninstall.exe" HijackThis 2.0.2-->"C:\Documents and Settings\Damien\Bureau\HijackThis.exe" /uninstall hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5} Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll" Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} KM400/KN400 Display Driver and Utilities-->C:\PROGRA~1\S3Inc\S3\s3setvga.exe -s -fC:\PROGRA~1\S3Inc\S3\S3.uns Launch Manager-->C:\WINDOWS\UnInst32.exe QtZpAcer.UNI LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Matroska Pack-->C:\Program Files\Matroska Pack\uninstall.exe Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905495)-->"C:\WINDOWS\$NtUninstallKB905495$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB835409)-->"C:\WINDOWS\$NtUninstallKB835409$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Mozilla Firefox (3.0.-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe NETGEAR WG111v3 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0409 NTI CD & DVD-Maker 6.5 Gold -->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1036 AnyText Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B} Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1} Photo et imagerie HP 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall Pro100-->C:\PROGRA~1\PRO100~1\UNWISE.EXE C:\PROGRA~1\PRO100~1\Pro100demo.LOG Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE Room Arranger-->"C:\Program Files\Room Arranger\uninstall.exe" S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display' S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2' S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2' S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay' Shockwave-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Trend Micro OfficeScan Client-->msiexec /x {ECEA7878-2100-4525-915D-B09174E36971} VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe WiFi Station-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}\Setup.exe" -l0x40c Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe" Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll ======System event log====== Computer Name: DAMIEN Event Code: 17 Message: Record Number: 64908 Source Name: avgntdd Time Written: 20090201190556.000000+060 Event Type: Informations User: Computer Name: DAMIEN Event Code: 263 Message: Le service "AntiVirScheduler" n'a peut-être pas annulé son inscription au service de notifications d'événement de périphériques avant d'être arrêté. Record Number: 64907 Source Name: PlugPlayManager Time Written: 20090201190545.000000+060 Event Type: Avertissement User: Computer Name: DAMIEN Event Code: 6005 Message: Le service d'Enregistrement d'événement a démarré. Record Number: 64906 Source Name: EventLog Time Written: 20090201190537.000000+060 Event Type: Informations User: Computer Name: DAMIEN Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 1 Uniprocessor Free. Record Number: 64905 Source Name: EventLog Time Written: 20090201190537.000000+060 Event Type: Informations User: Computer Name: DAMIEN Event Code: 6006 Message: Le service d'Enregistrement d'événement a été arrêté. Record Number: 64904 Source Name: EventLog Time Written: 20090126213803.000000+060 Event Type: Informations User: =====Application event log===== Computer Name: DAMIEN Event Code: 1 Message: Record Number: 1075 Source Name: AVGEMS Time Written: 20080101171049.000000+060 Event Type: Informations User: Computer Name: DAMIEN Event Code: 1 Message: Record Number: 1074 Source Name: Avg7UpdSvc Time Written: 20080101171042.000000+060 Event Type: Informations User: Computer Name: DAMIEN Event Code: 1 Message: Record Number: 1073 Source Name: AVGEMS Time Written: 20071231115325.000000+060 Event Type: Informations User: Computer Name: DAMIEN Event Code: 1 Message: Record Number: 1072 Source Name: Avg7UpdSvc Time Written: 20071231115315.000000+060 Event Type: Informations User: Computer Name: DAMIEN Event Code: 1 Message: Record Number: 1071 Source Name: AVGEMS Time Written: 20071231091018.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0a00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF-----------------
  4. damdam
    2009-06-14 17:02:09 . 2009-06-14 17:02:12 173 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed}.reg.dat 2009-06-14 16:55:43 . 2009-06-14 16:55:44 2,982 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_WM System Decode Application.reg.dat 2009-06-14 16:55:42 . 2009-06-14 16:55:44 1,716 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_W3ocesrmimr.reg.dat 2009-06-14 16:55:41 . 2009-06-14 16:55:42 1,278 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WM_SYSTEM_DECODE_APPLICATION.reg.dat 2009-06-14 16:52:03 . 2009-06-14 16:52:04 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt 2009-06-14 16:16:41 . 2009-06-14 16:16:42 199 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Microsoft Works Update Detection.reg.dat 2009-06-14 16:16:41 . 2009-06-14 16:16:42 114 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-jixgx.reg.dat 2009-06-14 16:16:41 . 2009-06-14 16:16:42 149 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-AdTools Service.reg.dat 2009-06-14 16:16:39 . 2009-06-14 16:16:40 167 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-WOOKIT.reg.dat 2009-06-14 16:07:20 . 2009-06-14 16:07:22 4,070 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Irmon.reg.dat 2009-06-14 16:07:20 . 2009-06-14 16:07:22 1,030 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_Irmon.reg.dat 2009-06-14 16:06:46 . 2009-06-14 16:06:48 2,620 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ws2_32sik.reg.dat 2009-06-14 16:06:45 . 2009-06-14 16:06:46 2,640 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_systemntmi.reg.dat 2009-06-14 16:06:45 . 2009-06-14 16:06:46 2,620 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_securentm.reg.dat 2009-06-14 16:06:44 . 2009-06-14 16:06:46 2,640 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_port135sik.reg.dat 2009-06-14 16:06:44 . 2009-06-14 16:06:46 2,580 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_nicsk32.reg.dat 2009-06-14 16:06:43 . 2009-06-14 16:06:44 2,560 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_netsik.reg.dat 2009-06-14 16:06:42 . 2009-06-14 16:06:44 2,580 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ksi32sk.reg.dat 2009-06-14 16:06:42 . 2009-06-14 16:06:44 2,560 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_i386si.reg.dat 2009-06-14 16:06:42 . 2009-06-14 16:06:44 2,620 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_fips32cup.reg.dat 2009-06-14 16:06:41 . 2009-06-14 16:06:42 2,560 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_acpi32.reg.dat 2009-06-14 16:06:12 . 2009-06-14 16:55:30 30,412 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2009-06-14 15:55:25 . 2009-06-14 16:50:48 153 ----a-w- C:\Qoobox\Quarantine\catchme.log 2009-06-14 12:55:45 . 2009-06-14 12:55:50 141,312 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\smngr.exe.vir 2009-05-29 19:10:19 . 2009-05-29 19:10:20 1,392,640 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\x.exe.vir 2009-05-25 15:37:22 . 2009-06-10 17:36:30 80 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\i.vir 2009-01-25 10:49:18 . 2009-01-25 10:49:20 1,974 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\Cache\0388D298.bin.vir 2009-01-25 10:49:17 . 2009-01-25 10:49:18 2,102 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\Cache\0388D158.bin.vir 2009-01-25 10:49:17 . 2009-01-25 10:49:18 3,798 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\Cache\0388CF8B.bin.vir 2009-01-25 10:49:17 . 2009-01-25 10:49:18 3,798 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\Cache\0388CDB4.bin.vir 2009-01-25 10:49:16 . 2009-01-25 10:49:18 3,798 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\Cache\0388CBB6.bin.vir 2009-01-25 10:49:16 . 2009-01-25 10:49:16 7,676 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\Settings\prevcfg.htm.vir 2009-01-25 10:49:12 . 2009-01-25 10:49:14 1,024 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\History\search.vir 2009-01-25 10:49:12 . 2009-02-02 14:41:44 406 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\Cache\files.ini.vir 2009-01-24 19:06:01 . 2008-06-10 15:32:24 36,864 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\bin\psvince.dll.vir 2009-01-24 19:06:01 . 2008-09-08 20:08:22 116,104 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\bin\askPopStp.dll.vir 2009-01-24 19:06:01 . 2008-09-08 20:08:22 279,944 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\bin\askBar.dll.vir 2009-01-24 19:06:00 . 2009-01-24 19:06:06 3 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\Settings\config.dat.vir 2009-01-24 19:06:00 . 2008-06-12 20:37:16 0 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\Settings\config.dat.bak.vir 2009-01-24 19:06:00 . 2009-01-24 19:05:58 695,204 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\unins000.exe.vir 2009-01-24 19:06:00 . 2009-01-24 19:06:06 26,303 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\unins000.dat.vir 2005-05-07 17:32:21 . 2005-05-07 17:32:22 642 ----a-w- C:\Qoobox\Quarantine\C\Cmdtest.exe.vir 2003-09-01 13:10:46 . 2003-09-01 13:10:48 19,728 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wins\SVCHOST.EXE.vir 1979-12-31 22:00:00 . 2003-04-24 10:00:00 41,216 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\acpi32.sys.vir 1979-12-31 22:00:00 . 2003-04-24 10:00:00 41,216 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\fips32cup.sys.vir
  5. damdam
    Cela ne fonctionne pas. 1) Quand j'essaie d'envoyer le fichier C:\Qoobox\Quarantine\C\windows\smngr.exe.vir, j'obtiens la réponse suivante: Request Entity Too Large The requested resource /upload.php does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit. Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny3 with Suhosin-Patch Server at upload.malekal.com Port 80 2) quand je cherche les 2 autres fichiers, je ne les trouve pas.
  6. damdam
    ComboFix 09-06-13.09 - Damien 14/06/2009 18:52.2 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.1.1252.33.1036.18.702.235 [GMT 2:00] Lancé depuis: c:\documents and settings\Damien\Bureau\Combo-Fix.exe Commutateurs utilisés :: c:\documents and settings\Damien\Bureau\CFScript.txt AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: "c:\windows\smngr.exe" "c:\windows\system\msdct.exe" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\AskBarDis c:\program files\AskBarDis\bar\bin\askBar.dll c:\program files\AskBarDis\bar\bin\askPopStp.dll c:\program files\AskBarDis\bar\bin\psvince.dll c:\program files\AskBarDis\bar\Cache\0388CBB6.bin c:\program files\AskBarDis\bar\Cache\0388CDB4.bin c:\program files\AskBarDis\bar\Cache\0388CF8B.bin c:\program files\AskBarDis\bar\Cache\0388D158.bin c:\program files\AskBarDis\bar\Cache\0388D298.bin c:\program files\AskBarDis\bar\Cache\files.ini c:\program files\AskBarDis\bar\History\search c:\program files\AskBarDis\bar\Settings\config.dat c:\program files\AskBarDis\bar\Settings\config.dat.bak c:\program files\AskBarDis\bar\Settings\prevcfg.htm c:\program files\AskBarDis\unins000.dat c:\program files\AskBarDis\unins000.exe c:\windows\smngr.exe c:\windows\system\msdct.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WM_SYSTEM_DECODE_APPLICATION -------\Service_W3ocesrmimr -------\Service_WM System Decode Application ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-14 au 2009-06-14 )))))))))))))))))))))))))))))))))))) . 2009-06-14 14:14 . 2008-04-30 12:11 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-06-14 14:13 . 2009-06-14 14:13 -------- d-----w- c:\program files\Trend Micro 2009-05-25 15:43 . 2009-05-25 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-14 16:15 . 1979-12-31 22:00 50562 ----a-w- c:\windows\system32\perfc00C.dat 2009-06-14 16:15 . 1979-12-31 22:00 372202 ----a-w- c:\windows\system32\perfh00C.dat 2006-05-25 16:34 . 2005-12-20 20:43 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-14_16.14.52 ))))))))))))))))))))))))))))))))))))))))) . - 1979-12-31 22:00 . 2008-07-22 15:48 41706 c:\windows\system32\perfc009.dat + 1979-12-31 22:00 . 2009-06-14 16:15 41706 c:\windows\system32\perfc009.dat + 1979-12-31 22:00 . 2009-06-14 16:15 316048 c:\windows\system32\perfh009.dat - 1979-12-31 22:00 . 2008-07-22 15:48 316048 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2003-04-24 13312] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-11-15 1670144] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-11-15 126976] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-11-18 561152] "LManager"="c:\progra~1\LAUNCH~1\QtZpAcer.EXE" [2003-08-22 282624] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-25 98304] "LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2004-10-08 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-29 180269] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2008-04-30 705904] "VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2003-05-07 36864] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-05-14 55296] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-04-01 88267] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2003-04-24 13312] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-30 110592] Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456] WiFi Station.lnk - c:\program files\Hercules\WiFi Station\WifiStation.exe [2006-11-16 626176] NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:1a158697 R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [04/06/2008 22:48 22336] R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [04/06/2008 22:48 41792] R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXpflt.sys [30/04/2008 14:11 225296] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\TmPreflt.sys [30/04/2008 14:11 36368] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [30/04/2008 14:11 307984] R3 TmPfw;Pare-feu d'OfficeScan NT;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [30/04/2008 14:11 943696] S3 marlbus;NEC WMC USB_AD1 Composite Device driver (WDM);c:\windows\system32\drivers\marlbus.sys [27/02/2006 13:18 52480] S3 marlmdfl;NEC WMC USB_AD1 Modem Filter;c:\windows\system32\drivers\marlmdfl.sys [27/02/2006 13:19 6000] S3 marlmdm;NEC WMC USB_AD1 Modem Drivers;c:\windows\system32\drivers\marlmdm.sys [27/02/2006 13:19 86496] S3 marlobex;NEC WMC USB_AD1 OBEX Interface Drivers (WDM);c:\windows\system32\drivers\marlobex.sys [27/02/2006 13:20 76256] S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [01/09/2003 13:33 173184] S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [23/04/2007 14:11 224896] S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/06/2005 10:12 215040] S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [30/04/2008 14:11 575064] . Contenu du dossier 'Tâches planifiées' 2009-04-07 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8148232061.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file) . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.ask.com/?o=101677&l=dis uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/ uInternet Settings,ProxyOverride = localhost uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Damien\Application Data\Mozilla\Firefox\Profiles\vrwdj2t8.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.Fr FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-14 18:59 Windows 5.1.2600 Service Pack 1 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(940) c:\windows\System32\ODBC32.dll - - - - - - - > 'lsass.exe'(996) c:\windows\System32\dssenh.dll - - - - - - - > 'explorer.exe'(3852) c:\windows\System32\msi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe c:\windows\SYSTEM32\WDFMGR.EXE c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe c:\program files\LAUNCH MANAGER\QTZPACER.EXE c:\program files\LOGITECH\VIDEO\FXSVR2.EXE c:\program files\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe c:\windows\TEMP\TZD6E7.EXE . ************************************************************************** . Heure de fin: 2009-06-14 19:03 - La machine a redémarré ComboFix-quarantined-files.txt 2009-06-14 17:03 ComboFix2.txt 2009-06-14 16:18 Avant-CF: 1 313 619 968 octets libres Après-CF: 1 288 175 616 octets libres 162 --- E O F --- 2008-07-07 11:26
  7. damdam
    Au fait, oui c'est une version légale. C'est un portable acer que j'ai acheté neuf il y 6 à 7 ans. De quelles MAJ parles tu?
  8. damdam
    Merci de prendre le temps de répondre, c'est vraiment très sympa! voici le rapport: ComboFix 09-06-13.09 - Damien 14/06/2009 18:02.1 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.1.1252.33.1036.18.702.203 [GMT 2:00] Lancé depuis: c:\documents and settings\Damien\Bureau\Combo-Fix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\windows adstatus C:\Cmdtest.exe c:\windows\system32\drivers\acpi32.sys c:\windows\system32\drivers\fips32cup.sys c:\windows\system32\firewall.exe c:\windows\system32\i c:\windows\system32\wins\svchost.exe c:\windows\system32\x.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_acpi32 -------\Service_fips32cup -------\Service_i386si -------\Service_ksi32sk -------\Service_netsik -------\Service_nicsk32 -------\Service_port135sik -------\Service_securentm -------\Service_systemntmi -------\Service_ws2_32sik -------\Legacy_Irmon -------\Service_Irmon ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-14 au 2009-06-14 )))))))))))))))))))))))))))))))))))) . 2009-06-14 14:14 . 2008-04-30 12:11 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-06-14 14:13 . 2009-06-14 14:13 -------- d-----w- c:\program files\Trend Micro 2009-06-14 12:55 . 2009-06-14 12:55 141312 --sh--r- c:\windows\smngr.exe 2009-05-25 15:43 . 2009-05-25 15:43 1032192 --sh--w- c:\windows\system\msdct.exe 2009-05-25 15:43 . 2009-05-25 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-14 16:15 . 1979-12-31 22:00 50562 ----a-w- c:\windows\system32\perfc00C.dat 2009-06-14 16:15 . 1979-12-31 22:00 372202 ----a-w- c:\windows\system32\perfh00C.dat 2006-05-25 16:34 . 2005-12-20 20:43 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-09-08 20:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2003-04-24 13312] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-11-15 1670144] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-11-15 126976] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-11-18 561152] "LManager"="c:\progra~1\LAUNCH~1\QtZpAcer.EXE" [2003-08-22 282624] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-25 98304] "LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2004-10-08 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-29 180269] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2008-04-30 705904] "VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2003-05-07 36864] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-05-14 55296] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-04-01 88267] "Windows Data Serivce"="smngr.exe" - c:\windows\smngr.exe [2009-06-14 141312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2003-04-24 13312] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-30 110592] Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456] WiFi Station.lnk - c:\program files\Hercules\WiFi Station\WifiStation.exe [2006-11-16 626176] NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:1a158697 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WM System Decode Application] @="Service" R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [04/06/2008 22:48 22336] R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [04/06/2008 22:48 41792] R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXpflt.sys [30/04/2008 14:11 225296] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\TmPreflt.sys [30/04/2008 14:11 36368] R2 WM System Decode Application;WM System Decode Application;c:\windows\system\msdct.exe [25/05/2009 17:43 1032192] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [30/04/2008 14:11 307984] R3 TmPfw;Pare-feu d'OfficeScan NT;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [30/04/2008 14:11 943696] S3 marlbus;NEC WMC USB_AD1 Composite Device driver (WDM);c:\windows\system32\drivers\marlbus.sys [27/02/2006 13:18 52480] S3 marlmdfl;NEC WMC USB_AD1 Modem Filter;c:\windows\system32\drivers\marlmdfl.sys [27/02/2006 13:19 6000] S3 marlmdm;NEC WMC USB_AD1 Modem Drivers;c:\windows\system32\drivers\marlmdm.sys [27/02/2006 13:19 86496] S3 marlobex;NEC WMC USB_AD1 OBEX Interface Drivers (WDM);c:\windows\system32\drivers\marlobex.sys [27/02/2006 13:20 76256] S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [01/09/2003 13:33 173184] S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [23/04/2007 14:11 224896] S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/06/2005 10:12 215040] S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [30/04/2008 14:11 575064] S4 W3ocesrmimr;W3ocesrmimr; [x] . Contenu du dossier 'Tâches planifiées' 2009-04-07 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8148232061.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-WOOKIT - c:\progra~1\WANADOO\Shell.exe HKLM-Run-AdTools Service - c:\program files\AdTools Service\AdTools.exe HKLM-Run-jixgx - c:\windows\jixgx.exe HKLM-Run-Microsoft Works Update Detection - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.ask.com/?o=101677&l=dis uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/ uInternet Settings,ProxyOverride = localhost uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Damien\Application Data\Mozilla\Firefox\Profiles\vrwdj2t8.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Ask FF - prefs.js: browser.startup.homepage - hxxp://www.google.Fr FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q= FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-14 18:13 Windows 5.1.2600 Service Pack 1 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1052) c:\windows\System32\ODBC32.dll - - - - - - - > 'lsass.exe'(1108) c:\windows\System32\dssenh.dll - - - - - - - > 'explorer.exe'(424) c:\windows\System32\msi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe c:\windows\System32\wdfmgr.exe c:\windows\system32\CF6168.exe c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe c:\program files\Logitech\Video\FxSvr2.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe c:\windows\TEMP\CF7802.EXE c:\program files\Java\jre1.6.0_07\bin\jucheck.exe . ************************************************************************** . Heure de fin: 2009-06-14 18:18 - La machine a redémarré ComboFix-quarantined-files.txt 2009-06-14 16:18 Avant-CF: 1 199 218 688 octets libres Après-CF: 1 316 487 168 octets libres 164 --- E O F --- 2008-07-07 11:26
  9. damdam
    Bonjour, Mon PC est resté inutilisé pendant 2 mois pour cause de déménagement. Quand je l'ai reconnecté à la freebox après déménagement dans nouveau logement, messages d'alerte d'avast +message "rootkit"... Je n'y connait rien. On m'a passé un nouvel antivirus "Trend" que j'ai installé. Toujours même problème: nouvelle page de démarrage internet, ralentissement connexion... Quelqu'un peut il m'aider? Merci d'avance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:56:11, on 14/06/2009 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\System32\firewall.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\firewall.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system\msdct.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\smngr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe C:\Program Files\Trend Micro\OfficeScan Client\pccnt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Damien\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101677&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll O1 - Hosts: 67.15.104.33 ibank.barclays.co.uk O1 - Hosts: 67.15.104.33 online-business.lloydstsb.co.uk O1 - Hosts: 67.15.104.33 online.lloydstsb.co.uk O1 - Hosts: 67.15.104.33 www.halifax-online.co.uk O1 - Hosts: 67.15.104.33 www.ukpersonal.hsbc.co.uk O1 - Hosts: 67.15.104.33 www.nwolb.com O1 - Hosts: 67.15.104.33 banesnet.banesto.es O1 - Hosts: 67.15.104.33 extranet.banesto.es O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE O4 - HKLM\..\Run: [[Ephemeral 2.4] by TreeHugger, ] C:\WINDOWS\TEMP\3.tmp.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe O4 - HKLM\..\Run: [jixgx] C:\WINDOWS\jixgx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe O4 - HKLM\..\Run: [Windows Data Serivce] smngr.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Damien] C:\Documents and Settings\Damien\Damien.exe /i O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: WiFi Station.lnk = ? O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Scan en temps réel d'OfficeScanNT (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Service d'écoute d'OfficeScan NT (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: Pare-feu d'OfficeScan NT (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: WM System Decode Application - Unknown owner - C:\WINDOWS\system\msdct.exe -- End of file - 9211 bytes
×
×
  • Créer...