Aller au contenu

hobbes83

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    19

  • Inscription

  • Dernière visite

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Autres informations

  • Mes langues
    français

hobbes83's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. hobbes83
    Bonjour, J'ai une imprimante multifonctions jet d'encre EPSON DX4850. Mon épouse a imprimé son travail avec succès (textes + diagrammes sur papier normal).Puis, j'ai voulu à mon tour imprimer des photos sur papier glacé. Au paravent, j'ai changé la cartouche de noir qui était quasiment finie. A ce moment-là, mes photos sont sorties toutes rouge-vif, 2 fois de suite, puis rose de + en + pâle sur les essais suivants...... jusqu'à être quasiment invisibles ! J'ai donc agité plusieurs fois chacune des cartouches, j'ai éteint puis rallumé l'imprimante, redémarré le PC .... J'ai même désinstallé l'imprimante et réinstallé les pilotes avec le CDROM Epson. Malgré tout cela, rien n'y fait : j'ai juste un rose à peine lisible. J'ai procédé également au nettoyage des buses, à l'alignement des têtes, etc .... mais en vain ! Pouvez-vous m'aider ? Merci d'avance.
  2. hobbes83
    Je n'ai pas de cd Windows original, mais est-ce que c'est faisable par téléchargement ?
  3. hobbes83
    Bonjour, voilà j'ai trouvé l'observateur d'évenements. voilà le rapport de la dernière ligne d'erreur : Type de l'événement : Erreur Source de l'événement : Application Error Catégorie de l'événement : (100) ID de l'événement : 1004 Date : 10/07/2009 Heure : 06:52:30 Utilisateur : N/A Ordinateur : NOM-51BDF214662 Description : Application défaillante svchost.exe, version 0.0.0.0, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000000. Pour plus d'informations, consultez le centre Aide et support à l'adresse http://go.microsoft.com/fwlink/events.asp. Données : 0000: 41 70 70 6c 69 63 61 74 Applicat 0008: 69 6f 6e 20 46 61 69 6c ion Fail 0010: 75 72 65 20 20 73 76 63 ure svc 0018: 68 6f 73 74 2e 65 78 65 host.exe 0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0 0028: 20 69 6e 20 75 6e 6b 6e in unkn 0030: 6f 77 6e 20 30 2e 30 2e own 0.0. 0038: 30 2e 30 20 61 74 20 6f 0.0 at o 0040: 66 66 73 65 74 20 30 30 ffset 00 0048: 30 30 30 30 30 30 000000
  4. hobbes83
    Quand je lance une recherche sur ce fichier, j'ai un msg qui dit qu'il n'est plus à cet emplacement. Quant à l'observateur d'évènements, quelle est la marche à suivre ?
  5. hobbes83
    Voilà, c'est fait, mais au redémarrage, toujours le même msg "Prévention de l'Exécution des Données - Microsoft Windows Pour proteger votre ordinateur, Windows a fermé ce programme : Nom : Generic Host Process for Win32 services Editeur : Microsoft Corporation"
  6. hobbes83
    Bonjour, La galère ............. Pendant la matinée, le virus Trojan-Downloader.Win32.agent a été intercepté 2 fois déjà sous le compte de ma femme, alors que sous le mien, il n'y est plus ...... ça devient pénible ! chemin : C:\System Volume Information\ restore{E9988053-5F0E-A6CA-2B9F............
  7. hobbes83
    Bonjour, Voici le rapport AVP TOOL : Scan ---- Scanned: 1076994 Detected: 1 Untreated: 0 Start time: 08/07/2009 21:27:55 Duration: 03:26:52 Finish time: 09/07/2009 00:54:47 Detected -------- Status Object ------ ------ deleted: Trojan program Trojan-Dropper.Win32.Agent.ajlx File: H:\uxkl0apt.0at Events ------ Time Name Status Reason ---- ---- ------ ------ 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConnectMFCApplication.zip/sbRecovery.reg password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConnectMFCApplication.zip/sbRecovery.ini password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip/sbRecovery.reg password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip/sbRecovery.ini password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip/sbRecovery.reg password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip/sbRecovery.ini password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip/sbRecovery.ini password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip/sbRecovery.reg password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip/sbRecovery.ini password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip/sbRecovery.ini password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar.zip/sbRecovery.reg password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar.zip/sbRecovery.ini password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar1.zip/sbRecovery.reg password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar1.zip/sbRecovery.ini password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MailSkinnerrtk.zip/msksetup.log password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MailSkinnerrtk.zip/sbRecovery.ini password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk.zip/sbRecovery.reg password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk.zip/sbRecovery.ini password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk1.zip/Userdata/languages.xml password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk1.zip/Userdata/pack1.cab password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk1.zip/sbRecovery.ini password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk2.zip/sbRecovery.ini password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk3.zip/nvs2.inf password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk3.zip/sbRecovery.ini password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.reg password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.ini password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip/sbRecovery.reg password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip/sbRecovery.ini password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip/sbRecovery.reg password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip/sbRecovery.ini password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip/sbRecovery.reg password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip/sbRecovery.ini password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip/sbRecovery.reg password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip/sbRecovery.ini password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip/sbRecovery.reg password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip/sbRecovery.ini password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip/sbRecovery.reg password protected 08/07/2009 21:43:11 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip/sbRecovery.ini password protected 08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip/sbRecovery.reg password protected 08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip/sbRecovery.ini password protected 08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip/sbRecovery.reg password protected 08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip/sbRecovery.ini password protected 08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip/sbRecovery.reg password protected 08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip/sbRecovery.ini password protected 08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip/bar/History/search2 password protected 08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip/bar/Settings/s_pid.dat password protected 08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip/sbRecovery.ini password protected 08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip/sbRecovery.reg password protected 08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip/sbRecovery.ini password protected 08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip/sbRecovery.reg password protected 08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip/sbRecovery.ini password protected 08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip/sbRecovery.reg password protected 08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip/sbRecovery.ini password protected 08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/sbRecovery.reg password protected 08/07/2009 21:43:12 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/sbRecovery.ini password protected 08/07/2009 23:06:27 File: H:\uxkl0apt.0at detected Trojan program 'Trojan-Dropper.Win32.Agent.ajlx' 08/07/2009 23:06:27 File: H:\uxkl0apt.0at not disinfected postponed 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConnectMFCApplication.zip/sbRecovery.reg password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConnectMFCApplication.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip/sbRecovery.reg password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip/sbRecovery.reg password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip/sbRecovery.reg password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar.zip/sbRecovery.reg password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar1.zip/sbRecovery.reg password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar1.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MailSkinnerrtk.zip/msksetup.log password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MailSkinnerrtk.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk.zip/sbRecovery.reg password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk1.zip/Userdata/languages.xml password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk1.zip/Userdata/pack1.cab password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk1.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk2.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk3.zip/nvs2.inf password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MessengerSkinnerrtk3.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.reg password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip/sbRecovery.reg password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip/sbRecovery.reg password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip/sbRecovery.reg password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip/sbRecovery.reg password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip/sbRecovery.reg password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip/sbRecovery.reg password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip/sbRecovery.ini password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip/sbRecovery.reg password protected 08/07/2009 23:14:29 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip/sbRecovery.ini password protected 08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip/sbRecovery.reg password protected 08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip/sbRecovery.ini password protected 08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip/sbRecovery.reg password protected 08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip/sbRecovery.ini password protected 08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip/bar/History/search2 password protected 08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip/bar/Settings/s_pid.dat password protected 08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip/sbRecovery.ini password protected 08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip/sbRecovery.reg password protected 08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip/sbRecovery.ini password protected 08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip/sbRecovery.reg password protected 08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip/sbRecovery.ini password protected 08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip/sbRecovery.reg password protected 08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip/sbRecovery.ini password protected 08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/sbRecovery.reg password protected 08/07/2009 23:14:30 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/sbRecovery.ini password protected 09/07/2009 00:37:40 File: H:\uxkl0apt.0at detected Trojan program 'Trojan-Dropper.Win32.Agent.ajlx' 09/07/2009 00:37:40 File: H:\uxkl0apt.0at not disinfected postponed 09/07/2009 00:38:12 File: h:\uxkl0apt.0at detected Trojan program 'Trojan-Dropper.Win32.Agent.ajlx' 09/07/2009 00:54:47 File: h:\uxkl0apt.0at deleted Statistics ---------- Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ --------- Settings -------- Parameter Value --------- ----- Security Level Recommended Action Prompt for action when the scan is complete Run mode Manually File types Scan all files Scan only new and changed files No Scan archives All Scan embedded OLE objects All Skip if object is larger than No Skip if scan takes longer than No Parse email formats No Scan password-protected archives No Enable iChecker technology No Enable iSwift technology No Show detected threats on "Detected" tab Yes Rootkits search Yes Deep rootkits search No Use heuristic analyzer Yes Quarantine ---------- Status Object Size Added ------ ------ ---- ----- Backup ------ Status Object Size ------ ------ ---- Lors du redemarage en mode normal, j'ai eu de nouveau le même msg "Prévention de l'Exécution des Données - Microsoft Windows Pour proteger votre ordinateur, Windows a fermé ce programme : Nom : Generic Host Process for Win32 services Editeur : Microsoft Corporation" J'ai recopié le Contenu du Rapport d'erreurs : C:\DOCUME~1~\Phil\LOCALS~1\Temp\WER3c32.dir00\svchost.exe.mdmp C:\DOCUME~1~\Phil\LOCALS~1\Temp\WER3c32.dir00\appcompat.txt
  8. hobbes83
    Bonjour, Hier soir, a la fermeture du pc, j'ai eu le msg suivant : svchost.exe - Erreur d'application L'instruction à "0x73c723b5" emploie l'adresse mémoire "0x73c723b5". La mémoire ne peut être written ...... ======================================================================= ce matin a l'ouverture du pc, j'ai eu le msg suivant : Prévention de l'Exécution des Données - Microsoft Windows Pour proteger votre ordinateur, Windows a fermé ce programme : Nom : Generic Host Process for Win32 services Editeur : Microsoft Corporation
  9. hobbes83
    [ Rapport ToolsCleaner version 2.3.7 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\Combofix.txt: trouvé ! C:\fixnavi.txt: trouvé ! C:\TB.txt: trouvé ! C:\Qoobox: trouvé ! C:\_OTM: trouvé ! C:\Toolbar SD: trouvé ! C:\Documents and Settings\Phil\Bureau\OTM.exe: trouvé ! C:\Documents and Settings\Phil\Bureau\HijackThis.exe: trouvé ! C:\Documents and Settings\Phil\Bureau\SmitFraudFix.exe: trouvé ! C:\Documents and Settings\Phil\Bureau\ToolBarSD.exe: trouvé ! C:\Documents and Settings\Phil\Bureau\hijackthis.log: trouvé ! C:\Documents and Settings\Phil\Bureau\SmitFraudfix: trouvé ! C:\Documents and Settings\Phil\Mes documents\hijackthis.log: trouvé ! C:\Documents and Settings\Phil\Mes documents\TB.txt: trouvé ! C:\Documents and Settings\Phil\Mes documents\ANTIVIRUS\EliBaglA.exe: trouvé ! C:\Documents and Settings\Phil\Mes documents\ANTIVIRUS\KillBox.exe: trouvé ! C:\Documents and Settings\Phil\Recent\HijackThis.lnk: trouvé ! C:\Program Files\Navilog1: trouvé ! C:\Program Files\Mozilla Firefox\SmitFraudfix: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé ! --------------------------------- --> Suppression: C:\Documents and Settings\Phil\Bureau\OTM.exe: supprimé ! C:\Documents and Settings\Phil\Bureau\HijackThis.exe: supprimé ! C:\Documents and Settings\Phil\Bureau\SmitFraudFix.exe: supprimé ! C:\Documents and Settings\Phil\Bureau\ToolBarSD.exe: supprimé ! C:\Documents and Settings\Phil\Mes documents\ANTIVIRUS\EliBaglA.exe: supprimé ! C:\Documents and Settings\Phil\Mes documents\ANTIVIRUS\KillBox.exe: supprimé ! C:\Documents and Settings\Phil\Recent\HijackThis.lnk: supprimé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé ! C:\Combofix.txt: supprimé ! C:\fixnavi.txt: supprimé ! C:\TB.txt: supprimé ! C:\Documents and Settings\Phil\Bureau\hijackthis.log: supprimé ! C:\Documents and Settings\Phil\Mes documents\hijackthis.log: supprimé ! C:\Documents and Settings\Phil\Mes documents\TB.txt: supprimé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé ! C:\Qoobox: supprimé ! C:\_OTM: supprimé ! C:\Toolbar SD: supprimé ! C:\Documents and Settings\Phil\Bureau\SmitFraudfix: supprimé ! C:\Program Files\Navilog1: supprimé ! C:\Program Files\Mozilla Firefox\SmitFraudfix: supprimé ! C:\Program Files\Trend Micro\HijackThis: supprimé ! Petite question : sur mon bureau, il y a un dossier "backups". Je dois le garder ou m'en débarasser ? Sinon, tout semble être bien réglé ! Un grand merci à vous, ça fait plaisir de tomber sur des gens qui savent de quoi ils parlent ........
  10. hobbes83
    Voilà, désolé, c'était un peu long mais j'avais perdu ma connexion internet. ComboFix 09-07-06.A0 - Phil 07/07/2009 18:40.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.547 [GMT 2:00] Lancé depuis: c:\documents and settings\Phil\Bureau\58392-CF.exe AV: Pack Sécurité 7.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: Pack Sécurité 7.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers ANTIVIRUS.lnk c:\program files\Common c:\recycler\S-1-5-21-1078081533-261903793-725345543-1003 c:\recycler\S-1-5-21-2085569372-5840978-2143118373-1003 c:\recycler\S-1-5-21-3662336652-3632261195-1545365033-1009 c:\windows\Installer\3601dc4.msi c:\windows\Installer\394fe14.msp c:\windows\Installer\394fe2e.msp c:\windows\Installer\6e71b2.msp c:\windows\Installer\6e71bb.msp c:\windows\Installer\6e71cd.msp c:\windows\Installer\6e71e3.msp c:\windows\Installer\6e71f5.msp c:\windows\Installer\WinRMSrv.msi c:\windows\system32\drivers\beep.sys c:\windows\system32\drivers\null.sys c:\windows\system32\tmp.reg D:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2009-06-07 au 2009-07-07 )))))))))))))))))))))))))))))))))))) . 2009-07-06 20:41 . 2009-07-06 20:41 -------- d-----w- C:\_OTM 2009-07-06 13:02 . 2009-07-06 13:14 -------- d-----w- C:\ToolBar SD 2009-07-05 12:56 . 2009-07-05 12:56 -------- d-----w- c:\documents and settings\Phil\Application Data\MSNInstaller 2009-07-04 17:28 . 2009-07-04 17:28 -------- d-----w- c:\documents and settings\Phil\Application Data\Malwarebytes 2009-07-04 17:28 . 2009-07-04 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-19 17:15 . 2009-06-19 17:15 -------- d-----w- c:\program files\Fichiers communs\PCSuite 2009-06-19 17:14 . 2009-06-19 17:14 -------- d-----w- c:\program files\Fichiers communs\Nokia 2009-06-19 17:13 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2009-06-19 17:13 . 2009-06-19 17:13 -------- d-----w- c:\program files\PC Connectivity Solution 2009-06-19 17:10 . 2009-06-19 17:01 33727728 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_fre.exe 2009-06-19 17:08 . 2009-06-19 17:08 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe 2009-06-19 17:08 . 2009-06-19 17:08 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-06-19 17:08 . 2009-06-19 17:08 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe 2009-06-19 17:08 . 2009-06-19 17:08 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-07 08:08 . 2005-08-12 13:20 38994 ----a-w- c:\documents and settings\Phil\Application Data\wklnhst.dat 2009-07-07 07:06 . 2006-11-13 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-07-06 13:24 . 2005-04-26 18:58 79756 ----a-w- c:\windows\system32\perfc00C.dat 2009-07-06 13:24 . 2005-04-26 18:58 478732 ----a-w- c:\windows\system32\perfh00C.dat 2009-07-04 18:28 . 2005-07-30 13:34 138960 ----a-w- c:\documents and settings\Phil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-26 07:03 . 2006-02-02 13:08 -------- d-----w- c:\program files\Pack Securite 2009-06-19 17:39 . 2008-12-30 22:04 -------- d-----w- c:\documents and settings\Phil\Application Data\Nokia 2009-06-19 17:14 . 2008-12-30 22:02 -------- d-----w- c:\program files\Nokia 2009-06-19 17:10 . 2008-12-30 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations 2009-05-29 05:07 . 2008-09-28 12:47 -------- d-----w- c:\documents and settings\Anne\Application Data\U3 2009-05-13 20:12 . 2009-05-13 20:11 -------- d-----w- c:\documents and settings\Phil\Application Data\U3 2009-05-10 08:26 . 2006-11-13 12:53 -------- d-----w- c:\program files\Google 2009-05-07 15:33 . 2005-04-26 18:58 348672 ----a-w- c:\windows\system32\localspl.dll 2009-05-01 06:42 . 2009-04-29 09:10 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-04-29 04:45 . 2005-04-26 18:58 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:45 . 2005-04-26 18:58 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-26 17:51 . 2009-04-26 17:51 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe 2009-04-26 17:51 . 2009-04-26 17:51 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-04-26 17:51 . 2009-04-26 17:51 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe 2009-04-26 17:50 . 2009-04-26 17:51 34227512 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_fre.exe 2009-04-19 19:50 . 2005-04-26 18:58 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-17 04:56 . 2009-04-17 04:56 152576 ----a-w- c:\documents and settings\Phil\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-15 14:53 . 2005-04-26 18:58 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2003-01-13 08:55 . 2005-04-28 17:20 282624 ----a-w- c:\program files\internet explorer\plugins\PanoViewer.dll 1999-04-30 14:00 . 2005-04-28 17:20 98304 ----a-w- c:\program files\internet explorer\plugins\UPjpeg.dll . ------- Sigcheck ------- Erreur des Services de cryptographie !! . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Configuration de la neuf Box"="c:\program files\neuf telecom\neuf Box\Wizard\QuickAccess.exe" [2005-12-13 389120] "LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-12 1414144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-30 5898240] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-03-30 86016] "PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2005-04-18 127118] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016] "AntivirusRegistration"="c:\program files\CA\Etrust Antivirus\Register.exe" [2005-01-31 458752] "EPSON Stylus DX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304] "F-Secure Manager"="c:\program files\Pack Securite\Common\FSM32.EXE" [2007-04-26 183208] "F-Secure TNB"="c:\program files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 740208] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2003-03-18 4608] "CHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2004-12-08 550912] "ledpointer"="CNYHKey.exe" - c:\windows\CNYHKey.exe [2004-03-02 5576704] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-5-31 118784] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"= c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"= c:\program files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "c:\\Program Files\\AOL 9.0\\waol.exe"= c:\program files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 "%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 "c:\\Program Files\\MSN Messenger\\msncall.exe"= c:\program files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= c:\program files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "c:\\Program Files\\MSN Messenger\\livecall.exe"= c:\program files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP"= 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media "10280:UDP"= 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media "10281:UDP"= 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media "10282:UDP"= 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media "10283:UDP"= 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media "10284:UDP"= 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 "c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= c:\program files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema "c:\\Program Files\\LimeWire\\LimeWire.exe"= c:\program files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP"= 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media "10280:UDP"= 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media "10281:UDP"= 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media "10282:UDP"= 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media "10283:UDP"= 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media "10284:UDP"= 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [07/03/2008 10:57 51072] R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [28/04/2005 15:44 16640] R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [12/09/2005 08:37 4064] R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Pack Securite\HIPS\fshs.sys [07/03/2008 10:56 41184] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [28/04/2005 16:36 666368] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [30/05/2007 11:20 77824] R3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;c:\windows\system32\drivers\IMT0521.sys [28/04/2005 16:57 34825] S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [28/04/2005 16:57 63608] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Pack Securite\Anti-Virus\win2k\fsfilter.sys [07/03/2008 10:56 40048] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Pack Securite\Anti-Virus\win2k\fsrec.sys [07/03/2008 10:56 25456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HTTPFilter REG_MULTI_SZ HTTPFilter DcomLaunch REG_MULTI_SZ DcomLaunch TermService bthsvcs REG_MULTI_SZ BthServ WudfServiceGroup REG_MULTI_SZ WUDFSvc eapsvcs REG_MULTI_SZ eaphost dot3svc REG_MULTI_SZ dot3svc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService Alerter LmHosts [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Tâches planifiées' 2009-07-07 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-12 11:33] . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-ASuite - m:\ia83\g.exe HKLM-Run-OEM-Reset - (no file) . ------- Examen supplémentaire ------- . mWindow Title = IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Post Image to Blog - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5003 IE: Tag This Image - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5002 IE: Upload All Images to ImageShack - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5000 IE: Upload Image to ImageShack - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5001 LSP: c:\program files\Pack Securite\FSPS\program\fslsp.dll Trusted Zone: imageshack.us\toolbar FF - ProfilePath - c:\documents and settings\Phil\Application Data\Mozilla\Firefox\Profiles\6kazoxve.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://fr.yahoo.com/ FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Picasa2\npPicasa2.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-07 18:50 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}] @Denied: (A 2) (Everyone) @="FlashProp Class" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9b.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,c7,be,cf,9f,52, 47,d7,bb,e2,63,26,f1,3f,c8,ff,68,10,83,ec,3b,17,35,66,21,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,4c,1f,27,0b,30, e7,f1,01,6a,9c,d6,61,af,45,84,18,2b,13,a9,ea,56,18,3e,a9,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,26,c8,2a,d3,25, 5d,6f,ce,ff,7c,85,e0,43,d4,0e,fe,56,fd,7a,34,47,32,09,01,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,35,8e,8e,e1,69, 89,ef,79,86,8c,21,01,be,91,eb,e7,eb,ad,aa,14,4d,b2,27,6a,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,82,ed,e2,f3,eb, e3,3b,4c,f5,1d,4d,73,a8,13,5c,05,d4,5f,61,b9,d6,16,f3,08,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version] @Denied: (A) (Everyone) "{21701DD0-9D7E-43f7-A1B2-E92ED6E90A51}"=hex:9b,33,81,af,f2,af,a5,9e,4a,57,f7, 1c,55,9e,d0,fa,75,ed,b9,75,f0,e2,86,af,43,12,c7,01 [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,f5,8d,f5,58,92, 3d,18,41,df,20,58,62,78,6b,cf,c8,86,c6,71,76,c9,2c,95,bc,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,2d,27,10,2a,09, ab,5f,23,fb,a7,78,e6,12,2f,9a,ea,0f,f6,8e,c3,8b,86,82,dd,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,ab,dd,bc,4d,57, 86,53,ab,01,3a,48,fc,e8,04,4a,f1,1a,da,d2,e4,7d,48,73,8e,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,dd,0b,a2,1a,68, d7,7b,e0,f6,0f,4e,58,98,5b,89,c9,07,ac,3d,64,e6,b2,b3,53,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,16,8c,98,cf,32, e8,30,79,3d,ce,ea,26,2d,45,aa,78,68,3d,b4,34,96,a7,c8,ea,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,0a,72,9a,a0,95, f2,04,85,2a,b7,cc,b5,b9,7f,41,e7,70,c7,19,44,c3,d8,ef,69,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,8f,73,df,11,d4, 22,97,32,6c,43,2d,1e,aa,22,2f,9c,9d,62,85,32,ca,bf,b4,2e,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" [HKEY_LOCAL_MACHINE\softwareSoftware\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2916) c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\scardsvr.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\progra~1\PACKSE~1\Common\FSM32.EXE c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\program files\Pack Securite\Anti-Virus\fsgk32st.exe c:\program files\Pack Securite\Common\FSMA32.EXE c:\program files\Pack Securite\Anti-Virus\fsgk32.exe c:\program files\Pack Securite\Common\FSMB32.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Pack Securite\Common\FCH32.EXE c:\program files\Pack Securite\Common\FAMEH32.EXE c:\program files\Pack Securite\Anti-Virus\fsqh.exe c:\program files\Pack Securite\FSPC\fspc.exe c:\program files\Pack Securite\FSGUI\fsguidll.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\Pack Securite\FSAUA\program\fsaua.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\Pack Securite\Anti-Virus\fssm32.exe c:\program files\Pack Securite\FWES\program\fsdfwd.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\program files\Pack Securite\FSAUA\program\fsus.exe c:\program files\Pack Securite\Anti-Virus\fsav32.exe . ************************************************************************** . Heure de fin: 2009-07-07 18:54 - La machine a redémarré ComboFix-quarantined-files.txt 2009-07-07 16:54 Avant-CF: 260 878 680 064 octets libres Après-CF: 260 862 525 440 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect 413 --- E O F --- 2009-06-12 16:01
  11. hobbes83
    Je viens d'avoir une nouvelle attaque : Trojan-Downloader.Win32.Agent.chqe Mon antivirus ne peut pas le nettoyer car lui aussi se renomme tout seul. J'ai fait un scan Hijack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:56:09, on 07/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe C:\Program Files\Pack Securite\Common\FSMA32.EXE C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Pack Securite\Common\FSMB32.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Pack Securite\Common\FCH32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\Pack Securite\Common\FAMEH32.EXE C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe C:\Program Files\Pack Securite\FSPC\fspc.exe C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe C:\Program Files\Pack Securite\FSAUA\program\fsus.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\carpserv.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Program Files\CyberLink\PowerCinema\PCMService.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE C:\Program Files\Pack Securite\Common\FSM32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\Pack Securite\FSGUI\fsguidll.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\winlogon.exe C:\Documents and Settings\Phil\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [ASuite] M:\IA83\g.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-21-3662336652-3632261195-1545365033-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Anne') O4 - HKUS\S-1-5-21-3662336652-3632261195-1545365033-1007\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min (User 'Anne') O4 - HKUS\S-1-5-21-3662336652-3632261195-1545365033-1007\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Anne') O4 - HKUS\S-1-5-21-3662336652-3632261195-1545365033-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Anne') O4 - HKUS\S-1-5-21-3662336652-3632261195-1545365033-1007\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 (User 'Anne') O4 - HKUS\S-1-5-21-3662336652-3632261195-1545365033-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Anne') O4 - HKUS\S-1-5-21-3662336652-3632261195-1545365033-1007\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden (User 'Anne') O4 - HKUS\S-1-5-21-3662336652-3632261195-1545365033-1007\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Anne') O4 - HKUS\S-1-5-21-3662336652-3632261195-1545365033-1007\..\Run: [Cognac] C:\DOCUME~1\Anne\LOCALS~1\Temp\3.tmp.exe (User 'Anne') O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003 O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001 O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1114722192187 O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 12055 bytes
  12. hobbes83
    SystemLook v1.0 by jpshortstuff (22.05.09) Log created at 11:51 on 07/07/2009 by Phil (Administrator - Elevation successful) ========== reg ========== ========== file ========== ========== regfind ========== Searching for "{2AB289AE-4B90-4281-B2AE-1F4BB034B647}" No data found. -=End Of File=-
  13. hobbes83
    All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temporary Internet Files folder emptied: 281690 bytes User: Administrateur.NOM-51BDF214662 ->Temporary Internet Files folder emptied: 281690 bytes User: Administrateur.NOM-51BDF214662.000 ->Temporary Internet Files folder emptied: 281690 bytes User: Administrateur.NOM-51BDF214662.001 ->Temporary Internet Files folder emptied: 270949 bytes User: All Users User: Anne ->Temp folder emptied: 193111882 bytes ->Temporary Internet Files folder emptied: 299724553 bytes ->Java cache emptied: 12751723 bytes ->FireFox cache emptied: 13290520 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 98304 bytes User: Gaby ->Temporary Internet Files folder emptied: 154578957 bytes User: Invité ->Temp folder emptied: 380116 bytes ->Temporary Internet Files folder emptied: 46107946 bytes ->FireFox cache emptied: 23658882 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 16835133 bytes User: lol ->Temp folder emptied: 7804 bytes ->Temporary Internet Files folder emptied: 810590 bytes User: lol.NOM-51BDF214662 ->Temp folder emptied: 7977 bytes ->Temporary Internet Files folder emptied: 12749447 bytes User: NetworkService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 1632945 bytes User: Phil ->Temp folder emptied: 30008368 bytes ->Temporary Internet Files folder emptied: 369492371 bytes ->Java cache emptied: 13627676 bytes ->FireFox cache emptied: 49684032 bytes ->Google Chrome cache emptied: 6268509 bytes User: Propriétaire %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 2676224 bytes Windows Temp folder emptied: 26229506 bytes RecycleBin emptied: 1698173400 bytes Total Files Cleaned = -1260,69 mb OTM by OldTimer - Version 3.0.0.4 log created on 07062009_224148
  14. hobbes83
    SmitFraudFix v2.423 Rapport fait à 21:45:51,39, 06/07/2009 Executé à partir de C:\Documents and Settings\Phil\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{43A2B3DE-48C5-4CAA-B4F6-2BAE65B91AC3}: DhcpNameServer=172.16.0.3 HKLM\SYSTEM\CCS\Services\Tcpip\..\{7CB0043D-56D0-4AAF-932A-EE69C7A2447E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{43A2B3DE-48C5-4CAA-B4F6-2BAE65B91AC3}: DhcpNameServer=172.16.0.3 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7CB0043D-56D0-4AAF-932A-EE69C7A2447E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{43A2B3DE-48C5-4CAA-B4F6-2BAE65B91AC3}: DhcpNameServer=172.16.0.3 HKLM\SYSTEM\CS2\Services\Tcpip\..\{7CB0043D-56D0-4AAF-932A-EE69C7A2447E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{43A2B3DE-48C5-4CAA-B4F6-2BAE65B91AC3}: DhcpNameServer=172.16.0.3 HKLM\SYSTEM\CS3\Services\Tcpip\..\{7CB0043D-56D0-4AAF-932A-EE69C7A2447E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK.2 »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin VOICI LE NOUVEAU RAPPORT HIJACK : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:03:39, on 06/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Pack Securite\Common\FSMA32.EXE C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Pack Securite\Common\FSMB32.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Pack Securite\Common\FCH32.EXE C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\Pack Securite\Common\FAMEH32.EXE C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe C:\Program Files\Pack Securite\FSPC\fspc.exe C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Pack Securite\FSAUA\program\fsus.exe C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\carpserv.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Program Files\CyberLink\PowerCinema\PCMService.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE C:\Program Files\Pack Securite\Common\FSM32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Pack Securite\FSGUI\fsguidll.exe C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLUPnPBrowser.exe C:\Documents and Settings\Phil\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [ASuite] M:\IA83\g.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003 O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001 O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1114722192187 O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 10744 bytes
  15. hobbes83
    SmitFraudFix v2.423 Rapport fait à 21:34:22,28, 06/07/2009 Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe C:\Program Files\Pack Securite\Common\FSMA32.EXE C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Pack Securite\Common\FSMB32.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Pack Securite\Common\FCH32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\Pack Securite\Common\FAMEH32.EXE C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe C:\Program Files\Pack Securite\FSPC\fspc.exe C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe C:\Program Files\Pack Securite\FSAUA\program\fsus.exe C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\carpserv.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Program Files\CyberLink\PowerCinema\PCMService.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE C:\Program Files\Pack Securite\Common\FSM32.EXE C:\Program Files\Pack Securite\FSGUI\fsguidll.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Phil »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Phil\LOCALS~1\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Phil\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Phil\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," »»»»»»»»»»»»»»»»»»»»»»»» RK [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets DNS Server Search Order: 172.16.0.3 Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{43A2B3DE-48C5-4CAA-B4F6-2BAE65B91AC3}: DhcpNameServer=172.16.0.3 HKLM\SYSTEM\CCS\Services\Tcpip\..\{7CB0043D-56D0-4AAF-932A-EE69C7A2447E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{43A2B3DE-48C5-4CAA-B4F6-2BAE65B91AC3}: DhcpNameServer=172.16.0.3 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7CB0043D-56D0-4AAF-932A-EE69C7A2447E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{43A2B3DE-48C5-4CAA-B4F6-2BAE65B91AC3}: DhcpNameServer=172.16.0.3 HKLM\SYSTEM\CS2\Services\Tcpip\..\{7CB0043D-56D0-4AAF-932A-EE69C7A2447E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{43A2B3DE-48C5-4CAA-B4F6-2BAE65B91AC3}: DhcpNameServer=172.16.0.3 HKLM\SYSTEM\CS3\Services\Tcpip\..\{7CB0043D-56D0-4AAF-932A-EE69C7A2447E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll ................. et le nouveau rapport Hijack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:03:39, on 06/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Pack Securite\Common\FSMA32.EXE C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Pack Securite\Common\FSMB32.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Pack Securite\Common\FCH32.EXE C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\Pack Securite\Common\FAMEH32.EXE C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe C:\Program Files\Pack Securite\FSPC\fspc.exe C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Pack Securite\FSAUA\program\fsus.exe C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\carpserv.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Program Files\CyberLink\PowerCinema\PCMService.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE C:\Program Files\Pack Securite\Common\FSM32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Pack Securite\FSGUI\fsguidll.exe C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLUPnPBrowser.exe C:\Documents and Settings\Phil\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [ASuite] M:\IA83\g.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003 O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001 O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1114722192187 O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 10744 bytes »»»»»»»»»»»»»»»»»»»»»»»» Fin
×
×
  • Créer...