Aller au contenu

samix31

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    8

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par samix31

  1. samix31
    franchement une grand merci a toi et a tous ceux qui gere le site .mon pc tourne bien tu ma tres bien aider, sur tout que je connaissais pas les cracks ou keygens qui passent inapercu pour l anti virus et on s en rend-compte une fois foi que l on est bien infecté. En tous cas maintenant mac fee ne fait ples les petit bug et plus de debordement de mémoire tampon... . je penser que vous pouvez mettre RESOLU merci beaucoup a plus
  2. samix31
    salut mark dsésoler pour avoir tarde dans ma reponse mais je me remetter d une soirée bien arrosé.. ....et ne t inkiete je garde courage grace a toi .En se qui concerne le pc ben je pense que le travail fait lui a fait du bien puisque je n est plus de debordement de memoire tampon , pc est stable. Mac fee marce normalement dans la derniere analyse il detect un chevale de troie: artemis! 9C9BFF5C9E31 fichier: C:/SYSTEME VOLUME INFORMATION\_RESTORE.EXE .mise en quarataine mais ne propose pas de le supprimer voici le log ComboFix 09-08-07.09 - sam 09/08/2009 0:04.5.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1443 [GMT 2:00] Running from: c:\documents and settings\sam\Bureau\ComboFix.exe Comand switches used :: c:\documents and settings\sam\Bureau\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FILE :: "c:\windows\system32\drivers\443da05d.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\sam\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp c:\documents and settings\sam\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp c:\windows\TEMP\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_443da05d ((((((((((((((((((((((((( Files Created from 2009-07-08 to 2009-08-08 ))))))))))))))))))))))))))))))) . 2009-08-06 18:00 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-06 18:00 . 2009-08-06 18:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-06 18:00 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-05 23:06 . 2009-08-05 23:06 -------- d-----w- c:\documents and settings\sam\Application Data\Malwarebytes 2009-08-05 23:06 . 2009-08-05 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-05 23:02 . 2009-08-05 23:02 -------- d-----w- c:\program files\Trend Micro 2009-08-05 21:48 . 2009-08-05 21:48 619296 ----a-w- c:\windows\system32\dllcache\ntfs.sys 2009-07-29 17:48 . 2009-07-29 17:48 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\vdownloader 2009-07-29 17:46 . 2009-07-29 17:47 -------- d-----w- c:\documents and settings\sam\Application Data\Desktopicon 2009-07-29 17:45 . 2009-07-29 17:46 -------- d-----w- c:\program files\VDOWNLOADER 2009-07-28 15:19 . 2009-07-28 15:19 8854 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\UNINST_Uninstall_C_A37A26D584444862933B478371D0299D.exe 2009-07-28 15:19 . 2009-07-28 15:19 53248 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\NewShortcut11_A37A26D584444862933B478371D0299D.exe 2009-07-28 15:19 . 2009-07-28 15:19 53248 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\NewShortcut1_A37A26D584444862933B478371D0299D.exe 2009-07-28 15:19 . 2009-07-28 15:19 10134 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\ARPPRODUCTICON.exe 2009-07-28 15:18 . 2009-07-28 15:18 -------- d-----w- c:\program files\Micro Application 2009-07-28 15:18 . 2009-07-28 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Micro Application 2009-07-27 20:27 . 2009-08-07 12:42 1445576 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-07-27 20:27 . 2009-07-27 20:27 -------- d-----w- c:\program files\MSBuild 2009-07-27 20:26 . 2009-07-27 20:28 -------- d-----w- c:\windows\system32\XPSViewer 2009-07-27 20:26 . 2009-07-27 20:26 -------- d-----w- c:\program files\Reference Assemblies 2009-07-27 20:26 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll 2009-07-20 16:36 . 2009-07-20 16:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Recherche_France 2009-07-20 16:36 . 2009-07-20 16:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-07-14 16:26 . 2009-07-15 21:36 -------- d-----w- c:\documents and settings\sam\Application Data\Apple Computer 2009-07-14 16:25 . 2009-07-14 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-14 16:25 . 2009-07-14 16:25 -------- d-----w- c:\program files\Bonjour 2009-07-14 16:24 . 2009-07-15 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-07-14 16:24 . 2009-07-14 16:24 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Apple 2009-07-14 16:24 . 2009-07-14 16:24 -------- d-----w- c:\program files\Apple Software Update 2009-07-14 16:24 . 2009-06-05 09:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-14 16:24 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-07-14 16:24 . 2009-07-15 21:58 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-07-14 16:24 . 2009-07-14 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-07-14 16:23 . 2009-07-14 16:26 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Apple Computer 2009-07-14 16:08 . 2001-08-23 15:47 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-07-14 16:08 . 2008-04-14 02:33 159232 ----a-w- c:\windows\system32\ptpusd.dll 2009-07-11 10:47 . 2009-07-11 10:52 -------- d-----w- c:\program files\eMule 2009-07-11 10:43 . 2009-07-11 10:48 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Recherche_France 2009-07-11 10:43 . 2009-07-11 10:44 -------- d-----w- c:\program files\Recherche_France 2009-07-11 10:43 . 2009-07-11 10:43 -------- d-----w- c:\program files\Conduit 2009-07-11 10:43 . 2009-07-11 10:43 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Conduit . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-08 22:10 . 2008-10-08 10:19 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2009-08-08 22:10 . 2008-12-10 18:28 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2009-08-08 03:04 . 2008-10-08 12:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-08-06 18:38 . 2007-01-11 02:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-06 11:44 . 2008-11-30 23:02 172 ----a-w- c:\documents and settings\sam\Application Data\wklnhst.dat 2009-08-03 12:06 . 2009-04-13 11:56 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-28 15:02 . 2007-01-11 02:22 50704 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-27 20:27 . 2005-09-01 05:53 94570 ----a-w- c:\windows\system32\perfc00C.dat 2009-07-27 20:27 . 2005-09-01 05:53 534790 ----a-w- c:\windows\system32\perfh00C.dat 2009-07-11 08:51 . 2007-01-11 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-07-10 16:37 . 2007-01-11 02:18 -------- d-----w- c:\program files\McAfee 2009-07-03 16:57 . 2005-09-01 05:53 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-16 14:40 . 2005-09-01 05:53 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2005-09-01 05:53 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-12 15:28 . 2008-10-20 17:18 -------- d-----w- c:\program files\Windows Desktop Search 2009-06-11 21:40 . 2007-01-11 02:14 -------- d-----w- c:\program files\Microsoft Works 2009-06-03 19:10 . 2005-09-01 05:53 1297408 ----a-w- c:\windows\system32\quartz.dll 2009-05-24 22:24 . 2008-05-26 20:18 350208 ------w- c:\windows\system32\mssph.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-07_12.46.13 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-08 22:10 . 2009-08-08 22:10 16384 c:\windows\Temp\Perflib_Perfdata_ab0.dat - 2008-10-07 20:37 . 2009-08-07 10:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-10-07 20:37 . 2009-08-08 21:57 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-10-07 20:37 . 2009-08-07 10:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-10-07 20:37 . 2009-08-08 21:57 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - 2008-10-07 20:37 . 2009-08-07 10:31 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-10-07 20:37 . 2009-08-08 21:57 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2001-07-14 15:32 . 2001-07-14 15:32 69632 c:\windows\setupupd\temp\wsdueng.dll + 2009-08-08 22:08 . 2009-08-08 22:08 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat + 2009-08-08 22:08 . 2009-08-08 22:08 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat + 2005-09-01 05:53 . 2008-04-13 19:15 574976 c:\windows\system32\drivers\ntfs.sys + 2009-08-08 22:08 . 2009-08-08 22:08 241664 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT + 2009-08-08 22:08 . 2009-08-08 22:08 167936 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat + 2009-08-08 22:08 . 2009-08-08 22:08 237568 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT + 2009-08-08 22:08 . 2009-08-08 22:08 3399680 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776] "MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528] "Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2005-12-12 143360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-11 68856] "SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-09-24 206064] "SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2005-06-17 126976] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864] "Fnac"="c:\program files\Fnac\Fnac.exe" [2009-02-26 933984] "MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2006-06-29 1355042] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-12-20 28160] c:\documents and settings\sam\Menu D‚marrer\Programmes\D‚marrage\ Logitech . Enregistrement du produit.lnk - c:\program files\Logitech\QuickCam\eReg.exe [2008-11-7 517384] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2006-04-27 10:30 53248 ----a-w- c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWlgn.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKLM\~\startupfolder\c:^documents and settings^all users^menu démarrer^programmes^démarrage^windows search.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe"= "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowRedirect"= 1 (0x1) R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [20/10/2008 20:53 206096] S3 SaiH040C;SaiH040C;c:\windows\system32\drivers\SaiH040C.sys [20/10/2008 13:13 173568] S3 SaiU040C;SaiU040C;c:\windows\system32\drivers\SaiU040C.sys [20/10/2008 13:14 26496] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-07-14 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-20 09:53] 2009-07-31 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-20 09:53] 2009-08-08 c:\windows\Tasks\User_Feed_Synchronization-{5BACF148-8408-4BB3-88B4-4E1A9E73E6A6}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm Trusted Zone: fnac.com\vod Trusted Zone: internet Trusted Zone: mcafee.com DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-09 00:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3986726973-1251003844-3652515452-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(824) c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(8904) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\ieframe.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe c:\program files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE c:\windows\system32\rundll32.exe c:\docume~1\sam\LOCALS~1\Temp\clclean.0001 c:\windows\system32\rundll32.exe c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe c:\program files\HP\Digital Imaging\bin\hpqimzone.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Dell Network Assistant\hnm_svc.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\FICHIE~1\McAfee\MNA\McNASvc.exe c:\progra~1\FICHIE~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\McAfee\MSK\msksrver.exe c:\windows\system32\nvsvc32.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\searchindexer.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\wscntfy.exe c:\windows\system32\dllhost.exe . ************************************************************************** . Completion time: 2009-08-08 0:15 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-08 22:15 ComboFix2.txt 2009-08-07 17:54 ComboFix3.txt 2009-08-07 13:57 ComboFix4.txt 2009-08-07 12:49 Pre-Run: 202 851 196 928 octets libres Post-Run: 202 845 175 808 octets libres 293 --- E O F --- 2009-08-02 13:00
  3. samix31
    voila j ai installer muellement la console depuis mon cd .puis desactiver mac fee et lancer combofix pas probleme particulier si ce n est q uil me change fond d ecran ...iol doit pas aimer l ancien lol ..voici le log ComboFix 09-08-06.01 - sam 07/08/2009 19:45.4.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1405 [GMT 2:00] Running from: c:\documents and settings\sam\Bureau\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\sam\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp c:\documents and settings\sam\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp c:\windows\TEMP\logishrd\LVPrcInj01.dll Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\ntfs.sys . ((((((((((((((((((((((((( Files Created from 2009-07-07 to 2009-08-07 ))))))))))))))))))))))))))))))) . 2009-08-06 18:00 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-06 18:00 . 2009-08-06 18:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-06 18:00 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-05 23:06 . 2009-08-05 23:06 -------- d-----w- c:\documents and settings\sam\Application Data\Malwarebytes 2009-08-05 23:06 . 2009-08-05 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-05 23:02 . 2009-08-05 23:02 -------- d-----w- c:\program files\Trend Micro 2009-08-05 21:48 . 2009-08-05 21:48 619296 ----a-w- c:\windows\system32\dllcache\ntfs.sys 2009-07-29 17:48 . 2009-07-29 17:48 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\vdownloader 2009-07-29 17:46 . 2009-07-29 17:47 -------- d-----w- c:\documents and settings\sam\Application Data\Desktopicon 2009-07-29 17:45 . 2009-07-29 17:46 -------- d-----w- c:\program files\VDOWNLOADER 2009-07-28 15:19 . 2009-07-28 15:19 8854 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\UNINST_Uninstall_C_A37A26D584444862933B478371D0299D.exe 2009-07-28 15:19 . 2009-07-28 15:19 53248 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\NewShortcut11_A37A26D584444862933B478371D0299D.exe 2009-07-28 15:19 . 2009-07-28 15:19 53248 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\NewShortcut1_A37A26D584444862933B478371D0299D.exe 2009-07-28 15:19 . 2009-07-28 15:19 10134 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\ARPPRODUCTICON.exe 2009-07-28 15:18 . 2009-07-28 15:18 -------- d-----w- c:\program files\Micro Application 2009-07-28 15:18 . 2009-07-28 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Micro Application 2009-07-27 20:27 . 2009-08-07 12:42 1445576 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-07-27 20:27 . 2009-07-27 20:27 -------- d-----w- c:\program files\MSBuild 2009-07-27 20:26 . 2009-07-27 20:28 -------- d-----w- c:\windows\system32\XPSViewer 2009-07-27 20:26 . 2009-07-27 20:26 -------- d-----w- c:\program files\Reference Assemblies 2009-07-27 20:26 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll 2009-07-20 16:36 . 2009-07-20 16:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Recherche_France 2009-07-20 16:36 . 2009-07-20 16:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-07-14 16:26 . 2009-07-15 21:36 -------- d-----w- c:\documents and settings\sam\Application Data\Apple Computer 2009-07-14 16:25 . 2009-07-14 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-14 16:25 . 2009-07-14 16:25 -------- d-----w- c:\program files\Bonjour 2009-07-14 16:24 . 2009-07-15 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-07-14 16:24 . 2009-07-14 16:24 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Apple 2009-07-14 16:24 . 2009-07-14 16:24 -------- d-----w- c:\program files\Apple Software Update 2009-07-14 16:24 . 2009-06-05 09:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-14 16:24 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-07-14 16:24 . 2009-07-15 21:58 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-07-14 16:24 . 2009-07-14 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-07-14 16:23 . 2009-07-14 16:26 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Apple Computer 2009-07-14 16:08 . 2001-08-23 15:47 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-07-14 16:08 . 2008-04-14 02:33 159232 ----a-w- c:\windows\system32\ptpusd.dll 2009-07-11 10:47 . 2009-07-11 10:52 -------- d-----w- c:\program files\eMule 2009-07-11 10:43 . 2009-07-11 10:48 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Recherche_France 2009-07-11 10:43 . 2009-07-11 10:44 -------- d-----w- c:\program files\Recherche_France 2009-07-11 10:43 . 2009-07-11 10:43 -------- d-----w- c:\program files\Conduit 2009-07-11 10:43 . 2009-07-11 10:43 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Conduit . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-07 17:49 . 2008-10-08 10:19 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2009-08-07 17:49 . 2008-12-10 18:28 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2009-08-06 18:38 . 2007-01-11 02:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-06 11:44 . 2008-11-30 23:02 172 ----a-w- c:\documents and settings\sam\Application Data\wklnhst.dat 2009-08-05 22:21 . 2008-10-08 12:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-08-03 12:06 . 2009-04-13 11:56 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-28 15:02 . 2007-01-11 02:22 50704 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-27 20:27 . 2005-09-01 05:53 94570 ----a-w- c:\windows\system32\perfc00C.dat 2009-07-27 20:27 . 2005-09-01 05:53 534790 ----a-w- c:\windows\system32\perfh00C.dat 2009-07-11 08:51 . 2007-01-11 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-07-10 16:37 . 2007-01-11 02:18 -------- d-----w- c:\program files\McAfee 2009-07-03 16:57 . 2005-09-01 05:53 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-16 14:40 . 2005-09-01 05:53 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2005-09-01 05:53 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-12 15:28 . 2008-10-20 17:18 -------- d-----w- c:\program files\Windows Desktop Search 2009-06-11 21:40 . 2007-01-11 02:14 -------- d-----w- c:\program files\Microsoft Works 2009-06-03 19:10 . 2005-09-01 05:53 1297408 ----a-w- c:\windows\system32\quartz.dll 2009-05-24 22:24 . 2008-05-26 20:18 350208 ------w- c:\windows\system32\mssph.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-07_12.46.13 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-07 17:50 . 2009-08-07 17:50 16384 c:\windows\Temp\Perflib_Perfdata_a90.dat + 2008-10-07 20:37 . 2009-08-07 17:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-10-07 20:37 . 2009-08-07 10:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-10-07 20:37 . 2009-08-07 10:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-10-07 20:37 . 2009-08-07 17:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - 2008-10-07 20:37 . 2009-08-07 10:31 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-10-07 20:37 . 2009-08-07 17:45 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2001-07-14 15:32 . 2001-07-14 15:32 69632 c:\windows\setupupd\temp\wsdueng.dll + 2005-09-01 05:53 . 2008-04-13 19:15 574976 c:\windows\system32\drivers\ntfs.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776] "MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528] "Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2005-12-12 143360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-11 68856] "SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-09-24 206064] "SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2005-06-17 126976] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864] "Fnac"="c:\program files\Fnac\Fnac.exe" [2009-02-26 933984] "MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2006-06-29 1355042] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-12-20 28160] c:\documents and settings\sam\Menu D‚marrer\Programmes\D‚marrage\ Logitech . Enregistrement du produit.lnk - c:\program files\Logitech\QuickCam\eReg.exe [2008-11-7 517384] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2006-04-27 10:30 53248 ----a-w- c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWlgn.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKLM\~\startupfolder\c:^documents and settings^all users^menu démarrer^programmes^démarrage^windows search.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe"= "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowRedirect"= 1 (0x1) R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [20/10/2008 20:53 206096] S1 443da05d;443da05d;c:\windows\system32\drivers\443da05d.sys --> c:\windows\system32\drivers\443da05d.sys [?] S3 SaiH040C;SaiH040C;c:\windows\system32\drivers\SaiH040C.sys [20/10/2008 13:13 173568] S3 SaiU040C;SaiU040C;c:\windows\system32\drivers\SaiU040C.sys [20/10/2008 13:14 26496] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-07-14 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-20 09:53] 2009-07-31 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-20 09:53] 2009-08-07 c:\windows\Tasks\User_Feed_Synchronization-{5BACF148-8408-4BB3-88B4-4E1A9E73E6A6}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm Trusted Zone: fnac.com\vod Trusted Zone: internet Trusted Zone: mcafee.com DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-07 19:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3986726973-1251003844-3652515452-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(832) c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll c:\windows\system32\COMRes.dll - - - - - - - > 'explorer.exe'(8896) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\ieframe.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe c:\program files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE c:\windows\system32\rundll32.exe c:\docume~1\sam\LOCALS~1\Temp\clclean.0001 c:\windows\system32\rundll32.exe c:\program files\HP\Digital Imaging\bin\hpqimzone.exe c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Dell Network Assistant\hnm_svc.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\FICHIE~1\McAfee\MNA\McNASvc.exe c:\progra~1\FICHIE~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\McAfee\MSK\msksrver.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\windows\ehome\mcrdsvc.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\windows\system32\searchindexer.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\wscntfy.exe c:\windows\system32\dllhost.exe . ************************************************************************** . Completion time: 2009-08-07 19:54 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-07 17:54 ComboFix2.txt 2009-08-07 13:57 ComboFix3.txt 2009-08-07 12:49 Pre-Run: 202 969 075 712 octets libres Post-Run: 202 922 405 888 octets libres 285 --- E O F --- 2009-08-02 13:00
  4. samix31
    ok je patiente merci de ton aide
  5. samix31
    voici le rappot demander: ComboFix 09-08-06.01 - sam 07/08/2009 14:37.1.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1448 [GMT 2:00] Running from: c:\documents and settings\sam\Mes documents\Mes fichiers reçus\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\sam\LOCALS~1\Temp\clclean.0001.dir.0001\~df394b.tmp c:\documents and settings\sam\Application Data\wiaserva.log c:\documents and settings\sam\Local Settings\Temp\clclean.0001.dir.0001\~df394b.tmp c:\documents and settings\sam\oashdihasidhasuidhiasdhiashdiuasdhasd c:\windows\config.ini c:\windows\struct~.ini c:\windows\system32\3PkSGj4P.exe.a_a c:\windows\system32\Data c:\windows\system32\drivers\ati64si.sys c:\windows\system32\Nx.exe c:\windows\TEMP\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ati64si -------\Legacy_port135sik -------\Service_ati64si -------\Service_i386si ((((((((((((((((((((((((( Files Created from 2009-07-07 to 2009-08-07 ))))))))))))))))))))))))))))))) . 2009-08-06 18:00 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-06 18:00 . 2009-08-06 18:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-06 18:00 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-05 23:06 . 2009-08-05 23:06 -------- d-----w- c:\documents and settings\sam\Application Data\Malwarebytes 2009-08-05 23:06 . 2009-08-05 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-05 23:02 . 2009-08-05 23:02 -------- d-----w- c:\program files\Trend Micro 2009-08-05 21:48 . 2009-08-05 21:48 619296 ----a-w- c:\windows\system32\dllcache\ntfs.sys 2009-07-29 17:48 . 2009-07-29 17:48 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\vdownloader 2009-07-29 17:46 . 2009-07-29 17:47 -------- d-----w- c:\documents and settings\sam\Application Data\Desktopicon 2009-07-29 17:45 . 2009-07-29 17:46 -------- d-----w- c:\program files\VDOWNLOADER 2009-07-28 15:19 . 2009-07-28 15:19 8854 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\UNINST_Uninstall_C_A37A26D584444862933B478371D0299D.exe 2009-07-28 15:19 . 2009-07-28 15:19 53248 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\NewShortcut11_A37A26D584444862933B478371D0299D.exe 2009-07-28 15:19 . 2009-07-28 15:19 53248 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\NewShortcut1_A37A26D584444862933B478371D0299D.exe 2009-07-28 15:19 . 2009-07-28 15:19 10134 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\ARPPRODUCTICON.exe 2009-07-28 15:18 . 2009-07-28 15:18 -------- d-----w- c:\program files\Micro Application 2009-07-28 15:18 . 2009-07-28 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Micro Application 2009-07-27 20:27 . 2009-08-07 12:42 1445576 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-07-27 20:27 . 2009-07-27 20:27 -------- d-----w- c:\program files\MSBuild 2009-07-27 20:26 . 2009-07-27 20:28 -------- d-----w- c:\windows\system32\XPSViewer 2009-07-27 20:26 . 2009-07-27 20:26 -------- d-----w- c:\program files\Reference Assemblies 2009-07-27 20:26 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll 2009-07-20 16:36 . 2009-07-20 16:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Recherche_France 2009-07-20 16:36 . 2009-07-20 16:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-07-14 16:26 . 2009-07-15 21:36 -------- d-----w- c:\documents and settings\sam\Application Data\Apple Computer 2009-07-14 16:25 . 2009-07-14 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-14 16:25 . 2009-07-14 16:25 -------- d-----w- c:\program files\Bonjour 2009-07-14 16:24 . 2009-07-15 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-07-14 16:24 . 2009-07-14 16:24 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Apple 2009-07-14 16:24 . 2009-07-14 16:24 -------- d-----w- c:\program files\Apple Software Update 2009-07-14 16:24 . 2009-06-05 09:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-14 16:24 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-07-14 16:24 . 2009-07-15 21:58 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-07-14 16:24 . 2009-07-14 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-07-14 16:23 . 2009-07-14 16:26 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Apple Computer 2009-07-14 16:08 . 2001-08-23 15:47 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-07-14 16:08 . 2008-04-14 02:33 159232 ----a-w- c:\windows\system32\ptpusd.dll 2009-07-11 10:47 . 2009-07-11 10:52 -------- d-----w- c:\program files\eMule 2009-07-11 10:43 . 2009-07-11 10:48 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Recherche_France 2009-07-11 10:43 . 2009-07-11 10:44 -------- d-----w- c:\program files\Recherche_France 2009-07-11 10:43 . 2009-07-11 10:43 -------- d-----w- c:\program files\Conduit 2009-07-11 10:43 . 2009-07-11 10:43 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Conduit . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-07 12:43 . 2008-10-08 10:19 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2009-08-07 12:43 . 2008-12-10 18:28 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2009-08-06 18:38 . 2007-01-11 02:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-06 11:44 . 2008-11-30 23:02 172 ----a-w- c:\documents and settings\sam\Application Data\wklnhst.dat 2009-08-05 22:21 . 2008-10-08 12:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-08-05 21:48 . 2005-09-01 05:53 619296 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-03 12:06 . 2009-04-13 11:56 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-28 15:02 . 2007-01-11 02:22 50704 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-27 20:27 . 2005-09-01 05:53 94570 ----a-w- c:\windows\system32\perfc00C.dat 2009-07-27 20:27 . 2005-09-01 05:53 534790 ----a-w- c:\windows\system32\perfh00C.dat 2009-07-11 08:51 . 2007-01-11 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-07-10 16:37 . 2007-01-11 02:18 -------- d-----w- c:\program files\McAfee 2009-07-03 16:57 . 2005-09-01 05:53 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-16 14:40 . 2005-09-01 05:53 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2005-09-01 05:53 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-12 15:28 . 2008-10-20 17:18 -------- d-----w- c:\program files\Windows Desktop Search 2009-06-11 21:40 . 2007-01-11 02:14 -------- d-----w- c:\program files\Microsoft Works 2009-06-03 19:10 . 2005-09-01 05:53 1297408 ----a-w- c:\windows\system32\quartz.dll 2009-05-24 22:24 . 2008-05-26 20:18 350208 ------w- c:\windows\system32\mssph.dll . ------- Sigcheck ------- [-] 2004-08-10 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtServicePackUninstall$\ntfs.sys [7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2009-08-05 21:48 619296 853A7E6041089D58F8368D2F43B57880 c:\windows\system32\dllcache\ntfs.sys [-] 2009-08-05 21:48 619296 853A7E6041089D58F8368D2F43B57880 c:\windows\system32\drivers\ntfs.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776] "MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528] "Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2005-12-12 143360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-11 68856] "SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-09-24 206064] "SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2005-06-17 126976] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864] "Fnac"="c:\program files\Fnac\Fnac.exe" [2009-02-26 933984] "MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2006-06-29 1355042] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-12-20 28160] c:\documents and settings\sam\Menu D‚marrer\Programmes\D‚marrage\ Logitech . Enregistrement du produit.lnk - c:\program files\Logitech\QuickCam\eReg.exe [2008-11-7 517384] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2006-04-27 10:30 53248 ----a-w- c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWlgn.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKLM\~\startupfolder\c:^documents and settings^all users^menu démarrer^programmes^démarrage^windows search.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe"= "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowRedirect"= 1 (0x1) R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [20/10/2008 20:53 206096] S1 443da05d;443da05d;c:\windows\system32\drivers\443da05d.sys --> c:\windows\system32\drivers\443da05d.sys [?] S3 SaiH040C;SaiH040C;c:\windows\system32\drivers\SaiH040C.sys [20/10/2008 13:13 173568] S3 SaiU040C;SaiU040C;c:\windows\system32\drivers\SaiU040C.sys [20/10/2008 13:14 26496] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-07-14 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-20 09:53] 2009-07-31 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-20 09:53] 2009-08-07 c:\windows\Tasks\User_Feed_Synchronization-{5BACF148-8408-4BB3-88B4-4E1A9E73E6A6}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . - - - - ORPHANS REMOVED - - - - WebBrowser-{D5B75883-E809-4120-BFEB-8D707D5DFBE3} - (no file) HKLM-Run-Logitech BT Wizard - LBTWiz.exe
  6. samix31
    voila g suivi tes instructions en se ki concerne mbam il a trouvé un fichier infecté mais au bout d une demie le pc bug page bleu voila le message derreur stop: ox oooooo7E ( 0xc0000005 , 0x804f190a , 0xba503c84 , 0xba503980) J ai donc refait un annalyse est je l ai arreter apres la detection afin d avoir un rapport meme si il est incomplet que .J aieffectuer les autre manip avec succes voici les rapports ------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:13:06, on 06/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\SetPoint\LBTWiz.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Creative\VoiceCenter\AndreaVC.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\DOCUME~1\sam\LOCALS~1\Temp\clclean.0001 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Creative\MediaSource5\MtdAcqu.exe C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\dllhost.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\SearchProtocolHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6070111 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navcli...fr&ie=UTF-8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6070111 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" O4 - HKLM\..\Run: [Fnac] "C:\Program Files\Fnac\Fnac.exe" /check O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SYS O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-313e25559dc461ea.spaces.live.co...ad/MsnPUpld.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- End of file - 14314 bytes -------------------------------------------------------------------------------------------------------------- Version de la base de données: 2571 Windows 5.1.2600 Service Pack 3 06/08/2009 20:58:29 mbam-log-2009-08-06 (20-58-29).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 57251 Temps écoulé: 13 minute(s), 54 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\sam\Menu Démarrer\Programmes\Démarrage\ikowin32.exe (Trojan.Agent) -> Quarantined and deleted successfully. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ en se qui concerne le fichier C:\WINDOWS\system32\services.exe il est toujour infecter a se niveau McAfee-GW-Edition 6.8.5 2009.08.06 Heuristic.BehavesLike.Win32.Spyware.H
  7. samix31
    bonjour a toutes et tous et un grand merci deja. Suite a des debordements de la memoire tampon et apres quelques recherches je me suis appercu que mon pc est infecté par un virus ou je ne sais quelle vilaine bebete. Mise a part le débordement de la memeoir tampon bloquer par mac fee une certaine lenteur au demarage et quelques petits desagréments pendant la navigation ma machine fonctionne bien ( pour combien de temps) J AI PU CONSTATER EGALEMENT QUE MON ANTI VIRUS A JOUR AVEZ TENDANCE A M ouvrir des pages blanches dur pour avoir des infos .... En me basant sur votre forum j ai effectué quelques manips pour un peu avancer le boulot..donc voici les resultats d analyse de HijackThis v2.0.2. et le scan du fichier C:\WINDOWS\system32\services.exe par virus total. j ai aussi fait un scan par Malwarebytes' Anti-Malware celui ci detect une infection mais au bout d une demie heur j ai droit a une page bleu j ai essayer trois fois donc pas de resultats. j aimerai savoir comment eradiker le ou les intrus si c est possible et savoir d ou sa vien merci a tous ------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:14:58, on 06/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\SetPoint\LBTWiz.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Creative\VoiceCenter\AndreaVC.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\DOCUME~1\sam\LOCALS~1\Temp\clclean.0001 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\WINDOWS\system32\ms18_word.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Creative\MediaSource5\MtdAcqu.exe C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe C:\Documents and Settings\sam\ms18_word.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\SetPoint\SetPoint.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6070111 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navcli...fr&ie=UTF-8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6070111 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: Recherche France Toolbar - {d5b75883-e809-4120-bfeb-8d707d5dfbe3} - C:\Program Files\Recherche_France\tbRec1.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Recherche France Toolbar - {d5b75883-e809-4120-bfeb-8d707d5dfbe3} - C:\Program Files\Recherche_France\tbRec1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Recherche France Toolbar - {d5b75883-e809-4120-bfeb-8d707d5dfbe3} - C:\Program Files\Recherche_France\tbRec1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" O4 - HKLM\..\Run: [Fnac] "C:\Program Files\Fnac\Fnac.exe" /check O4 - HKLM\..\Run: [ms18_word] C:\WINDOWS\system32\ms18_word.exe O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SYS O4 - HKCU\..\Run: [ms18_word] C:\Documents and Settings\sam\ms18_word.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ikowin32.exe O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: SetPoint.lnk = ? O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-313e25559dc461ea.spaces.live.co...ad/MsnPUpld.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- End of file - 17030 bytes -------------------------------------------------------------------------------------------------------------------------- C:\WINDOWS\system32\services.exe scanner par virus total Fichier services.exe reçu le 2009.08.06 14:26:14 (UTC)Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.08.06 - AhnLab-V3 5.0.0.2 2009.08.06 - AntiVir 7.9.0.240 2009.08.06 - Antiy-AVL 2.0.3.7 2009.08.05 - Authentium 5.1.2.4 2009.08.06 - Avast 4.8.1335.0 2009.08.06 - AVG 8.5.0.406 2009.08.06 - BitDefender 7.2 2009.08.06 - CAT-QuickHeal 10.00 2009.08.06 - ClamAV 0.94.1 2009.08.06 - Comodo 1887 2009.08.06 - DrWeb 5.0.0.12182 2009.08.06 - eSafe 7.0.17.0 2009.08.05 - eTrust-Vet 31.6.6662 2009.08.06 - F-Prot 4.4.4.56 2009.08.06 - F-Secure 8.0.14470.0 2009.08.06 - Fortinet 3.120.0.0 2009.08.06 - GData 19 2009.08.06 - Ikarus T3.1.1.64.0 2009.08.06 - Jiangmin 11.0.800 2009.08.06 - K7AntiVirus 7.10.811 2009.08.05 - Kaspersky 7.0.0.125 2009.08.06 - McAfee 5699 2009.08.05 - McAfee+Artemis 5699 2009.08.05 - McAfee-GW-Edition 6.8.5 2009.08.06 Heuristic.BehavesLike.Win32.Spyware.H Microsoft 1.4903 2009.08.06 - NOD32 4312 2009.08.06 - Norman 6.01.09 2009.08.06 - nProtect 2009.1.8.0 2009.08.06 - Panda 10.0.0.14 2009.08.05 - PCTools 4.4.2.0 2009.08.06 - Prevx 3.0 2009.08.06 - Rising 21.41.34.00 2009.08.06 - Sophos 4.44.0 2009.08.06 - Sunbelt 3.2.1858.2 2009.08.06 - Symantec 1.4.4.12 2009.08.06 - TheHacker 6.3.4.3.377 2009.08.05 - TrendMicro 8.950.0.1094 2009.08.06 - VBA32 3.12.10.9 2009.08.06 - ViRobot 2009.8.6.1871 2009.08.06 - VirusBuster 4.6.5.0 2009.08.05 - Information additionnelle File size: 111104 bytes MD5 : c3fb1d70cb88722267949694ba51759e SHA1 : 1fce6e1efcb22463fe985ed44291650209ce4317 SHA256: 8cd60f76a91502a718e5371d4e94bf21eca59f50307c783c27e316891504172d PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xBF63<BR>timedatestamp.....: 0x498C1AC8 (Fri Feb 6 12:11:04 2009)<BR>machinetype.......: 0x14C (Intel I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x196A5 0x19800 6.23 bf32e1a6f4363e9fffea31d970bdebf2<BR>.data 0x1B000 0xA38 0xC00 1.78 817a9a6979796d656eb64e994df5db0a<BR>.rsrc 0x1C000 0x8B8 0xA00 3.79 7310e6c804f12fe752acf0f9d8f019fc<BR><BR>( 10 imports )<BR><BR>> advapi32.dll: AllocateLocallyUniqueId, RegOpenKeyW, ConvertSidToStringSidW, AllocateAndInitializeSid, FreeSid, LogonUserExW, LsaStorePrivateData, LsaLookupNames, AddAccessAllowedAce, SetTokenInformation, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, SetServiceStatus, SystemFunction029, SystemFunction005, CheckTokenMembership, LsaQueryInformationPolicy, OpenThreadToken, RegNotifyChangeKeyValue, InitializeSecurityDescriptor, SetSecurityDescriptorOwner, GetSecurityDescriptorDacl, GetLengthSid, CopySid, InitializeAcl, AddAce, SetSecurityDescriptorDacl, LsaOpenPolicy, LsaLookupSids, LsaFreeMemory, LsaClose, GetTokenInformation, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, InitiateSystemShutdownW, RevertToSelf, CreateProcessAsUserW, ImpersonateLoggedOnUser<BR>> kernel32.dll: GetCurrentThread, CreateMutexW, ReleaseMutex, ExitThread, FormatMessageW, lstrcmpiW, SetProcessShutdownParameters, DelayLoadFailureHook, RaiseException, GetExitCodeThread, SetConsoleCtrlHandler, SetErrorMode, SetUnhandledExceptionFilter, LoadLibraryA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcess, UnhandledExceptionFilter, GetModuleHandleA, OpenEventW, LocalAlloc, LocalFree, Sleep, LeaveCriticalSection, EnterCriticalSection, SetLastError, CloseHandle, CreateThread, GetLastError, CreateProcessW, ExpandEnvironmentStringsW, InitializeCriticalSection, HeapAlloc, HeapFree, TerminateProcess, WaitForSingleObject, HeapCreate, FreeLibrary, GetProcAddress, GetModuleHandleExW, InterlockedCompareExchange, CreateNamedPipeW, ReadFile, CancelIo, GetOverlappedResult, WaitForMultipleObjects, ConnectNamedPipe, TransactNamedPipe, WriteFile, GetTickCount, GetSystemTimeAsFileTime, GetModuleHandleW, GetComputerNameW, CreateEventW, SetEvent, ResetEvent, DeviceIoControl, CreateFileW, ResumeThread, GetCurrentProcessId, LoadLibraryW, GetDriveTypeW<BR>> msvcrt.dll: _itow, wcsrchr, time, _except_handler3, memmove, wcschr, _c_exit, _exit, wcsncmp, _XcptFilter, _cexit, exit, _wcsnicmp, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, _wtol, wcscpy, wcscat, wcsncpy, _wcsicmp, __initenv, wcslen, wcscspn, _ultow<BR>> ncobjapi.dll: WmiCreateObjectWithFormat, WmiEventSourceConnect, WmiSetAndCommitObject<BR>> ntdll.dll: RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, NtCreateKey, NtQueryValueKey, NtSetValueKey, NtDeleteValueKey, NtEnumerateKey, NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, NtDeleteKey, RtlSetControlSecurityDescriptor, RtlValidSecurityDescriptor, RtlLengthSecurityDescriptor, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtAccessCheckAndAuditAlarm, NtSetInformationThread, NtAdjustPrivilegesToken, NtDuplicateToken, NtOpenProcessToken, RtlSetDaclSecurityDescriptor, RtlQuerySecurityObject, RtlSetSecurityObject, RtlValidRelativeSecurityDescriptor, RtlMapGenericMask, RtlCopyUnicodeString, NtSetInformationFile, NtQueryInformationFile, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, NtWaitForSingleObject, NtQueryDirectoryFile, NtDeleteFile, NtSetInformationProcess, RtlUnhandledExceptionFilter, NtSetEvent, RtlGetAce, RtlQueryInformationAcl, RtlGetDaclSecurityDescriptor, RtlAllocateHeap, RtlConvertSharedToExclusive, RtlConvertExclusiveToShared, RtlRegisterWait, RtlGetNtProductType, RtlEqualUnicodeString, RtlLengthSid, RtlCopySid, NtOpenDirectoryObject, NtQueryDirectoryObject, RtlUnicodeStringToAnsiString, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlNewSecurityObject, RtlAddAce, RtlSetOwnerSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSubAuthorityCountSid, RtlCompareUnicodeString, NtLoadDriver, NtUnloadDriver, RtlExpandEnvironmentStrings_U, RtlAdjustPrivilege, NtFlushKey, NtOpenFile, RtlDosPathNameToNtPathName_U, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlFreeUnicodeString, RtlAreAllAccessesGranted, NtDeleteObjectAuditAlarm, NtCloseObjectAuditAlarm, RtlQueueWorkItem, RtlCopyLuid, RtlDeregisterWait, RtlReleaseResource, RtlAcquireResourceExclusive, RtlAcquireResourceShared, RtlInitializeResource, RtlDeleteSecurityObject, RtlLockBootStatusData, RtlGetSetBootStatusData, RtlUnlockBootStatusData, NtInitializeRegistry, NtQueryKey, NtClose, RtlInitUnicodeString, NtSetSystemEnvironmentValue, RtlNtStatusToDosError, NtShutdownSystem, NtQueryInformationToken, RtlMakeSelfRelativeSD, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtSetSecurityObject<BR>> rpcrt4.dll: RpcServerRegisterAuthInfoW, RpcBindingFree, RpcEpResolveBinding, RpcBindingFromStringBindingW, RpcStringBindingComposeW, NdrClientCall2, RpcAsyncCompleteCall, RpcAsyncInitializeHandle, NdrAsyncServerCall, RpcServerListen, RpcMgmtStopServerListening, RpcMgmtWaitServerListen, RpcServerUnregisterIf, NdrAsyncClientCall, NdrServerCall2, I_RpcBindingIsClientLocal, RpcRevertToSelf, I_RpcMapWin32Status, RpcImpersonateClient, RpcStringBindingParseW, RpcStringFreeW, RpcBindingToStringBindingW, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcServerRegisterIf<BR>> scesrv.dll: ScesrvInitializeServer, ScesrvTerminateServer<BR>> umpnpmgr.dll: RegisterScmCallback, PNP_SetActiveService, PNP_GetDeviceRegProp, PNP_GetDeviceListSize, PNP_GetDeviceList, PNP_HwProfFlags, RegisterServiceNotification, DeleteServicePlugPlayRegKeys<BR>> user32.dll: LoadStringW, wsprintfW, BroadcastSystemMessageW, MessageBoxW, RegisterServicesProcess<BR>> userenv.dll: UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW, DestroyEnvironmentBlock<BR><BR>( 0 exports )<BR> TrID : File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) ssdeep: 1536:H3j12id0hKy+k1DQ+7Gpj3r4M7TGfwG1K9IJvydlnk4pCxvth:H3G1DQgGpj3Cf1K9IBydlk+cv th PEiD : - RDS : NSRL Reference Data Set<BR>-
  8. samix31
    bonjour a tous suite a des debordements reguliers de la memoire tampon provoquer par le fichier C:\WINDOWS\system32\services.exe . ( debordement bloquer par mc fee 2009) .je pense etre infecter par une vilaine bestiole qui se cache tres bien.j ai donc effectué une analyse par Malwarebytes' Anti-Malware version 2567.il me detecte une infection mais au bout d une mi heur d analyse le pc fait une page bleu systemeikement don pas de resultat. de plus j ai fais analyse le fichier coorumpu soit C:\WINDOWS\system32\services.exe par virus total qui detect se ci: McAfee-GW-Edition 6.8.5 2009.08.06 Heuristic.BehavesLike.Win32.Spyware.H voici le resultat complet Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.08.06 - AhnLab-V3 5.0.0.2 2009.08.06 - AntiVir 7.9.0.240 2009.08.06 - Antiy-AVL 2.0.3.7 2009.08.05 - Authentium 5.1.2.4 2009.08.06 - Avast 4.8.1335.0 2009.08.06 - AVG 8.5.0.406 2009.08.06 - BitDefender 7.2 2009.08.06 - CAT-QuickHeal 10.00 2009.08.06 - ClamAV 0.94.1 2009.08.06 - Comodo 1887 2009.08.06 - DrWeb 5.0.0.12182 2009.08.06 - eSafe 7.0.17.0 2009.08.05 - eTrust-Vet 31.6.6662 2009.08.06 - F-Prot 4.4.4.56 2009.08.06 - F-Secure 8.0.14470.0 2009.08.06 - Fortinet 3.120.0.0 2009.08.06 - GData 19 2009.08.06 - Ikarus T3.1.1.64.0 2009.08.06 - Jiangmin 11.0.800 2009.08.06 - K7AntiVirus 7.10.811 2009.08.05 - Kaspersky 7.0.0.125 2009.08.06 - McAfee 5699 2009.08.05 - McAfee+Artemis 5699 2009.08.05 - McAfee-GW-Edition 6.8.5 2009.08.06 Heuristic.BehavesLike.Win32.Spyware.H Microsoft 1.4903 2009.08.06 - NOD32 4312 2009.08.06 - Norman 6.01.09 2009.08.06 - nProtect 2009.1.8.0 2009.08.06 - Panda 10.0.0.14 2009.08.05 - PCTools 4.4.2.0 2009.08.06 - Prevx 3.0 2009.08.06 - Rising 21.41.34.00 2009.08.06 - Sophos 4.44.0 2009.08.06 - Sunbelt 3.2.1858.2 2009.08.06 - Symantec 1.4.4.12 2009.08.06 - TheHacker 6.3.4.3.377 2009.08.05 - TrendMicro 8.950.0.1094 2009.08.06 - VBA32 3.12.10.9 2009.08.06 - ViRobot 2009.8.6.1871 2009.08.06 - VirusBuster 4.6.5.0 2009.08.05 - Information additionnelle File size: 111104 bytes MD5...: c3fb1d70cb88722267949694ba51759e SHA1..: 1fce6e1efcb22463fe985ed44291650209ce4317 SHA256: 8cd60f76a91502a718e5371d4e94bf21eca59f50307c783c27e316891504172d ssdeep: 1536:H3j12id0hKy+k1DQ+7Gpj3r4M7TGfwG1K9IJvydlnk4pCxvth:H3G1DQgGp<BR>j3Cf1K9IBydlk+cvth<BR> PEiD..: - TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xbf63<BR>timedatestamp.....: 0x498c1ac8 (Fri Feb 06 11:11:04 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x196a5 0x19800 6.23 bf32e1a6f4363e9fffea31d970bdebf2<BR>.data 0x1b000 0xa38 0xc00 1.78 817a9a6979796d656eb64e994df5db0a<BR>.rsrc 0x1c000 0x8b8 0xa00 3.79 7310e6c804f12fe752acf0f9d8f019fc<BR><BR>( 10 imports ) <BR>> ADVAPI32.dll: AllocateLocallyUniqueId, RegOpenKeyW, ConvertSidToStringSidW, AllocateAndInitializeSid, FreeSid, LogonUserExW, LsaStorePrivateData, LsaLookupNames, AddAccessAllowedAce, SetTokenInformation, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, SetServiceStatus, SystemFunction029, SystemFunction005, CheckTokenMembership, LsaQueryInformationPolicy, OpenThreadToken, RegNotifyChangeKeyValue, InitializeSecurityDescriptor, SetSecurityDescriptorOwner, GetSecurityDescriptorDacl, GetLengthSid, CopySid, InitializeAcl, AddAce, SetSecurityDescriptorDacl, LsaOpenPolicy, LsaLookupSids, LsaFreeMemory, LsaClose, GetTokenInformation, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, InitiateSystemShutdownW, RevertToSelf, CreateProcessAsUserW, ImpersonateLoggedOnUser<BR>> KERNEL32.dll: GetCurrentThread, CreateMutexW, ReleaseMutex, ExitThread, FormatMessageW, lstrcmpiW, SetProcessShutdownParameters, DelayLoadFailureHook, RaiseException, GetExitCodeThread, SetConsoleCtrlHandler, SetErrorMode, SetUnhandledExceptionFilter, LoadLibraryA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcess, UnhandledExceptionFilter, GetModuleHandleA, OpenEventW, LocalAlloc, LocalFree, Sleep, LeaveCriticalSection, EnterCriticalSection, SetLastError, CloseHandle, CreateThread, GetLastError, CreateProcessW, ExpandEnvironmentStringsW, InitializeCriticalSection, HeapAlloc, HeapFree, TerminateProcess, WaitForSingleObject, HeapCreate, FreeLibrary, GetProcAddress, GetModuleHandleExW, InterlockedCompareExchange, CreateNamedPipeW, ReadFile, CancelIo, GetOverlappedResult, WaitForMultipleObjects, ConnectNamedPipe, TransactNamedPipe, WriteFile, GetTickCount, GetSystemTimeAsFileTime, GetModuleHandleW, GetComputerNameW, CreateEventW, SetEvent, ResetEvent, DeviceIoControl, CreateFileW, ResumeThread, GetCurrentProcessId, LoadLibraryW, GetDriveTypeW<BR>> msvcrt.dll: _itow, wcsrchr, time, _except_handler3, memmove, wcschr, _c_exit, _exit, wcsncmp, _XcptFilter, _cexit, exit, _wcsnicmp, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, _wtol, wcscpy, wcscat, wcsncpy, _wcsicmp, __initenv, wcslen, wcscspn, _ultow<BR>> NCObjAPI.DLL: WmiCreateObjectWithFormat, WmiEventSourceConnect, WmiSetAndCommitObject<BR>> ntdll.dll: RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, NtCreateKey, NtQueryValueKey, NtSetValueKey, NtDeleteValueKey, NtEnumerateKey, NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, NtDeleteKey, RtlSetControlSecurityDescriptor, RtlValidSecurityDescriptor, RtlLengthSecurityDescriptor, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtAccessCheckAndAuditAlarm, NtSetInformationThread, NtAdjustPrivilegesToken, NtDuplicateToken, NtOpenProcessToken, RtlSetDaclSecurityDescriptor, RtlQuerySecurityObject, RtlSetSecurityObject, RtlValidRelativeSecurityDescriptor, RtlMapGenericMask, RtlCopyUnicodeString, NtSetInformationFile, NtQueryInformationFile, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, NtWaitForSingleObject, NtQueryDirectoryFile, NtDeleteFile, NtSetInformationProcess, RtlUnhandledExceptionFilter, NtSetEvent, RtlGetAce, RtlQueryInformationAcl, RtlGetDaclSecurityDescriptor, RtlAllocateHeap, RtlConvertSharedToExclusive, RtlConvertExclusiveToShared, RtlRegisterWait, RtlGetNtProductType, RtlEqualUnicodeString, RtlLengthSid, RtlCopySid, NtOpenDirectoryObject, NtQueryDirectoryObject, RtlUnicodeStringToAnsiString, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlNewSecurityObject, RtlAddAce, RtlSetOwnerSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSubAuthorityCountSid, RtlCompareUnicodeString, NtLoadDriver, NtUnloadDriver, RtlExpandEnvironmentStrings_U, RtlAdjustPrivilege, NtFlushKey, NtOpenFile, RtlDosPathNameToNtPathName_U, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlFreeUnicodeString, RtlAreAllAccessesGranted, NtDeleteObjectAuditAlarm, NtCloseObjectAuditAlarm, RtlQueueWorkItem, RtlCopyLuid, RtlDeregisterWait, RtlReleaseResource, RtlAcquireResourceExclusive, RtlAcquireResourceShared, RtlInitializeResource, RtlDeleteSecurityObject, RtlLockBootStatusData, RtlGetSetBootStatusData, RtlUnlockBootStatusData, NtInitializeRegistry, NtQueryKey, NtClose, RtlInitUnicodeString, NtSetSystemEnvironmentValue, RtlNtStatusToDosError, NtShutdownSystem, NtQueryInformationToken, RtlMakeSelfRelativeSD, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtSetSecurityObject<BR>> RPCRT4.dll: RpcServerRegisterAuthInfoW, RpcBindingFree, RpcEpResolveBinding, RpcBindingFromStringBindingW, RpcStringBindingComposeW, NdrClientCall2, RpcAsyncCompleteCall, RpcAsyncInitializeHandle, NdrAsyncServerCall, RpcServerListen, RpcMgmtStopServerListening, RpcMgmtWaitServerListen, RpcServerUnregisterIf, NdrAsyncClientCall, NdrServerCall2, I_RpcBindingIsClientLocal, RpcRevertToSelf, I_RpcMapWin32Status, RpcImpersonateClient, RpcStringBindingParseW, RpcStringFreeW, RpcBindingToStringBindingW, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcServerRegisterIf<BR>> SCESRV.dll: ScesrvInitializeServer, ScesrvTerminateServer<BR>> umpnpmgr.dll: RegisterScmCallback, PNP_SetActiveService, PNP_GetDeviceRegProp, PNP_GetDeviceListSize, PNP_GetDeviceList, PNP_HwProfFlags, RegisterServiceNotification, DeleteServicePlugPlayRegKeys<BR>> USER32.dll: LoadStringW, wsprintfW, BroadcastSystemMessageW, MessageBoxW, RegisterServicesProcess<BR>> USERENV.dll: UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW, DestroyEnvironmentBlock<BR><BR>( 0 exports ) <BR> PDFiD.: - RDS...: NSRL Reference Data Set<BR>- voici aussi le resultat de l annaliyse de Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:14:58, on 06/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\SetPoint\LBTWiz.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Creative\VoiceCenter\AndreaVC.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\DOCUME~1\sam\LOCALS~1\Temp\clclean.0001 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\WINDOWS\system32\ms18_word.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Creative\MediaSource5\MtdAcqu.exe C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe C:\Documents and Settings\sam\ms18_word.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\SetPoint\SetPoint.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6070111 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navcli...fr&ie=UTF-8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6070111 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: Recherche France Toolbar - {d5b75883-e809-4120-bfeb-8d707d5dfbe3} - C:\Program Files\Recherche_France\tbRec1.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Recherche France Toolbar - {d5b75883-e809-4120-bfeb-8d707d5dfbe3} - C:\Program Files\Recherche_France\tbRec1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Recherche France Toolbar - {d5b75883-e809-4120-bfeb-8d707d5dfbe3} - C:\Program Files\Recherche_France\tbRec1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" O4 - HKLM\..\Run: [Fnac] "C:\Program Files\Fnac\Fnac.exe" /check O4 - HKLM\..\Run: [ms18_word] C:\WINDOWS\system32\ms18_word.exe O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SYS O4 - HKCU\..\Run: [ms18_word] C:\Documents and Settings\sam\ms18_word.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ikowin32.exe O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: SetPoint.lnk = ? O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-313e25559dc461ea.spaces.live.co...ad/MsnPUpld.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- End of file - 17030 bytes pouvez vous m aider a detruie la vermine et me dire dou j ai etre infectée afin de plus recommencer merci beaucoup.deplus j ai remarquer que mac fee avais tendance a ouvrir des fenetre blance merci a tous
×
×
  • Créer...